{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:0f3e2680-16e2-4067-ab5d-037628359984",
  "version": 1,
  "metadata": {
    "timestamp": "2026-06-10T00:30:40+00:00",
    "tools": {
      "components": [
        {
          "type": "application",
          "manufacturer": {
            "name": "Aqua Security Software Ltd."
          },
          "group": "aquasecurity",
          "name": "trivy",
          "version": "0.69.3"
        }
      ]
    },
    "component": {
      "bom-ref": "pkg:oci/cp-zookeeper@sha256%3A8fdd6389d0edb04027d4eb22916f0572d06b9bbe67c062b1281566812ef35b97?arch=amd64&repository_url=519856050701.dkr.ecr.us-west-2.amazonaws.com%2Fdocker%2Fprod%2Fconfluentinc%2Fcp-zookeeper",
      "type": "container",
      "supplier": {
        "name": "Confluent"
      },
      "name": "cp-zookeeper",
      "version": "7.7.9",
      "purl": "pkg:oci/cp-zookeeper@sha256%3A8fdd6389d0edb04027d4eb22916f0572d06b9bbe67c062b1281566812ef35b97?arch=amd64&repository_url=519856050701.dkr.ecr.us-west-2.amazonaws.com%2Fdocker%2Fprod%2Fconfluentinc%2Fcp-zookeeper",
      "properties": [
        {
          "name": "aquasecurity:trivy:DiffID",
          "value": "sha256:04b54b771717608eb62a902ddb50b76f1948b20b21a644e666f76015fbbacd01"
        },
        {
          "name": "aquasecurity:trivy:DiffID",
          "value": "sha256:1a5841e366b5eae778e3c0ba89fc7161380d9aec491d7bb06490c1d9c4016b63"
        },
        {
          "name": "aquasecurity:trivy:DiffID",
          "value": "sha256:393dad97e453b8670151b6bc190e45de98d6880e994fa1d66088e6555872fe60"
        },
        {
          "name": "aquasecurity:trivy:DiffID",
          "value": "sha256:3c0d1ccd478406c0fd15d7194f21c99968745e4c73d320fbcb395c51e15dd13d"
        },
        {
          "name": "aquasecurity:trivy:DiffID",
          "value": "sha256:5b060a67444bcb4158f1cf668f24b98394a2a945e806af4afdcdcaaccf2cc3a8"
        },
        {
          "name": "aquasecurity:trivy:DiffID",
          "value": "sha256:7b346848880ca1bb7154b271bbc7390f425ef9bf0f159d159a2817677791b1ff"
        },
        {
          "name": "aquasecurity:trivy:DiffID",
          "value": "sha256:8b75fc7ac354a9dc62a24380cb0245e17fc49ff7879f434dde69d6cd53dc6da4"
        },
        {
          "name": "aquasecurity:trivy:DiffID",
          "value": "sha256:8bd8996c6bd6e644a7be9a0fdd44382dae9fd8e976ef19b9286fd324abacf671"
        },
        {
          "name": "aquasecurity:trivy:DiffID",
          "value": "sha256:aee8f64bc8fd811574b2e22453fc79949513d397b2b655e09b90603e988f28ac"
        },
        {
          "name": "aquasecurity:trivy:DiffID",
          "value": "sha256:b2cb90f4be0c4e624a8d213f1b9f3e5ca6f5ac467a9f971c3c36d37326aa35a5"
        },
        {
          "name": "aquasecurity:trivy:DiffID",
          "value": "sha256:b52f5f95adcce7b0e8164dd2752b790035a7fe527ab3e4d5a2567191a0b3fc98"
        },
        {
          "name": "aquasecurity:trivy:DiffID",
          "value": "sha256:c79afeff7d4a82a5d13dfeb5cd0912bc48ba32295fd1b4c0d6209a8b6f1a861b"
        },
        {
          "name": "aquasecurity:trivy:DiffID",
          "value": "sha256:e84acd0b76d92e642b952d6c97ff6874708a94fd1e9a6878edebcd5e99b791a0"
        },
        {
          "name": "aquasecurity:trivy:ImageID",
          "value": "sha256:56a1d5fe18ac1e3809072b589152546d3d40cfd06d86aeba0380819de1b09b3e"
        },
        {
          "name": "aquasecurity:trivy:Labels:architecture",
          "value": "x86_64"
        },
        {
          "name": "aquasecurity:trivy:Labels:build-date",
          "value": "2026-05-06T12:54:39Z"
        },
        {
          "name": "aquasecurity:trivy:Labels:com.redhat.component",
          "value": "ubi8-minimal-container"
        },
        {
          "name": "aquasecurity:trivy:Labels:com.redhat.license_terms",
          "value": "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI"
        },
        {
          "name": "aquasecurity:trivy:Labels:cpe",
          "value": "cpe:/a:redhat:enterprise_linux:8::appstream"
        },
        {
          "name": "aquasecurity:trivy:Labels:description",
          "value": "ZooKeeper is a centralized service for maintaining configuration information, naming, providing distributed synchronization, and providing group services."
        },
        {
          "name": "aquasecurity:trivy:Labels:distribution-scope",
          "value": "public"
        },
        {
          "name": "aquasecurity:trivy:Labels:io.buildah.version",
          "value": "1.42.2"
        },
        {
          "name": "aquasecurity:trivy:Labels:io.confluent.docker",
          "value": "true"
        },
        {
          "name": "aquasecurity:trivy:Labels:io.confluent.docker.build.number",
          "value": "8f30ae14"
        },
        {
          "name": "aquasecurity:trivy:Labels:io.confluent.docker.git.id",
          "value": "41e9ba6"
        },
        {
          "name": "aquasecurity:trivy:Labels:io.confluent.docker.git.repo",
          "value": "confluentinc/kafka-images"
        },
        {
          "name": "aquasecurity:trivy:Labels:io.k8s.description",
          "value": "The Universal Base Image Minimal is a stripped down image that uses microdnf as a package manager. This base image is freely redistributable, but Red Hat only supports Red Hat technologies through subscriptions for Red Hat products. This image is maintained by Red Hat and updated regularly."
        },
        {
          "name": "aquasecurity:trivy:Labels:io.k8s.display-name",
          "value": "Red Hat Universal Base Image 8 Minimal"
        },
        {
          "name": "aquasecurity:trivy:Labels:io.openshift.tags",
          "value": "minimal rhel8"
        },
        {
          "name": "aquasecurity:trivy:Labels:maintainer",
          "value": "partner-support@confluent.io"
        },
        {
          "name": "aquasecurity:trivy:Labels:name",
          "value": "cp-zookeeper"
        },
        {
          "name": "aquasecurity:trivy:Labels:org.opencontainers.image.created",
          "value": "2026-05-06T12:54:39Z"
        },
        {
          "name": "aquasecurity:trivy:Labels:org.opencontainers.image.revision",
          "value": "96acc9b46c4dd3b5e14eb20482260cf863202c68"
        },
        {
          "name": "aquasecurity:trivy:Labels:release",
          "value": "7.7.9-22"
        },
        {
          "name": "aquasecurity:trivy:Labels:summary",
          "value": "ZooKeeper is a centralized service for maintaining configuration information, naming, providing distributed synchronization, and providing group services."
        },
        {
          "name": "aquasecurity:trivy:Labels:url",
          "value": "https://catalog.redhat.com/en/search?searchType=containers"
        },
        {
          "name": "aquasecurity:trivy:Labels:vcs-ref",
          "value": "96acc9b46c4dd3b5e14eb20482260cf863202c68"
        },
        {
          "name": "aquasecurity:trivy:Labels:vcs-type",
          "value": "git"
        },
        {
          "name": "aquasecurity:trivy:Labels:vendor",
          "value": "Confluent"
        },
        {
          "name": "aquasecurity:trivy:Labels:version",
          "value": "41e9ba6"
        },
        {
          "name": "aquasecurity:trivy:Reference",
          "value": "519856050701.dkr.ecr.us-west-2.amazonaws.com/docker/prod/confluentinc/cp-zookeeper:7.7.9-rc260508095844-latest-ubi8"
        },
        {
          "name": "aquasecurity:trivy:RepoDigest",
          "value": "519856050701.dkr.ecr.us-west-2.amazonaws.com/docker/prod/confluentinc/cp-zookeeper@sha256:8fdd6389d0edb04027d4eb22916f0572d06b9bbe67c062b1281566812ef35b97"
        },
        {
          "name": "aquasecurity:trivy:RepoTag",
          "value": "519856050701.dkr.ecr.us-west-2.amazonaws.com/docker/prod/confluentinc/cp-zookeeper:7.7.9-rc260508095844-latest-ubi8"
        },
        {
          "name": "aquasecurity:trivy:SchemaVersion",
          "value": "2"
        },
        {
          "name": "aquasecurity:trivy:Size",
          "value": "780585984"
        }
      ]
    }
  },
  "components": [],
  "dependencies": [],
  "vulnerabilities": [
    {
      "id": "CVE-2005-2541",
      "ratings": [
        {
          "source": {
            "name": "nvd"
          },
          "score": 10,
          "severity": "high",
          "method": "CVSSv2",
          "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 7,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"
        }
      ],
      "description": "Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2005-2541"
        },
        {
          "url": "http://marc.info/?l=bugtraq&m=112327628230258&w=2"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2005-2541"
        },
        {
          "url": "https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-2541"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2005-2541"
        }
      ],
      "published": "2005-08-10T04:00:00+00:00",
      "updated": "2026-04-16T00:27:16+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2",
          "versions": [
            {
              "version": "2:1.30-11.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": "Java Runtime that executes Confluent Platform does not invoke any binaries present in the container. That assures that the vulnerable code path in the affected application is not reachable."
      }
    },
    {
      "id": "CVE-2018-1000654",
      "ratings": [
        {
          "source": {
            "name": "nvd"
          },
          "score": 7.1,
          "severity": "high",
          "method": "CVSSv2",
          "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 5.5,
          "severity": "medium",
          "method": "CVSSv3",
          "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 4,
          "severity": "low",
          "method": "CVSSv3",
          "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "low"
        }
      ],
      "description": "GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2018-1000654"
        },
        {
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00009.html"
        },
        {
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html"
        },
        {
          "url": "http://www.securityfocus.com/bid/105151"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2018-1000654"
        },
        {
          "url": "https://gitlab.com/gnutls/libtasn1/issues/4"
        },
        {
          "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000654"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-5352-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000654"
        }
      ],
      "published": "2018-08-20T19:31:44+00:00",
      "updated": "2024-11-21T03:40:20+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "4.13-5.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": "Java Runtime that executes Confluent Platform\u00a0 is not linked against the vulnerable system library. That assures that the vulnerable code path in the affected library is not reachable."
      }
    },
    {
      "id": "CVE-2018-1000879",
      "ratings": [
        {
          "source": {
            "name": "nvd"
          },
          "score": 4.3,
          "severity": "medium",
          "method": "CVSSv2",
          "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 6.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 4.3,
          "severity": "low",
          "method": "CVSSv3",
          "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"
        }
      ],
      "cwes": [
        476
      ],
      "description": "libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2018-1000879"
        },
        {
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00055.html"
        },
        {
          "url": "http://www.securityfocus.com/bid/106324"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2018-1000879"
        },
        {
          "url": "https://bugs.launchpad.net/ubuntu/+source/libarchive/+bug/1794909"
        },
        {
          "url": "https://github.com/libarchive/libarchive/pull/1105"
        },
        {
          "url": "https://github.com/libarchive/libarchive/pull/1105/commits/15bf44fd2c1ad0e3fd87048b3fcc90c4dcff1175"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBOCC2M6YGPZA6US43YK4INPSJZZHRTG/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W645KCLWFDBDGFJHG57WOVXGE62QSIJI/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZVXA7PHINVT6DFF6PRLTDTVTXKDLVHNF/"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000879"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000879"
        }
      ],
      "published": "2018-12-20T17:29:01+00:00",
      "updated": "2024-11-21T03:40:34+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.3.3-7.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": "Java Runtime that executes Confluent Platform\u00a0 is not linked against the vulnerable system library. That assures that the vulnerable code path in the affected library is not reachable."
      }
    },
    {
      "id": "CVE-2018-1000880",
      "ratings": [
        {
          "source": {
            "name": "nvd"
          },
          "score": 4.3,
          "severity": "medium",
          "method": "CVSSv2",
          "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 6.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 4.3,
          "severity": "low",
          "method": "CVSSv3",
          "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "low"
        }
      ],
      "cwes": [
        119
      ],
      "description": "libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage from tiny file. This attack appear to be exploitable via the victim must open a specially crafted WARC file.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2018-1000880"
        },
        {
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00055.html"
        },
        {
          "url": "http://www.securityfocus.com/bid/106324"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2018-1000880"
        },
        {
          "url": "https://bugs.launchpad.net/ubuntu/+source/libarchive/+bug/1794909"
        },
        {
          "url": "https://github.com/libarchive/libarchive/pull/1105"
        },
        {
          "url": "https://github.com/libarchive/libarchive/pull/1105/commits/9c84b7426660c09c18cc349f6d70b5f8168b5680"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBOCC2M6YGPZA6US43YK4INPSJZZHRTG/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W645KCLWFDBDGFJHG57WOVXGE62QSIJI/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZVXA7PHINVT6DFF6PRLTDTVTXKDLVHNF/"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000880"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-3859-1"
        },
        {
          "url": "https://usn.ubuntu.com/3859-1/"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000880"
        },
        {
          "url": "https://www.debian.org/security/2018/dsa-4360"
        }
      ],
      "published": "2018-12-20T17:29:01+00:00",
      "updated": "2024-11-21T03:40:34+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.3.3-7.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": "Java Runtime that executes Confluent Platform\u00a0 is not linked against the vulnerable system library. That assures that the vulnerable code path in the affected library is not reachable."
      }
    },
    {
      "id": "CVE-2018-1121",
      "ratings": [
        {
          "source": {
            "name": "nvd"
          },
          "score": 4.3,
          "severity": "medium",
          "method": "CVSSv2",
          "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 5.9,
          "severity": "medium",
          "method": "CVSSv3",
          "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 3.9,
          "severity": "low",
          "method": "CVSSv3",
          "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "low"
        }
      ],
      "cwes": [
        367,
        362
      ],
      "description": "procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower PID, thus avoiding enumeration. An unprivileged attacker can hide a process from procps-ng's utilities by exploiting a race condition in reading /proc/PID entries. This vulnerability affects procps and procps-ng up to version 3.3.15, newer versions might be affected also.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2018-1121"
        },
        {
          "url": "http://seclists.org/oss-sec/2018/q2/122"
        },
        {
          "url": "http://www.securityfocus.com/bid/104214"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2018-1121"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1121"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1121"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-1121"
        },
        {
          "url": "https://www.exploit-db.com/exploits/44806/"
        },
        {
          "url": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt"
        }
      ],
      "published": "2018-06-13T20:29:00+00:00",
      "updated": "2024-11-21T03:59:13+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/procps-ng@3.3.15-14.el8?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.3.15-14.el8",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/procps-ng@3.3.15-14.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/procps-ng@3.3.15-14.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/procps-ng@3.3.15-14.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/procps-ng@3.3.15-14.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/procps-ng@3.3.15-14.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/procps-ng@3.3.15-14.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/procps-ng@3.3.15-14.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/procps-ng@3.3.15-14.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/procps-ng@3.3.15-14.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/procps-ng@3.3.15-14.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/procps-ng@3.3.15-14.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/procps-ng@3.3.15-14.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/procps-ng@3.3.15-14.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/procps-ng@3.3.15-14.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/procps-ng@3.3.15-14.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/procps-ng@3.3.15-14.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/procps-ng@3.3.15-14.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/procps-ng@3.3.15-14.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/procps-ng@3.3.15-14.el8?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": "Java Runtime that executes Confluent Platform does not invoke any binaries present in the container. That assures that the vulnerable code path in the affected application is not reachable."
      }
    },
    {
      "id": "CVE-2018-19211",
      "ratings": [
        {
          "source": {
            "name": "nvd"
          },
          "score": 4.3,
          "severity": "medium",
          "method": "CVSSv2",
          "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 5.5,
          "severity": "medium",
          "method": "CVSSv3",
          "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 4.7,
          "severity": "low",
          "method": "CVSSv3",
          "vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "low"
        }
      ],
      "cwes": [
        476
      ],
      "description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2018-19211"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2018-19211"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1643754"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19211"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-5477-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-19211"
        }
      ],
      "published": "2018-11-12T19:29:00+00:00",
      "updated": "2024-11-21T03:57:34+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10",
          "versions": [
            {
              "version": "6.1-10.20180224.el8",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "6.1-10.20180224.el8",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": "Java Runtime that executes Confluent Platform\u00a0 is not linked against the vulnerable system library. That assures that the vulnerable code path in the affected library is not reachable."
      }
    },
    {
      "id": "CVE-2018-20225",
      "ratings": [
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 6.8,
          "severity": "medium",
          "method": "CVSSv2",
          "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 7.8,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 7.8,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
        }
      ],
      "cwes": [
        20
      ],
      "description": "An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). NOTE: it has been reported that this is intended functionality and the user is responsible for using --extra-index-url securely",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2018-20225"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2018-20225"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1835736"
        },
        {
          "url": "https://cowlicks.website/posts/arbitrary-code-execution-from-pips-extra-index-url.html"
        },
        {
          "url": "https://lists.apache.org/thread.html/rb1adce798445facd032870d644eb39c4baaf9c4a7dd5477d12bb6ab2%40%3Cgithub.arrow.apache.org%3E"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20225"
        },
        {
          "url": "https://pip.pypa.io/en/stable/news/"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-20225"
        }
      ],
      "published": "2020-05-08T18:15:10+00:00",
      "updated": "2026-04-15T21:17:00+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10",
          "versions": [
            {
              "version": "9.0.3-24.el8",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10",
          "versions": [
            {
              "version": "9.0.3-24.el8",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": "Java Runtime that executes Confluent Platform does not invoke any binaries present in the container. That assures that the vulnerable code path in the affected application is not reachable. "
      }
    },
    {
      "id": "CVE-2018-20657",
      "ratings": [
        {
          "source": {
            "name": "nvd"
          },
          "score": 5,
          "severity": "medium",
          "method": "CVSSv2",
          "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv3",
          "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 3.3,
          "severity": "low",
          "method": "CVSSv3",
          "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "low"
        }
      ],
      "cwes": [
        772
      ],
      "description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2018-20657"
        },
        {
          "url": "http://www.securityfocus.com/bid/106444"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2019:3352"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2018-20657"
        },
        {
          "url": "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2018-20657.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2019-3352.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20657"
        },
        {
          "url": "https://support.f5.com/csp/article/K62602089"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-20657"
        }
      ],
      "published": "2019-01-02T14:29:00+00:00",
      "updated": "2024-11-21T04:01:56+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "8.5.0-28.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "8.5.0-28.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": "Java Runtime that executes Confluent Platform\u00a0 is not linked against the vulnerable system library. That assures that the vulnerable code path in the affected library is not reachable."
      }
    },
    {
      "id": "CVE-2018-20839",
      "ratings": [
        {
          "source": {
            "name": "nvd"
          },
          "score": 4.3,
          "severity": "medium",
          "method": "CVSSv2",
          "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 4.3,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 4.3,
          "severity": "medium",
          "method": "CVSSv3",
          "vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
        }
      ],
      "description": "systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2018-20839"
        },
        {
          "url": "http://www.securityfocus.com/bid/108389"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2018-20839"
        },
        {
          "url": "https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1803993"
        },
        {
          "url": "https://github.com/systemd/systemd/commit/9725f1a10f80f5e0ae7d9b60547458622aeb322f"
        },
        {
          "url": "https://github.com/systemd/systemd/pull/12378"
        },
        {
          "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20839"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20190530-0002/"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-20839"
        }
      ],
      "published": "2019-05-17T04:29:00+00:00",
      "updated": "2025-05-05T14:14:36+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "239-82.el8_10.16",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "239-82.el8_10.16",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "239-82.el8_10.16",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": "Java Runtime that executes Confluent Platform does not invoke any binaries present in the container. That assures that the vulnerable code path in the affected application is not reachable."
      }
    },
    {
      "id": "CVE-2018-25282",
      "ratings": [
        {
          "source": {
            "name": "redhat"
          },
          "score": 5.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
        }
      ],
      "cwes": [
        674
      ],
      "description": "Nmap 7.70 contains a denial of service vulnerability that allows local attackers to crash the application by processing malicious XML files with exponential entity expansion. Attackers can create a crafted XML file with nested entity definitions and open it through ZenMap's scan import functionality to cause the program to consume excessive system resources and crash.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2018-25282"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2018-25282"
        },
        {
          "url": "https://nmap.org/dist/nmap-7.70-setup.exe"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25282"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-25282"
        },
        {
          "url": "https://www.exploit-db.com/exploits/45357"
        },
        {
          "url": "https://www.vulncheck.com/advisories/nmap-denial-of-service-via-xml-entity-expansion"
        }
      ],
      "published": "2026-04-26T22:17:28+00:00",
      "updated": "2026-04-27T18:55:32+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/nmap-ncat@7.92-2.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2",
          "versions": [
            {
              "version": "2:7.92-2.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/nmap-ncat@7.92-2.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/nmap-ncat@7.92-2.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/nmap-ncat@7.92-2.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/nmap-ncat@7.92-2.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/nmap-ncat@7.92-2.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/nmap-ncat@7.92-2.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/nmap-ncat@7.92-2.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/nmap-ncat@7.92-2.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/nmap-ncat@7.92-2.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/nmap-ncat@7.92-2.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/nmap-ncat@7.92-2.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/nmap-ncat@7.92-2.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/nmap-ncat@7.92-2.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/nmap-ncat@7.92-2.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/nmap-ncat@7.92-2.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/nmap-ncat@7.92-2.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/nmap-ncat@7.92-2.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/nmap-ncat@7.92-2.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/nmap-ncat@7.92-2.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2019-12904",
      "ratings": [
        {
          "source": {
            "name": "nvd"
          },
          "score": 4.3,
          "severity": "medium",
          "method": "CVSSv2",
          "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 5.9,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 5.9,
          "severity": "medium",
          "method": "CVSSv3",
          "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
        }
      ],
      "cwes": [
        668
      ],
      "description": "In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.) NOTE: the vendor's position is that the issue report cannot be validated because there is no description of an attack",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2019-12904"
        },
        {
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00049.html"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2019-12904"
        },
        {
          "url": "https://dev.gnupg.org/T4541"
        },
        {
          "url": "https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020"
        },
        {
          "url": "https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762"
        },
        {
          "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
        },
        {
          "url": "https://lists.gnupg.org/pipermail/gcrypt-devel/2019-July/004760.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12904"
        },
        {
          "url": "https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12904.html"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-12904"
        }
      ],
      "published": "2019-06-20T00:15:10+00:00",
      "updated": "2024-11-21T04:23:48+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "1.8.5-7.el8_6",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": "Java Runtime that executes Confluent Platform\u00a0 is not linked against the vulnerable system library. That assures that the vulnerable code path in the affected library is not reachable."
      }
    },
    {
      "id": "CVE-2019-14250",
      "ratings": [
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 4.3,
          "severity": "medium",
          "method": "CVSSv2",
          "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 5.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 3.3,
          "severity": "low",
          "method": "CVSSv3",
          "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        190,
        787
      ],
      "description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2019-14250"
        },
        {
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00056.html"
        },
        {
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00057.html"
        },
        {
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00058.html"
        },
        {
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00078.html"
        },
        {
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00004.html"
        },
        {
          "url": "http://www.securityfocus.com/bid/109354"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2019-14250"
        },
        {
          "url": "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90924"
        },
        {
          "url": "https://gcc.gnu.org/ml/gcc-patches/2019-07/msg01003.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14250"
        },
        {
          "url": "https://security.gentoo.org/glsa/202007-39"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20190822-0002/"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-4326-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-4336-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-4336-2"
        },
        {
          "url": "https://usn.ubuntu.com/4326-1/"
        },
        {
          "url": "https://usn.ubuntu.com/4336-1/"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-14250"
        }
      ],
      "published": "2019-07-24T04:15:12+00:00",
      "updated": "2024-11-21T04:26:17+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "8.5.0-28.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "8.5.0-28.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": "Java Runtime that executes Confluent Platform\u00a0 is not linked against the vulnerable system library. That assures that the vulnerable code path in the affected library is not reachable."
      }
    },
    {
      "id": "CVE-2019-16866",
      "ratings": [
        {
          "source": {
            "name": "nvd"
          },
          "score": 5,
          "severity": "medium",
          "method": "CVSSv2",
          "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 5.3,
          "severity": "low",
          "method": "CVSSv3",
          "vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        755,
        908
      ],
      "description": "Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2019-16866"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2019-16866"
        },
        {
          "url": "https://github.com/NLnetLabs/unbound/blob/release-1.9.4/doc/Changelog"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E65NCWZZB2D75ZIYWPXKMVGSGNYW4JMC/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MLRHE7TQFAOV4MB2ELTOGESZYUL65NUJ/"
        },
        {
          "url": "https://nlnetlabs.nl/downloads/unbound/CVE-2019-16866.txt"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16866"
        },
        {
          "url": "https://seclists.org/bugtraq/2019/Oct/23"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-4149-1"
        },
        {
          "url": "https://usn.ubuntu.com/4149-1/"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-16866"
        },
        {
          "url": "https://www.debian.org/security/2019/dsa-4544"
        }
      ],
      "published": "2019-10-03T19:15:09+00:00",
      "updated": "2024-11-21T04:31:14+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "1.16.2-5.9.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "1.16.2-5.9.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": "Java Runtime that executes Confluent Platform does not invoke any binaries present in the container. That assures that the vulnerable code path in the affected application is not reachable."
      }
    },
    {
      "id": "CVE-2019-19244",
      "ratings": [
        {
          "source": {
            "name": "nvd"
          },
          "score": 5,
          "severity": "medium",
          "method": "CVSSv2",
          "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 7.5,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "description": "sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2019-19244"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2019-19244"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
        },
        {
          "url": "https://github.com/sqlite/sqlite/commit/e59c562b3f6894f84c715772c4b116d7b5c01348"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19244"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-4205-1"
        },
        {
          "url": "https://usn.ubuntu.com/4205-1/"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-19244"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        }
      ],
      "published": "2019-11-25T20:15:11+00:00",
      "updated": "2024-11-21T04:34:24+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.26.0-20.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": "Java Runtime that executes Confluent Platform\u00a0 is not linked against the vulnerable system library. That assures that the vulnerable code path in the affected library is not reachable."
      }
    },
    {
      "id": "CVE-2019-8905",
      "ratings": [
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 3.6,
          "severity": "info",
          "method": "CVSSv2",
          "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:P"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 4.4,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 4.4,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "low"
        }
      ],
      "cwes": [
        125
      ],
      "description": "do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2019-8905"
        },
        {
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00027.html"
        },
        {
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00053.html"
        },
        {
          "url": "http://www.securityfocus.com/bid/107137"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2019-8905"
        },
        {
          "url": "https://bugs.astron.com/view.php?id=63"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00044.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8905"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-3911-1"
        },
        {
          "url": "https://usn.ubuntu.com/3911-1/"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-8905"
        }
      ],
      "published": "2019-02-18T17:29:00+00:00",
      "updated": "2024-11-21T04:50:38+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/file-libs@5.33-27.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "5.33-27.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/file-libs@5.33-27.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/file-libs@5.33-27.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/file-libs@5.33-27.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/file-libs@5.33-27.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/file-libs@5.33-27.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/file-libs@5.33-27.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/file-libs@5.33-27.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/file-libs@5.33-27.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/file-libs@5.33-27.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/file-libs@5.33-27.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/file-libs@5.33-27.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/file-libs@5.33-27.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/file-libs@5.33-27.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/file-libs@5.33-27.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/file-libs@5.33-27.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/file-libs@5.33-27.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/file-libs@5.33-27.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/file-libs@5.33-27.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/file-libs@5.33-27.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/file-libs@5.33-27.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/file-libs@5.33-27.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": "Java Runtime that executes Confluent Platform\u00a0 is not linked against the vulnerable system library. That assures that the vulnerable code path in the affected library is not reachable.\nFor python:"
      }
    },
    {
      "id": "CVE-2019-8906",
      "ratings": [
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 3.6,
          "severity": "info",
          "method": "CVSSv2",
          "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:P"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 4.4,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 4.4,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        125
      ],
      "description": "do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2019-8906"
        },
        {
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00027.html"
        },
        {
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00053.html"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2019-8906"
        },
        {
          "url": "https://bugs.astron.com/view.php?id=64"
        },
        {
          "url": "https://github.com/file/file/commit/2858eaf99f6cc5aae129bcbf1e24ad160240185f"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8906"
        },
        {
          "url": "https://support.apple.com/kb/HT209599"
        },
        {
          "url": "https://support.apple.com/kb/HT209600"
        },
        {
          "url": "https://support.apple.com/kb/HT209601"
        },
        {
          "url": "https://support.apple.com/kb/HT209602"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-3911-1"
        },
        {
          "url": "https://usn.ubuntu.com/3911-1/"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-8906"
        }
      ],
      "published": "2019-02-18T17:29:01+00:00",
      "updated": "2024-11-21T04:50:38+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/file-libs@5.33-27.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "5.33-27.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/file-libs@5.33-27.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/file-libs@5.33-27.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/file-libs@5.33-27.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/file-libs@5.33-27.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/file-libs@5.33-27.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/file-libs@5.33-27.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/file-libs@5.33-27.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/file-libs@5.33-27.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/file-libs@5.33-27.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/file-libs@5.33-27.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/file-libs@5.33-27.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/file-libs@5.33-27.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/file-libs@5.33-27.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/file-libs@5.33-27.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/file-libs@5.33-27.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/file-libs@5.33-27.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/file-libs@5.33-27.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/file-libs@5.33-27.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/file-libs@5.33-27.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/file-libs@5.33-27.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/file-libs@5.33-27.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": "Java Runtime that executes Confluent Platform\u00a0 is not linked against the vulnerable system library. That assures that the vulnerable code path in the affected library is not reachable.\nFor python:"
      }
    },
    {
      "id": "CVE-2019-9674",
      "ratings": [
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 5,
          "severity": "medium",
          "method": "CVSSv2",
          "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 4.2,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "low"
        }
      ],
      "cwes": [
        400
      ],
      "description": "Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2019-9674"
        },
        {
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00003.html"
        },
        {
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00041.html"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2019-9674"
        },
        {
          "url": "https://bugs.python.org/issue36260"
        },
        {
          "url": "https://bugs.python.org/issue36462"
        },
        {
          "url": "https://github.com/python/cpython/blob/master/Lib/zipfile.py"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9674"
        },
        {
          "url": "https://python-security.readthedocs.io/security.html#archives-and-zip-bomb"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20200221-0003/"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-4428-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-4754-3"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-6891-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7212-1"
        },
        {
          "url": "https://usn.ubuntu.com/4428-1/"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-9674"
        },
        {
          "url": "https://www.python.org/news/security/"
        }
      ],
      "published": "2020-02-04T15:15:11+00:00",
      "updated": "2025-12-31T00:55:36+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.6.8-76.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.6.8-76.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2019-9923",
      "ratings": [
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 5,
          "severity": "medium",
          "method": "CVSSv2",
          "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv3",
          "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 3.3,
          "severity": "low",
          "method": "CVSSv3",
          "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "low"
        }
      ],
      "cwes": [
        476
      ],
      "description": "pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2019-9923"
        },
        {
          "url": "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120"
        },
        {
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html"
        },
        {
          "url": "http://savannah.gnu.org/bugs/?55369"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2019-9923"
        },
        {
          "url": "https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241"
        },
        {
          "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
        },
        {
          "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9923"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-4692-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-9923"
        }
      ],
      "published": "2019-03-22T08:29:00+00:00",
      "updated": "2025-08-06T22:15:28+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2",
          "versions": [
            {
              "version": "2:1.30-11.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": "Java Runtime that executes Confluent Platform does not invoke any binaries present in the container. That assures that the vulnerable code path in the affected application is not reachable."
      }
    },
    {
      "id": "CVE-2019-9936",
      "ratings": [
        {
          "source": {
            "name": "nvd"
          },
          "score": 5,
          "severity": "medium",
          "method": "CVSSv2",
          "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv3",
          "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 3.3,
          "severity": "low",
          "method": "CVSSv3",
          "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        125
      ],
      "description": "In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2019-9936"
        },
        {
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00026.html"
        },
        {
          "url": "http://www.securityfocus.com/bid/107562"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2019-9936"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXD2GYJVTDGEQPUNMMMC5TB7MQXOBBMO/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N66U5PY5UJU4XBFZJH7QNKIDNAVIB4OP/"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9936"
        },
        {
          "url": "https://security.gentoo.org/glsa/201908-09"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20190416-0005/"
        },
        {
          "url": "https://sqlite.org/src/info/b3fa58dd7403dbd4"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-4019-1"
        },
        {
          "url": "https://usn.ubuntu.com/4019-1/"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-9936"
        },
        {
          "url": "https://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg114382.html"
        },
        {
          "url": "https://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg114394.html"
        },
        {
          "url": "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114382.html"
        },
        {
          "url": "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114394.html"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
        }
      ],
      "published": "2019-03-22T08:29:00+00:00",
      "updated": "2024-11-21T04:52:37+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.26.0-20.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": "Java Runtime that executes Confluent Platform does not invoke any binaries present in the container. That assures that the vulnerable code path in the affected application is not reachable."
      }
    },
    {
      "id": "CVE-2019-9937",
      "ratings": [
        {
          "source": {
            "name": "nvd"
          },
          "score": 5,
          "severity": "medium",
          "method": "CVSSv2",
          "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv3",
          "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 5.3,
          "severity": "low",
          "method": "CVSSv3",
          "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "low"
        }
      ],
      "cwes": [
        476
      ],
      "description": "In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2019-9937"
        },
        {
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00026.html"
        },
        {
          "url": "http://www.securityfocus.com/bid/107562"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2019-9937"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXD2GYJVTDGEQPUNMMMC5TB7MQXOBBMO/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N66U5PY5UJU4XBFZJH7QNKIDNAVIB4OP/"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9937"
        },
        {
          "url": "https://security.gentoo.org/glsa/201908-09"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20190416-0005/"
        },
        {
          "url": "https://sqlite.org/src/info/45c73deb440496e8"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-4019-1"
        },
        {
          "url": "https://usn.ubuntu.com/4019-1/"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-9937"
        },
        {
          "url": "https://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg114383.html"
        },
        {
          "url": "https://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg114393.html"
        },
        {
          "url": "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114383.html"
        },
        {
          "url": "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114393.html"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
        }
      ],
      "published": "2019-03-22T08:29:00+00:00",
      "updated": "2024-11-21T04:52:37+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.26.0-20.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": "Java Runtime that executes Confluent Platform does not invoke any binaries present in the container. That assures that the vulnerable code path in the affected application is not reachable."
      }
    },
    {
      "id": "CVE-2020-19185",
      "ratings": [
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 6.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 6.5,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
        }
      ],
      "cwes": [
        787
      ],
      "description": "Buffer Overflow vulnerability in one_one_mapping function in progs/dump_entry.c:1373 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2020-19185"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2023/Dec/10"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2023/Dec/11"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2023/Dec/9"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2020-19185"
        },
        {
          "url": "https://github.com/zjuchenyuan/fuzzpoc/blob/master/infotocap_poc1.md"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-19185"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20231006-0005/"
        },
        {
          "url": "https://support.apple.com/kb/HT214036"
        },
        {
          "url": "https://support.apple.com/kb/HT214037"
        },
        {
          "url": "https://support.apple.com/kb/HT214038"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-19185"
        }
      ],
      "published": "2023-08-22T19:15:57+00:00",
      "updated": "2024-11-21T05:09:00+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10",
          "versions": [
            {
              "version": "6.1-10.20180224.el8",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "6.1-10.20180224.el8",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": "Java Runtime that executes Confluent Platform\u00a0 is not linked against the vulnerable system library. That assures that the vulnerable code path in the affected library is not reachable."
      }
    },
    {
      "id": "CVE-2020-19186",
      "ratings": [
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 6.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 6.5,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
        }
      ],
      "cwes": [
        787
      ],
      "description": "Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp_hash.c:66 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2020-19186"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2023/Dec/10"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2023/Dec/11"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2023/Dec/9"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2020-19186"
        },
        {
          "url": "https://github.com/zjuchenyuan/fuzzpoc/blob/master/infotocap_poc2.md"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-19186"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20231006-0005/"
        },
        {
          "url": "https://support.apple.com/kb/HT214036"
        },
        {
          "url": "https://support.apple.com/kb/HT214037"
        },
        {
          "url": "https://support.apple.com/kb/HT214038"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-19186"
        }
      ],
      "published": "2023-08-22T19:15:58+00:00",
      "updated": "2024-11-21T05:09:00+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10",
          "versions": [
            {
              "version": "6.1-10.20180224.el8",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "6.1-10.20180224.el8",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": "Java Runtime that executes Confluent Platform\u00a0 is not linked against the vulnerable system library. That assures that the vulnerable code path in the affected library is not reachable."
      }
    },
    {
      "id": "CVE-2020-19187",
      "ratings": [
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 6.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 6.5,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
        }
      ],
      "cwes": [
        787
      ],
      "description": "Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1100 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2020-19187"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2023/Dec/10"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2023/Dec/11"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2023/Dec/9"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2020-19187"
        },
        {
          "url": "https://github.com/zjuchenyuan/fuzzpoc/blob/master/infotocap_poc3.md"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-19187"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20231006-0005/"
        },
        {
          "url": "https://support.apple.com/kb/HT214036"
        },
        {
          "url": "https://support.apple.com/kb/HT214037"
        },
        {
          "url": "https://support.apple.com/kb/HT214038"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-19187"
        }
      ],
      "published": "2023-08-22T19:15:59+00:00",
      "updated": "2024-11-21T05:09:00+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10",
          "versions": [
            {
              "version": "6.1-10.20180224.el8",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "6.1-10.20180224.el8",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": "Java Runtime that executes Confluent Platform\u00a0 is not linked against the vulnerable system library. That assures that the vulnerable code path in the affected library is not reachable."
      }
    },
    {
      "id": "CVE-2020-19188",
      "ratings": [
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 6.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 6.5,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
        }
      ],
      "cwes": [
        787
      ],
      "description": "Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1116 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2020-19188"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2023/Dec/10"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2023/Dec/11"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2023/Dec/9"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2020-19188"
        },
        {
          "url": "https://github.com/zjuchenyuan/fuzzpoc/blob/master/infotocap_poc4.md"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-19188"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20231006-0005/"
        },
        {
          "url": "https://support.apple.com/kb/HT214036"
        },
        {
          "url": "https://support.apple.com/kb/HT214037"
        },
        {
          "url": "https://support.apple.com/kb/HT214038"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-19188"
        }
      ],
      "published": "2023-08-22T19:16:00+00:00",
      "updated": "2024-11-21T05:09:00+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10",
          "versions": [
            {
              "version": "6.1-10.20180224.el8",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "6.1-10.20180224.el8",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": "Java Runtime that executes Confluent Platform does not invoke any binaries present in the container. That assures that the vulnerable code path in the affected application is not reachable."
      }
    },
    {
      "id": "CVE-2020-19189",
      "ratings": [
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 6.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 6.5,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        787
      ],
      "description": "Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2020-19189"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2023/Dec/10"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2023/Dec/11"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2023/Dec/9"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2020-19189"
        },
        {
          "url": "https://github.com/zjuchenyuan/fuzzpoc/blob/master/infotocap_poc5.md"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00033.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-19189"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20231006-0005/"
        },
        {
          "url": "https://support.apple.com/kb/HT214036"
        },
        {
          "url": "https://support.apple.com/kb/HT214037"
        },
        {
          "url": "https://support.apple.com/kb/HT214038"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-6451-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-19189"
        }
      ],
      "published": "2023-08-22T19:16:01+00:00",
      "updated": "2024-11-21T05:09:00+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10",
          "versions": [
            {
              "version": "6.1-10.20180224.el8",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "6.1-10.20180224.el8",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": "Java Runtime that executes Confluent Platform\u00a0 is not linked against the vulnerable system library. That assures that the vulnerable code path in the affected library is not reachable."
      }
    },
    {
      "id": "CVE-2020-19190",
      "ratings": [
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 6.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 6.5,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
        }
      ],
      "cwes": [
        787
      ],
      "description": "Buffer Overflow vulnerability in _nc_find_entry in tinfo/comp_hash.c:70 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2020-19190"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2023/Dec/10"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2023/Dec/11"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2023/Dec/9"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2020-19190"
        },
        {
          "url": "https://github.com/zjuchenyuan/fuzzpoc/blob/master/infotocap_poc6.md"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-19190"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20231006-0005/"
        },
        {
          "url": "https://support.apple.com/kb/HT214036"
        },
        {
          "url": "https://support.apple.com/kb/HT214037"
        },
        {
          "url": "https://support.apple.com/kb/HT214038"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-19190"
        }
      ],
      "published": "2023-08-22T19:16:01+00:00",
      "updated": "2024-11-21T05:09:01+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10",
          "versions": [
            {
              "version": "6.1-10.20180224.el8",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "6.1-10.20180224.el8",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": "Java Runtime that executes Confluent Platform\u00a0 is not linked against the vulnerable system library. That assures that the vulnerable code path in the affected library is not reachable."
      }
    },
    {
      "id": "CVE-2020-35512",
      "ratings": [
        {
          "source": {
            "name": "nvd"
          },
          "score": 7.2,
          "severity": "high",
          "method": "CVSSv2",
          "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 7.8,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 7,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "low"
        }
      ],
      "cwes": [
        416
      ],
      "description": "A use-after-free flaw was found in D-Bus Development branch <= 1.13.16, dbus-1.12.x stable branch <= 1.12.18, and dbus-1.10.x and older branches <= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2020-35512"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2020-35512"
        },
        {
          "url": "https://bugs.gentoo.org/755392"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909101"
        },
        {
          "url": "https://gitlab.freedesktop.org/dbus/dbus/-/commit/2b7948ef907669e844b52c4fa2268d6e3162a70c"
        },
        {
          "url": "https://gitlab.freedesktop.org/dbus/dbus/-/commit/dc94fe3d31adf72259adc31f343537151a6c0bdd"
        },
        {
          "url": "https://gitlab.freedesktop.org/dbus/dbus/-/commit/f3b2574f0c9faa32a59efec905921f7ef4438a60"
        },
        {
          "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/305"
        },
        {
          "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/305#note_829128"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35512"
        },
        {
          "url": "https://security-tracker.debian.org/tracker/CVE-2020-35512"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-5244-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-5244-2"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-35512"
        }
      ],
      "published": "2021-02-15T17:15:12+00:00",
      "updated": "2024-11-21T05:27:28+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/dbus-common@1.12.8-28.el8_10?arch=noarch&distro=redhat-8.10&epoch=1",
          "versions": [
            {
              "version": "1:1.12.8-28.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/dbus-daemon@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1",
          "versions": [
            {
              "version": "1:1.12.8-28.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/dbus-libs@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1",
          "versions": [
            {
              "version": "1:1.12.8-28.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/dbus-tools@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1",
          "versions": [
            {
              "version": "1:1.12.8-28.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/dbus@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1",
          "versions": [
            {
              "version": "1:1.12.8-28.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/dbus-common@1.12.8-28.el8_10?arch=noarch&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/dbus-daemon@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/dbus-libs@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/dbus-tools@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/dbus@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/dbus-common@1.12.8-28.el8_10?arch=noarch&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/dbus-daemon@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/dbus-libs@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/dbus-tools@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/dbus@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/dbus-common@1.12.8-28.el8_10?arch=noarch&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/dbus-daemon@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/dbus-libs@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/dbus-tools@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/dbus@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/dbus-common@1.12.8-28.el8_10?arch=noarch&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/dbus-daemon@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/dbus-libs@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/dbus-tools@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/dbus@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/dbus-common@1.12.8-28.el8_10?arch=noarch&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/dbus-daemon@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/dbus-libs@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/dbus-tools@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/dbus@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/dbus-common@1.12.8-28.el8_10?arch=noarch&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/dbus-daemon@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/dbus-libs@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/dbus-tools@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/dbus@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/dbus-common@1.12.8-28.el8_10?arch=noarch&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/dbus-daemon@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/dbus-libs@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/dbus-tools@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/dbus@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/dbus-common@1.12.8-28.el8_10?arch=noarch&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/dbus-daemon@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/dbus-libs@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/dbus-tools@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/dbus@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/dbus-common@1.12.8-28.el8_10?arch=noarch&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/dbus-daemon@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/dbus-libs@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/dbus-tools@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/dbus@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/dbus-common@1.12.8-28.el8_10?arch=noarch&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/dbus-daemon@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/dbus-libs@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/dbus-tools@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/dbus@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/dbus-common@1.12.8-28.el8_10?arch=noarch&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/dbus-daemon@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/dbus-libs@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/dbus-tools@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/dbus@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/dbus-common@1.12.8-28.el8_10?arch=noarch&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/dbus-daemon@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/dbus-libs@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/dbus-tools@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/dbus@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/dbus-common@1.12.8-28.el8_10?arch=noarch&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/dbus-daemon@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/dbus-libs@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/dbus-tools@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/dbus@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/dbus-common@1.12.8-28.el8_10?arch=noarch&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/dbus-daemon@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/dbus-libs@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/dbus-tools@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/dbus@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/dbus-common@1.12.8-28.el8_10?arch=noarch&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/dbus-daemon@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/dbus-libs@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/dbus-tools@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/dbus@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/dbus-common@1.12.8-28.el8_10?arch=noarch&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/dbus-daemon@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/dbus-libs@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/dbus-tools@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/dbus@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/dbus-common@1.12.8-28.el8_10?arch=noarch&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/dbus-daemon@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/dbus-libs@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/dbus-tools@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/dbus@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/dbus-common@1.12.8-28.el8_10?arch=noarch&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/dbus-daemon@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/dbus-libs@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/dbus-tools@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/dbus@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/dbus-common@1.12.8-28.el8_10?arch=noarch&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/dbus-daemon@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/dbus-libs@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/dbus-tools@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/dbus@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/dbus-common@1.12.8-28.el8_10?arch=noarch&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/dbus-daemon@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/dbus-libs@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/dbus-tools@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/dbus@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/dbus-common@1.12.8-28.el8_10?arch=noarch&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/dbus-daemon@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/dbus-libs@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/dbus-tools@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/dbus@1.12.8-28.el8_10?arch=x86_64&distro=redhat-8.10&epoch=1"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": "Java Runtime that executes Confluent Platform does not invoke any binaries present in the container. That assures that the vulnerable code path in the affected application is not reachable."
      }
    },
    {
      "id": "CVE-2021-20193",
      "ratings": [
        {
          "source": {
            "name": "nvd"
          },
          "score": 4.3,
          "severity": "medium",
          "method": "CVSSv2",
          "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 3.3,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 3.3,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "low"
        }
      ],
      "cwes": [
        401,
        125
      ],
      "description": "A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2021-20193"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2021-20193"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1917565"
        },
        {
          "url": "https://git.savannah.gnu.org/cgit/tar.git/commit/?id=d9d4435692150fa8ff68e1b1a473d187cc3fd777"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20193"
        },
        {
          "url": "https://savannah.gnu.org/bugs/?59897"
        },
        {
          "url": "https://security.gentoo.org/glsa/202105-29"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-5329-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-20193"
        }
      ],
      "published": "2021-03-26T17:15:12+00:00",
      "updated": "2025-05-05T14:15:04+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2",
          "versions": [
            {
              "version": "2:1.30-11.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": "Java Runtime that executes Confluent Platform does not invoke any binaries present in the container. That assures that the vulnerable code path in the affected application is not reachable."
      }
    },
    {
      "id": "CVE-2021-24032",
      "ratings": [
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 1.9,
          "severity": "info",
          "method": "CVSSv2",
          "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 4.7,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 5.5,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        277,
        276
      ],
      "description": "Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2021-24032"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2021-24032"
        },
        {
          "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519"
        },
        {
          "url": "https://github.com/advisories/GHSA-ffqj-7pgc-cmj5"
        },
        {
          "url": "https://github.com/facebook/zstd/issues/2491"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-24032"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-4760-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-5720-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-24032"
        },
        {
          "url": "https://www.facebook.com/security/advisories/cve-2021-24032"
        }
      ],
      "published": "2021-03-04T21:15:12+00:00",
      "updated": "2024-11-21T05:52:14+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/libzstd@1.4.4-1.el8?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "1.4.4-1.el8",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libzstd@1.4.4-1.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libzstd@1.4.4-1.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libzstd@1.4.4-1.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libzstd@1.4.4-1.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libzstd@1.4.4-1.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libzstd@1.4.4-1.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libzstd@1.4.4-1.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libzstd@1.4.4-1.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libzstd@1.4.4-1.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libzstd@1.4.4-1.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libzstd@1.4.4-1.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libzstd@1.4.4-1.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libzstd@1.4.4-1.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libzstd@1.4.4-1.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libzstd@1.4.4-1.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libzstd@1.4.4-1.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libzstd@1.4.4-1.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libzstd@1.4.4-1.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libzstd@1.4.4-1.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libzstd@1.4.4-1.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libzstd@1.4.4-1.el8?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": "Java Runtime that executes Confluent Platform does not invoke any binaries present in the container. That assures that the vulnerable code path in the affected application is not reachable."
      }
    },
    {
      "id": "CVE-2021-31879",
      "ratings": [
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 5.8,
          "severity": "medium",
          "method": "CVSSv2",
          "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 6.1,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 6.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        601
      ],
      "description": "GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2021-31879"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2021-31879"
        },
        {
          "url": "https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31879"
        },
        {
          "url": "https://savannah.gnu.org/bugs/?56909"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20210618-0002/"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-31879"
        }
      ],
      "published": "2021-04-29T05:15:08+00:00",
      "updated": "2024-11-21T06:06:25+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/wget@1.19.5-12.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "1.19.5-12.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/wget@1.19.5-12.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/wget@1.19.5-12.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/wget@1.19.5-12.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/wget@1.19.5-12.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/wget@1.19.5-12.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/wget@1.19.5-12.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/wget@1.19.5-12.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/wget@1.19.5-12.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/wget@1.19.5-12.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/wget@1.19.5-12.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/wget@1.19.5-12.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/wget@1.19.5-12.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/wget@1.19.5-12.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/wget@1.19.5-12.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/wget@1.19.5-12.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/wget@1.19.5-12.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/wget@1.19.5-12.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/wget@1.19.5-12.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/wget@1.19.5-12.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": "Java Runtime that executes Confluent Platform does not invoke any binaries present in the container. That assures that the vulnerable code path in the affected application is not reachable."
      }
    },
    {
      "id": "CVE-2021-39537",
      "ratings": [
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 6.8,
          "severity": "medium",
          "method": "CVSSv2",
          "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 8.8,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 5.5,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "low"
        }
      ],
      "cwes": [
        787
      ],
      "description": "An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2021-39537"
        },
        {
          "url": "http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_captoinfo.c?rev=1.1&content-type=text/x-cvsweb-markup"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2022/Oct/28"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2022/Oct/41"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2022/Oct/43"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2022/Oct/45"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2021-39537"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00004.html"
        },
        {
          "url": "https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html"
        },
        {
          "url": "https://lists.gnu.org/archive/html/bug-ncurses/2021-10/msg00023.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39537"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230427-0012/"
        },
        {
          "url": "https://support.apple.com/kb/HT213443"
        },
        {
          "url": "https://support.apple.com/kb/HT213444"
        },
        {
          "url": "https://support.apple.com/kb/HT213488"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-5477-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-6099-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-39537"
        }
      ],
      "published": "2021-09-20T16:15:12+00:00",
      "updated": "2024-11-21T06:19:38+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10",
          "versions": [
            {
              "version": "6.1-10.20180224.el8",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "6.1-10.20180224.el8",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": "Java Runtime that executes Confluent Platform does not invoke any binaries present in the container. That assures that the vulnerable code path in the affected application is not reachable."
      }
    },
    {
      "id": "CVE-2021-3997",
      "ratings": [
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 5.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 5.5,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        674
      ],
      "description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2021-3997"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2021-3997"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024639"
        },
        {
          "url": "https://github.com/systemd/systemd/commit/5b1cf7a9be37e20133c0208005274ce4a5b5c6a1"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3997"
        },
        {
          "url": "https://security.gentoo.org/glsa/202305-15"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-5226-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-3997"
        },
        {
          "url": "https://www.openwall.com/lists/oss-security/2022/01/10/2"
        }
      ],
      "published": "2022-08-23T20:15:08+00:00",
      "updated": "2024-11-21T06:23:20+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "239-82.el8_10.16",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "239-82.el8_10.16",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "239-82.el8_10.16",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": "Java Runtime that executes Confluent Platform does not invoke any binaries present in the container. That assures that the vulnerable code path in the affected application is not reachable."
      }
    },
    {
      "id": "CVE-2021-4209",
      "ratings": [
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 6.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 6.5,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "low"
        }
      ],
      "cwes": [
        476
      ],
      "description": "A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2021-4209"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2021-4209"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044156"
        },
        {
          "url": "https://gitlab.com/gnutls/gnutls/-/commit/3db352734472d851318944db13be73da61300568"
        },
        {
          "url": "https://gitlab.com/gnutls/gnutls/-/issues/1306"
        },
        {
          "url": "https://gitlab.com/gnutls/gnutls/-/merge_requests/1503"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4209"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220915-0005/"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-5550-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-5750-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-4209"
        }
      ],
      "published": "2022-08-24T16:15:09+00:00",
      "updated": "2024-11-21T06:37:09+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.6.16-8.el8_10.5",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": "Java Runtime that executes Confluent Platform does not invoke any binaries present in the container. That assures that the vulnerable code path in the affected application is not reachable."
      }
    },
    {
      "id": "CVE-2022-0391",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "bitnami"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 5,
          "severity": "medium",
          "method": "CVSSv2",
          "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 5.3,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        74
      ],
      "description": "A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\\r' and '\\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2022-0391"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2022:6457"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2022-0391"
        },
        {
          "url": "https://bugs.python.org/issue43882"
        },
        {
          "url": "https://bugzilla.redhat.com/2047376"
        },
        {
          "url": "https://bugzilla.redhat.com/2075390"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995162"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995234"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2006792"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2032569"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036020"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047376"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3733"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3737"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4189"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43818"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0391"
        },
        {
          "url": "https://errata.almalinux.org/8/ALSA-2022-6457.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2022:1821"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2022-0391.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2023-3550.html"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00024.html"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00013.html"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CSD2YBXP3ZF44E44QMIIAR5VTO35KTRB/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDBDBAU6HUPZHISBOARTXZ5GKHF2VH5U/"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0391"
        },
        {
          "url": "https://security.gentoo.org/glsa/202305-02"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220225-0009/"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-5342-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-5342-2"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-6891-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-0391"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        }
      ],
      "published": "2022-02-09T23:15:16+00:00",
      "updated": "2025-12-17T21:15:52+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4",
          "versions": [
            {
              "version": "3.9.25-2.module+el8.10.0+23718+1842ae33",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1",
          "versions": [
            {
              "version": "20.2.4-9.module+el8.10.0+21329+8d76b841",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1",
          "versions": [
            {
              "version": "20.2.4-9.module+el8.10.0+21329+8d76b841",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4",
          "versions": [
            {
              "version": "50.3.2-7.module+el8.10.0+23406+03055bfb",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4",
          "versions": [
            {
              "version": "3.9.25-2.module+el8.10.0+23718+1842ae33",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2022-27943",
      "ratings": [
        {
          "source": {
            "name": "amazon"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 4.3,
          "severity": "medium",
          "method": "CVSSv2",
          "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 5.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 5.5,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "low"
        }
      ],
      "cwes": [
        674
      ],
      "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2022-27943"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2022-27943"
        },
        {
          "url": "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039"
        },
        {
          "url": "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371"
        },
        {
          "url": "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79"
        },
        {
          "url": "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead"
        },
        {
          "url": "https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943"
        },
        {
          "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=28995"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-27943"
        }
      ],
      "published": "2022-03-26T13:15:07+00:00",
      "updated": "2024-11-21T06:56:31+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "8.5.0-28.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "8.5.0-28.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": "Java Runtime that executes Confluent Platform\u00a0 is not linked against the vulnerable system library. That assures that the vulnerable code path in the affected library is not reachable."
      }
    },
    {
      "id": "CVE-2022-3219",
      "ratings": [
        {
          "source": {
            "name": "nvd"
          },
          "score": 3.3,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 6.2,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        }
      ],
      "cwes": [
        787
      ],
      "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2022-3219"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2022-3219"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2127010"
        },
        {
          "url": "https://dev.gnupg.org/D556"
        },
        {
          "url": "https://dev.gnupg.org/T5993"
        },
        {
          "url": "https://marc.info/?l=oss-security&m=165696590211434&w=4"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230324-0001/"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-3219"
        }
      ],
      "published": "2023-02-23T20:15:12+00:00",
      "updated": "2025-03-12T21:15:38+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "2.2.20-4.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": "Java Runtime that executes Confluent Platform does not invoke any binaries present in the container. That assures that the vulnerable code path in the affected application is not reachable."
      }
    },
    {
      "id": "CVE-2022-41409",
      "ratings": [
        {
          "source": {
            "name": "amazon"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 5.3,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "low"
        }
      ],
      "cwes": [
        190
      ],
      "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2022-41409"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2022-41409"
        },
        {
          "url": "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35"
        },
        {
          "url": "https://github.com/PCRE2Project/pcre2/issues/141"
        },
        {
          "url": "https://github.com/advisories/GHSA-4qfx-v7wh-3q4j"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-41409"
        }
      ],
      "published": "2023-07-18T14:15:12+00:00",
      "updated": "2024-11-21T07:23:10+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "10.32-3.el8_6",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": "Java Runtime that executes Confluent Platform\u00a0 is not linked against the vulnerable system library. That assures that the vulnerable code path in the affected library is not reachable."
      }
    },
    {
      "id": "CVE-2022-4899",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "ghsa"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 7.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "low"
        }
      ],
      "cwes": [
        400
      ],
      "description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2022-4899"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2024:1141"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2022-4899"
        },
        {
          "url": "https://bugzilla.redhat.com/2179864"
        },
        {
          "url": "https://bugzilla.redhat.com/2188109"
        },
        {
          "url": "https://bugzilla.redhat.com/2188113"
        },
        {
          "url": "https://bugzilla.redhat.com/2188115"
        },
        {
          "url": "https://bugzilla.redhat.com/2188116"
        },
        {
          "url": "https://bugzilla.redhat.com/2188117"
        },
        {
          "url": "https://bugzilla.redhat.com/2188118"
        },
        {
          "url": "https://bugzilla.redhat.com/2188119"
        },
        {
          "url": "https://bugzilla.redhat.com/2188120"
        },
        {
          "url": "https://bugzilla.redhat.com/2188121"
        },
        {
          "url": "https://bugzilla.redhat.com/2188122"
        },
        {
          "url": "https://bugzilla.redhat.com/2188123"
        },
        {
          "url": "https://bugzilla.redhat.com/2188124"
        },
        {
          "url": "https://bugzilla.redhat.com/2188125"
        },
        {
          "url": "https://bugzilla.redhat.com/2188127"
        },
        {
          "url": "https://bugzilla.redhat.com/2188128"
        },
        {
          "url": "https://bugzilla.redhat.com/2188129"
        },
        {
          "url": "https://bugzilla.redhat.com/2188130"
        },
        {
          "url": "https://bugzilla.redhat.com/2188131"
        },
        {
          "url": "https://bugzilla.redhat.com/2188132"
        },
        {
          "url": "https://bugzilla.redhat.com/2224211"
        },
        {
          "url": "https://bugzilla.redhat.com/2224212"
        },
        {
          "url": "https://bugzilla.redhat.com/2224213"
        },
        {
          "url": "https://bugzilla.redhat.com/2224214"
        },
        {
          "url": "https://bugzilla.redhat.com/2224215"
        },
        {
          "url": "https://bugzilla.redhat.com/2224216"
        },
        {
          "url": "https://bugzilla.redhat.com/2224217"
        },
        {
          "url": "https://bugzilla.redhat.com/2224218"
        },
        {
          "url": "https://bugzilla.redhat.com/2224219"
        },
        {
          "url": "https://bugzilla.redhat.com/2224220"
        },
        {
          "url": "https://bugzilla.redhat.com/2224221"
        },
        {
          "url": "https://bugzilla.redhat.com/2224222"
        },
        {
          "url": "https://bugzilla.redhat.com/2245014"
        },
        {
          "url": "https://bugzilla.redhat.com/2245015"
        },
        {
          "url": "https://bugzilla.redhat.com/2245016"
        },
        {
          "url": "https://bugzilla.redhat.com/2245017"
        },
        {
          "url": "https://bugzilla.redhat.com/2245018"
        },
        {
          "url": "https://bugzilla.redhat.com/2245019"
        },
        {
          "url": "https://bugzilla.redhat.com/2245020"
        },
        {
          "url": "https://bugzilla.redhat.com/2245021"
        },
        {
          "url": "https://bugzilla.redhat.com/2245022"
        },
        {
          "url": "https://bugzilla.redhat.com/2245023"
        },
        {
          "url": "https://bugzilla.redhat.com/2245024"
        },
        {
          "url": "https://bugzilla.redhat.com/2245026"
        },
        {
          "url": "https://bugzilla.redhat.com/2245027"
        },
        {
          "url": "https://bugzilla.redhat.com/2245028"
        },
        {
          "url": "https://bugzilla.redhat.com/2245029"
        },
        {
          "url": "https://bugzilla.redhat.com/2245030"
        },
        {
          "url": "https://bugzilla.redhat.com/2245031"
        },
        {
          "url": "https://bugzilla.redhat.com/2245032"
        },
        {
          "url": "https://bugzilla.redhat.com/2245033"
        },
        {
          "url": "https://bugzilla.redhat.com/2245034"
        },
        {
          "url": "https://bugzilla.redhat.com/2258771"
        },
        {
          "url": "https://bugzilla.redhat.com/2258772"
        },
        {
          "url": "https://bugzilla.redhat.com/2258773"
        },
        {
          "url": "https://bugzilla.redhat.com/2258774"
        },
        {
          "url": "https://bugzilla.redhat.com/2258775"
        },
        {
          "url": "https://bugzilla.redhat.com/2258776"
        },
        {
          "url": "https://bugzilla.redhat.com/2258777"
        },
        {
          "url": "https://bugzilla.redhat.com/2258778"
        },
        {
          "url": "https://bugzilla.redhat.com/2258779"
        },
        {
          "url": "https://bugzilla.redhat.com/2258780"
        },
        {
          "url": "https://bugzilla.redhat.com/2258781"
        },
        {
          "url": "https://bugzilla.redhat.com/2258782"
        },
        {
          "url": "https://bugzilla.redhat.com/2258783"
        },
        {
          "url": "https://bugzilla.redhat.com/2258784"
        },
        {
          "url": "https://bugzilla.redhat.com/2258785"
        },
        {
          "url": "https://bugzilla.redhat.com/2258787"
        },
        {
          "url": "https://bugzilla.redhat.com/2258788"
        },
        {
          "url": "https://bugzilla.redhat.com/2258789"
        },
        {
          "url": "https://bugzilla.redhat.com/2258790"
        },
        {
          "url": "https://bugzilla.redhat.com/2258791"
        },
        {
          "url": "https://bugzilla.redhat.com/2258792"
        },
        {
          "url": "https://bugzilla.redhat.com/2258793"
        },
        {
          "url": "https://bugzilla.redhat.com/2258794"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179864"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188109"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188113"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188115"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188116"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188117"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188118"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188119"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188120"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188121"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188122"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188123"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188124"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188125"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188127"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188128"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188129"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188130"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188131"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188132"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2224211"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2224212"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2224213"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2224214"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2224215"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2224216"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2224217"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2224218"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2224219"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2224220"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2224221"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2224222"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245014"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245015"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245016"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245017"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245018"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245019"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245020"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245021"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245022"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245023"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245024"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245026"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245027"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245028"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245029"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245030"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245031"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245032"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245033"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245034"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258771"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258772"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258773"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258774"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258775"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258776"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258777"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258778"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258779"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258780"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258781"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258782"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258783"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258784"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258785"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258787"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258788"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258789"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258790"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258791"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258792"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258793"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258794"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4899"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21911"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21919"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21920"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21929"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21933"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21935"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21940"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21945"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21946"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21947"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21953"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21955"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21962"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21966"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21972"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21976"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21977"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21980"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21982"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22005"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22007"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22008"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22032"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22033"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22038"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22046"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22048"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22053"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22054"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22056"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22057"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22058"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22059"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22064"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22065"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22066"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22068"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22070"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22078"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22079"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22084"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22092"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22097"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22103"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22104"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22110"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22111"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22112"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22113"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22114"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22115"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20960"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20961"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20962"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20963"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20964"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20965"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20966"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20967"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20968"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20969"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20970"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20971"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20972"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20973"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20974"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20976"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20977"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20978"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20981"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20982"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20983"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20984"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20985"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20993"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21049"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21050"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21051"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21052"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21053"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21055"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21056"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21057"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21061"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21137"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21200"
        },
        {
          "url": "https://errata.almalinux.org/9/ALSA-2024-1141.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2024:0894"
        },
        {
          "url": "https://github.com/facebook/zstd"
        },
        {
          "url": "https://github.com/facebook/zstd/issues/3200"
        },
        {
          "url": "https://github.com/facebook/zstd/pull/3220"
        },
        {
          "url": "https://github.com/pypa/advisory-database/tree/main/vulns/zstd/PYSEC-2023-121.yaml"
        },
        {
          "url": "https://github.com/sergey-dryabzhinsky/python-zstd/commit/c8a619aebdbd6b838fbfef6e19325a70f631a4c6"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2022-4899.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2024-1141.html"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4899"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230725-0005"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230725-0005/"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-4899"
        }
      ],
      "published": "2023-03-31T20:15:07+00:00",
      "updated": "2025-02-18T18:15:14+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/libzstd@1.4.4-1.el8?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "1.4.4-1.el8",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libzstd@1.4.4-1.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libzstd@1.4.4-1.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libzstd@1.4.4-1.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libzstd@1.4.4-1.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libzstd@1.4.4-1.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libzstd@1.4.4-1.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libzstd@1.4.4-1.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libzstd@1.4.4-1.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libzstd@1.4.4-1.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libzstd@1.4.4-1.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libzstd@1.4.4-1.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libzstd@1.4.4-1.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libzstd@1.4.4-1.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libzstd@1.4.4-1.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libzstd@1.4.4-1.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libzstd@1.4.4-1.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libzstd@1.4.4-1.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libzstd@1.4.4-1.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libzstd@1.4.4-1.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libzstd@1.4.4-1.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libzstd@1.4.4-1.el8?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": "Java Runtime that executes Confluent Platform\u00a0 is not linked against the vulnerable system library. That assures that the vulnerable code path in the affected library is not reachable."
      }
    },
    {
      "id": "CVE-2023-0464",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "julia"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 5.9,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "low"
        }
      ],
      "cwes": [
        295
      ],
      "description": "A security vulnerability has been identified in all supported versions\n\nof OpenSSL related to the verification of X.509 certificate chains\nthat include policy constraints.  Attackers may be able to exploit this\nvulnerability by creating a malicious certificate chain that triggers\nexponential use of computational resources, leading to a denial-of-service\n(DoS) attack on affected systems.\n\nPolicy processing is disabled by default but can be enabled by passing\nthe `-policy' argument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()' function.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2023-0464"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2023:3722"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2023-0464"
        },
        {
          "url": "https://bugzilla.redhat.com/2181082"
        },
        {
          "url": "https://bugzilla.redhat.com/2182561"
        },
        {
          "url": "https://bugzilla.redhat.com/2182565"
        },
        {
          "url": "https://bugzilla.redhat.com/2188461"
        },
        {
          "url": "https://bugzilla.redhat.com/2207947"
        },
        {
          "url": "https://errata.almalinux.org/9/ALSA-2023-3722.html"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2017771e2db3e2b96f89bbe8766c3209f6a99545"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2dcd4f1e3115f38cefa43e3efbe9b801c27e642e"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=879f7080d7e141f415c79eaa3a8ac4a3dad0348b"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=959c59c7a0164117e7f8366466a32bb1f8d77ff1"
        },
        {
          "url": "https://github.com/advisories/GHSA-w2w6-xp88-5cvw"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2023-0464.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2023-3722.html"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0464"
        },
        {
          "url": "https://security.gentoo.org/glsa/202402-08"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230406-0006"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230406-0006/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0006"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-6039-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7894-1"
        },
        {
          "url": "https://www.couchbase.com/alerts"
        },
        {
          "url": "https://www.couchbase.com/alerts/"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5417"
        },
        {
          "url": "https://www.openssl.org/news/secadv/20230322.txt"
        }
      ],
      "published": "2023-03-22T17:15:13+00:00",
      "updated": "2025-05-05T16:15:26+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1",
          "versions": [
            {
              "version": "1:1.1.1k-15.el8_6",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1",
          "versions": [
            {
              "version": "1:1.1.1k-15.el8_6",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": "Java Runtime that executes Confluent Platform does not invoke any binaries present in the container. That assures that the vulnerable code path in the affected application is not reachable."
      }
    },
    {
      "id": "CVE-2023-0465",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "julia"
          },
          "score": 5.3,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 5.3,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 5.3,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "low"
        }
      ],
      "cwes": [
        295
      ],
      "description": "Applications that use a non-default option when verifying certificates may be\nvulnerable to an attack from a malicious CA to circumvent certain checks.\n\nInvalid certificate policies in leaf certificates are silently ignored by\nOpenSSL and other certificate policy checks are skipped for that certificate.\nA malicious CA could use this to deliberately assert invalid certificate policies\nin order to circumvent policy checking on the certificate altogether.\n\nPolicy processing is disabled by default but can be enabled by passing\nthe `-policy' argument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()' function.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2023-0465"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2023:3722"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2023-0465"
        },
        {
          "url": "https://bugzilla.redhat.com/2181082"
        },
        {
          "url": "https://bugzilla.redhat.com/2182561"
        },
        {
          "url": "https://bugzilla.redhat.com/2182565"
        },
        {
          "url": "https://bugzilla.redhat.com/2188461"
        },
        {
          "url": "https://bugzilla.redhat.com/2207947"
        },
        {
          "url": "https://errata.almalinux.org/9/ALSA-2023-3722.html"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=10325176f3d3e98c6e2b3bf5ab1e3b334de6947a"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1dd43e0709fece299b15208f36cc7c76209ba0bb"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b013765abfa80036dc779dd0e50602c57bb3bf95"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=facfb1ab745646e97a1920977ae4a9965ea61d5c"
        },
        {
          "url": "https://github.com/advisories/GHSA-77f3-6546-6rj7"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2023-0465.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2023-3722.html"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0465"
        },
        {
          "url": "https://security.gentoo.org/glsa/202402-08"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230414-0001"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230414-0001/"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-6039-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7894-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-0465"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5417"
        },
        {
          "url": "https://www.openssl.org/news/secadv/20230328.txt"
        }
      ],
      "published": "2023-03-28T15:15:06+00:00",
      "updated": "2025-02-18T21:15:13+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1",
          "versions": [
            {
              "version": "1:1.1.1k-15.el8_6",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1",
          "versions": [
            {
              "version": "1:1.1.1k-15.el8_6",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": "Java Runtime that executes Confluent Platform does not invoke any binaries present in the container. That assures that the vulnerable code path in the affected application is not reachable."
      }
    },
    {
      "id": "CVE-2023-0466",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "julia"
          },
          "score": 5.3,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 5.3,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 5.3,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "low"
        }
      ],
      "cwes": [
        295
      ],
      "description": "The function X509_VERIFY_PARAM_add0_policy() is documented to\nimplicitly enable the certificate policy check when doing certificate\nverification. However the implementation of the function does not\nenable the check which allows certificates with invalid or incorrect\npolicies to pass the certificate verification.\n\nAs suddenly enabling the policy check could break existing deployments it was\ndecided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy()\nfunction.\n\nInstead the applications that require OpenSSL to perform certificate\npolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly\nenable the policy check by calling X509_VERIFY_PARAM_set_flags() with\nthe X509_V_FLAG_POLICY_CHECK flag argument.\n\nCertificate policy checks are disabled by default in OpenSSL and are not\ncommonly used by applications.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2023-0466"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/09/28/4"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2023:3722"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2023-0466"
        },
        {
          "url": "https://bugzilla.redhat.com/2181082"
        },
        {
          "url": "https://bugzilla.redhat.com/2182561"
        },
        {
          "url": "https://bugzilla.redhat.com/2182565"
        },
        {
          "url": "https://bugzilla.redhat.com/2188461"
        },
        {
          "url": "https://bugzilla.redhat.com/2207947"
        },
        {
          "url": "https://errata.almalinux.org/9/ALSA-2023-3722.html"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0d16b7e99aafc0b4a6d729eec65a411a7e025f0a"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=51e8a84ce742db0f6c70510d0159dad8f7825908"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=73398dea26de9899fb4baa94098ad0a61f435c72"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc814a30fc4f0bc54fcea7d9a7462f5457aab061"
        },
        {
          "url": "https://github.com/advisories/GHSA-pxvj-4wx4-gv6w"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2023-0466.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2023-3722.html"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0466"
        },
        {
          "url": "https://security.gentoo.org/glsa/202402-08"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230414-0001"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230414-0001/"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-6039-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7894-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-0466"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5417"
        },
        {
          "url": "https://www.openssl.org/news/secadv/20230328.txt"
        }
      ],
      "published": "2023-03-28T15:15:06+00:00",
      "updated": "2025-02-19T18:15:22+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1",
          "versions": [
            {
              "version": "1:1.1.1k-15.el8_6",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1",
          "versions": [
            {
              "version": "1:1.1.1k-15.el8_6",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": "Java Runtime that executes Confluent Platform does not invoke any binaries present in the container. That assures that the vulnerable code path in the affected application is not reachable."
      }
    },
    {
      "id": "CVE-2023-2650",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "julia"
          },
          "score": 6.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 6.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 6.5,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        770
      ],
      "description": "Issue summary: Processing some specially crafted ASN.1 object identifiers or\ndata containing them may be very slow.\n\nImpact summary: Applications that use OBJ_obj2txt() directly, or use any of\nthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message\nsize limit may experience notable to very long delays when processing those\nmessages, which may lead to a Denial of Service.\n\nAn OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -\nmost of which have no size limit.  OBJ_obj2txt() may be used to translate\nan ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL\ntype ASN1_OBJECT) to its canonical numeric text form, which are the\nsub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by\nperiods.\n\nWhen one of the sub-identifiers in the OBJECT IDENTIFIER is very large\n(these are sizes that are seen as absurdly large, taking up tens or hundreds\nof KiBs), the translation to a decimal number in text may take a very long\ntime.  The time complexity is O(n^2) with 'n' being the size of the\nsub-identifiers in bytes (*).\n\nWith OpenSSL 3.0, support to fetch cryptographic algorithms using names /\nidentifiers in string form was introduced.  This includes using OBJECT\nIDENTIFIERs in canonical numeric text form as identifiers for fetching\nalgorithms.\n\nSuch OBJECT IDENTIFIERs may be received through the ASN.1 structure\nAlgorithmIdentifier, which is commonly used in multiple protocols to specify\nwhat cryptographic algorithm should be used to sign or verify, encrypt or\ndecrypt, or digest passed data.\n\nApplications that call OBJ_obj2txt() directly with untrusted data are\naffected, with any version of OpenSSL.  If the use is for the mere purpose\nof display, the severity is considered low.\n\nIn OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,\nCMS, CMP/CRMF or TS.  It also impacts anything that processes X.509\ncertificates, including simple things like verifying its signature.\n\nThe impact on TLS is relatively low, because all versions of OpenSSL have a\n100KiB limit on the peer's certificate chain.  Additionally, this only\nimpacts clients, or servers that have explicitly enabled client\nauthentication.\n\nIn OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,\nsuch as X.509 certificates.  This is assumed to not happen in such a way\nthat it would cause a Denial of Service, so these versions are considered\nnot affected by this issue in such a way that it would be cause for concern,\nand the severity is therefore considered low.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2023-2650"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/05/30/1"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2023:6330"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2023-2650"
        },
        {
          "url": "https://bugzilla.redhat.com/1858038"
        },
        {
          "url": "https://bugzilla.redhat.com/2207947"
        },
        {
          "url": "https://errata.almalinux.org/9/ALSA-2023-6330.html"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=423a2bc737a908ad0c77bda470b2b59dc879936b"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=853c5e56ee0b8650c73140816bb8b91d6163422c"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9e209944b35cf82368071f160a744b6178f9b098"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db779b0e10b047f2585615e0b8f2acdf21f8544a"
        },
        {
          "url": "https://github.com/advisories/GHSA-gqxg-9vfr-p9cg"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2023-2650.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2023-6330.html"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2650"
        },
        {
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0009"
        },
        {
          "url": "https://security.gentoo.org/glsa/202402-08"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230703-0001/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20231027-0009/"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-6119-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-6188-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-6672-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7894-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5417"
        },
        {
          "url": "https://www.openssl.org/news/secadv/20230530.txt"
        }
      ],
      "published": "2023-05-30T14:15:09+00:00",
      "updated": "2025-03-19T16:15:21+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1",
          "versions": [
            {
              "version": "1:1.1.1k-15.el8_6",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1",
          "versions": [
            {
              "version": "1:1.1.1k-15.el8_6",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": "Java Runtime that executes Confluent Platform\u00a0 is not linked against the vulnerable system library. That assures that the vulnerable code path in the affected library is not reachable."
      }
    },
    {
      "id": "CVE-2023-27534",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 8.8,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 3.7,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "low"
        }
      ],
      "cwes": [
        22
      ],
      "description": "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2023-27534"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2023:6679"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2023-27534"
        },
        {
          "url": "https://bugzilla.redhat.com/2179062"
        },
        {
          "url": "https://bugzilla.redhat.com/2179069"
        },
        {
          "url": "https://bugzilla.redhat.com/2179092"
        },
        {
          "url": "https://bugzilla.redhat.com/2179103"
        },
        {
          "url": "https://curl.se/docs/CVE-2023-27534.html"
        },
        {
          "url": "https://errata.almalinux.org/9/ALSA-2023-6679.html"
        },
        {
          "url": "https://hackerone.com/reports/1892351"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2023-27534.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2023-6679.html"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00016.html"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27534"
        },
        {
          "url": "https://security.gentoo.org/glsa/202310-12"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230420-0012/"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-5964-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-27534"
        }
      ],
      "published": "2023-03-30T20:15:07+00:00",
      "updated": "2025-04-23T17:16:28+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "7.61.1-34.el8_10.11",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "7.61.1-34.el8_10.11",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": "Java Runtime that executes Confluent Platform does not invoke any binaries present in the container. That assures that the vulnerable code path in the affected application is not reachable."
      }
    },
    {
      "id": "CVE-2023-29499",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 6.2,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        400
      ],
      "description": "A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2023-29499"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2024:2528"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2023-29499"
        },
        {
          "url": "https://bugzilla.redhat.com/2211827"
        },
        {
          "url": "https://bugzilla.redhat.com/2211828"
        },
        {
          "url": "https://bugzilla.redhat.com/2211829"
        },
        {
          "url": "https://bugzilla.redhat.com/2211833"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2211828"
        },
        {
          "url": "https://errata.almalinux.org/9/ALSA-2024-2528.html"
        },
        {
          "url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2794"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2023-29499.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2024-2528.html"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00030.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29499"
        },
        {
          "url": "https://security.gentoo.org/glsa/202311-18"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20231103-0001/"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-6165-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-6165-2"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-29499"
        }
      ],
      "published": "2023-09-14T20:15:09+00:00",
      "updated": "2024-11-21T07:57:10+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "2.56.4-168.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": "Java Runtime that executes Confluent Platform\u00a0 is not linked against the vulnerable system library. That assures that the vulnerable code path in the affected library is not reachable."
      }
    },
    {
      "id": "CVE-2023-32611",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 5.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 6.5,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        400
      ],
      "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2023-32611"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2024:2528"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2023-32611"
        },
        {
          "url": "https://bugzilla.redhat.com/2211827"
        },
        {
          "url": "https://bugzilla.redhat.com/2211828"
        },
        {
          "url": "https://bugzilla.redhat.com/2211829"
        },
        {
          "url": "https://bugzilla.redhat.com/2211833"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2211829"
        },
        {
          "url": "https://errata.almalinux.org/9/ALSA-2024-2528.html"
        },
        {
          "url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2797"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2023-32611.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2024-2528.html"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00030.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32611"
        },
        {
          "url": "https://security.gentoo.org/glsa/202311-18"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20231027-0005/"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-6165-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-6165-2"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-32611"
        }
      ],
      "published": "2023-09-14T20:15:09+00:00",
      "updated": "2024-11-21T08:03:41+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "2.56.4-168.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": "Java Runtime that executes Confluent Platform\u00a0 is not linked against the vulnerable system library. That assures that the vulnerable code path in the affected library is not reachable."
      }
    },
    {
      "id": "CVE-2023-32636",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 6.2,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        400,
        502
      ],
      "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2023-32636"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2024:2528"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2023-32636"
        },
        {
          "url": "https://bugzilla.redhat.com/2211827"
        },
        {
          "url": "https://bugzilla.redhat.com/2211828"
        },
        {
          "url": "https://bugzilla.redhat.com/2211829"
        },
        {
          "url": "https://bugzilla.redhat.com/2211833"
        },
        {
          "url": "https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835"
        },
        {
          "url": "https://errata.almalinux.org/9/ALSA-2024-2528.html"
        },
        {
          "url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2841"
        },
        {
          "url": "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2023-32636.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2024-2528.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20231110-0002/"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-6165-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-6165-2"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-32636"
        }
      ],
      "published": "2023-09-14T20:15:09+00:00",
      "updated": "2024-11-21T08:03:44+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "2.56.4-168.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": "Java Runtime that executes Confluent Platform\u00a0 is not linked against the vulnerable system library. That assures that the vulnerable code path in the affected library is not reachable."
      }
    },
    {
      "id": "CVE-2023-32665",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 5.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 6.5,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        400,
        502
      ],
      "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2023-32665"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2024:2528"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2023-32665"
        },
        {
          "url": "https://bugzilla.redhat.com/2211827"
        },
        {
          "url": "https://bugzilla.redhat.com/2211828"
        },
        {
          "url": "https://bugzilla.redhat.com/2211829"
        },
        {
          "url": "https://bugzilla.redhat.com/2211833"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2211827"
        },
        {
          "url": "https://errata.almalinux.org/9/ALSA-2024-2528.html"
        },
        {
          "url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2121"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2023-32665.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2024-2528.html"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00030.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32665"
        },
        {
          "url": "https://security.gentoo.org/glsa/202311-18"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240426-0006/"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-6165-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-6165-2"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-32665"
        }
      ],
      "published": "2023-09-14T20:15:09+00:00",
      "updated": "2024-11-21T08:03:48+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "2.56.4-168.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": "Java Runtime that executes Confluent Platform\u00a0 is not linked against the vulnerable system library. That assures that the vulnerable code path in the affected library is not reachable."
      }
    },
    {
      "id": "CVE-2023-39804",
      "ratings": [
        {
          "source": {
            "name": "amazon"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 3.3,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "description": "In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2023-39804"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2023-39804"
        },
        {
          "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1058079"
        },
        {
          "url": "https://git.savannah.gnu.org/cgit/tar.git/commit/?id=a339f05cd269013fa133d2f148d73f6f7d4247e4"
        },
        {
          "url": "https://git.savannah.gnu.org/cgit/tar.git/tree/src/xheader.c?h=release_1_34#n1723"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00008.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39804"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-6543-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-39804"
        }
      ],
      "published": "2024-03-27T04:15:08+00:00",
      "updated": "2025-11-04T19:15:55+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2",
          "versions": [
            {
              "version": "2:1.30-11.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": "Java Runtime that executes Confluent Platform does not invoke any binaries present in the container. That assures that the vulnerable code path in the affected application is not reachable."
      }
    },
    {
      "id": "CVE-2023-4156",
      "ratings": [
        {
          "source": {
            "name": "amazon"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 7.1,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 6.1,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        125
      ],
      "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2023-4156"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2023-4156"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215930"
        },
        {
          "url": "https://git.savannah.gnu.org/gitweb/?p=gawk.git;a=commitdiff;h=e709eb829448ce040087a3fc5481db6bfcaae212"
        },
        {
          "url": "https://mail.gnu.org/archive/html/bug-gawk/2022-08/msg00000.html"
        },
        {
          "url": "https://mail.gnu.org/archive/html/bug-gawk/2022-08/msg00023.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-6373-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-4156"
        }
      ],
      "published": "2023-09-25T18:15:11+00:00",
      "updated": "2024-11-21T08:34:30+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/gawk@4.2.1-4.el8?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "4.2.1-4.el8",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/gawk@4.2.1-4.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/gawk@4.2.1-4.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/gawk@4.2.1-4.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/gawk@4.2.1-4.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/gawk@4.2.1-4.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/gawk@4.2.1-4.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/gawk@4.2.1-4.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/gawk@4.2.1-4.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/gawk@4.2.1-4.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/gawk@4.2.1-4.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/gawk@4.2.1-4.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/gawk@4.2.1-4.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/gawk@4.2.1-4.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/gawk@4.2.1-4.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/gawk@4.2.1-4.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/gawk@4.2.1-4.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/gawk@4.2.1-4.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/gawk@4.2.1-4.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/gawk@4.2.1-4.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/gawk@4.2.1-4.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/gawk@4.2.1-4.el8?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": "Java Runtime that executes Confluent Platform does not invoke any binaries present in the container. That assures that the vulnerable code path in the affected application is not reachable."
      }
    },
    {
      "id": "CVE-2023-45322",
      "ratings": [
        {
          "source": {
            "name": "amazon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 6.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 5.9,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
        }
      ],
      "cwes": [
        416
      ],
      "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2023-45322"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/10/06/5"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2023-45322"
        },
        {
          "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344"
        },
        {
          "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-45322"
        }
      ],
      "published": "2023-10-06T22:15:11+00:00",
      "updated": "2025-11-03T21:16:01+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "2.9.7-21.el8_10.4",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2023-45803",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "ghsa"
          },
          "score": 4.2,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 4.2,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 4.2,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        200
      ],
      "description": "urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn't exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren't expecting to respond with redirects with `redirects=False` and disable automatic redirects with `redirects=False` and handle 301, 302, and 303 redirects manually by stripping the HTTP request body.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2023-45803"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2024:2132"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2023-45803"
        },
        {
          "url": "https://bugzilla.redhat.com/2246840"
        },
        {
          "url": "https://bugzilla.redhat.com/2257028"
        },
        {
          "url": "https://bugzilla.redhat.com/2257854"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246840"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45803"
        },
        {
          "url": "https://errata.almalinux.org/9/ALSA-2024-2132.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2024:11238"
        },
        {
          "url": "https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2023-212.yaml"
        },
        {
          "url": "https://github.com/urllib3/urllib3"
        },
        {
          "url": "https://github.com/urllib3/urllib3/commit/4e50fbc5db74e32cabd5ccc1ab81fc103adfe0b3"
        },
        {
          "url": "https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9"
        },
        {
          "url": "https://github.com/urllib3/urllib3/commit/b594c5ceaca38e1ac215f916538fb128e3526a36"
        },
        {
          "url": "https://github.com/urllib3/urllib3/releases/tag/1.26.18"
        },
        {
          "url": "https://github.com/urllib3/urllib3/releases/tag/2.0.7"
        },
        {
          "url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2023-45803.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2024-2988.html"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00020.html"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4R2Y5XK3WALSR3FNAGN7JBYV2B343ZKB"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4R2Y5XK3WALSR3FNAGN7JBYV2B343ZKB/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PPDPLM6UUMN55ESPQWJFLLIZY4ZKCNRX"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PPDPLM6UUMN55ESPQWJFLLIZY4ZKCNRX/"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45803"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-6473-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-6473-2"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7762-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
        },
        {
          "url": "https://www.rfc-editor.org/rfc/rfc9110.html#name-get"
        }
      ],
      "published": "2023-10-17T20:15:10+00:00",
      "updated": "2025-11-03T22:16:28+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10",
          "versions": [
            {
              "version": "9.0.3-24.el8",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10",
          "versions": [
            {
              "version": "9.0.3-24.el8",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        }
      ]
    },
    {
      "id": "CVE-2023-50495",
      "ratings": [
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 6.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 6.5,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "low"
        }
      ],
      "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2023-50495"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2023-50495"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/"
        },
        {
          "url": "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html"
        },
        {
          "url": "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240119-0008/"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-6684-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-50495"
        }
      ],
      "published": "2023-12-12T15:15:07+00:00",
      "updated": "2025-11-04T19:16:14+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10",
          "versions": [
            {
              "version": "6.1-10.20180224.el8",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "6.1-10.20180224.el8",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": "Java Runtime that executes Confluent Platform\u00a0 is not linked against the vulnerable system library. That assures that the vulnerable code path in the affected library is not reachable."
      }
    },
    {
      "id": "CVE-2024-0232",
      "ratings": [
        {
          "source": {
            "name": "bitnami"
          },
          "score": 5.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 5.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 4.7,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"
        }
      ],
      "cwes": [
        416
      ],
      "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2024-0232"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2024-0232"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243754"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240315-0007/"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-0232"
        }
      ],
      "published": "2024-01-16T14:15:48+00:00",
      "updated": "2024-11-21T08:46:06+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.26.0-20.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": "Java Runtime that executes Confluent Platform does not invoke any binaries present in the container. That assures that the vulnerable code path in the affected application is not reachable."
      }
    },
    {
      "id": "CVE-2024-0397",
      "ratings": [
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "bitnami"
          },
          "score": 7.4,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 5,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        362
      ],
      "description": "A defect was discovered in the Python \u201cssl\u201d module where there is a memory\nrace condition with the ssl.SSLContext methods \u201ccert_store_stats()\u201d and\n\u201cget_ca_certs()\u201d. The race condition can be triggered if the methods are\ncalled at the same time as certificates are loaded into the SSLContext,\nsuch as during the TLS handshake with a certificate directory configured.\nThis issue is fixed in CPython 3.10.14, 3.11.9, 3.12.3, and 3.13.0a5.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2024-0397"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/06/17/2"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2024-0397"
        },
        {
          "url": "https://github.com/python/cpython/commit/01c37f1d0714f5822d34063ca7180b595abf589d"
        },
        {
          "url": "https://github.com/python/cpython/commit/29c97287d205bf2f410f4895ebce3f43b5160524"
        },
        {
          "url": "https://github.com/python/cpython/commit/37324b421b72b7bc9934e27aba85d48d4773002e"
        },
        {
          "url": "https://github.com/python/cpython/commit/542f3272f56f31ed04e74c40635a913fbc12d286"
        },
        {
          "url": "https://github.com/python/cpython/commit/b228655c227b2ca298a8ffac44d14ce3d22f6faa"
        },
        {
          "url": "https://github.com/python/cpython/commit/bce693111bff906ccf9281c22371331aaff766ab"
        },
        {
          "url": "https://github.com/python/cpython/commit/bce693111bff906ccf9281c22371331aaff766ab"
        },
        {
          "url": "https://github.com/python/cpython/issues/114572"
        },
        {
          "url": "https://github.com/python/cpython/pull/114573"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html"
        },
        {
          "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/BMAK5BCGKYWNJOACVUSLUF6SFGBIM4VP/"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0397"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20250411-0006/"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-6928-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-0397"
        }
      ],
      "published": "2024-06-17T16:15:10+00:00",
      "updated": "2026-04-15T00:35:42+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.6.8-76.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.6.8-76.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4",
          "versions": [
            {
              "version": "3.9.25-2.module+el8.10.0+23718+1842ae33",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1",
          "versions": [
            {
              "version": "20.2.4-9.module+el8.10.0+21329+8d76b841",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1",
          "versions": [
            {
              "version": "20.2.4-9.module+el8.10.0+21329+8d76b841",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4",
          "versions": [
            {
              "version": "50.3.2-7.module+el8.10.0+23406+03055bfb",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4",
          "versions": [
            {
              "version": "3.9.25-2.module+el8.10.0+23718+1842ae33",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        }
      ]
    },
    {
      "id": "CVE-2024-0727",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "ghsa"
          },
          "score": 5.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "julia"
          },
          "score": 5.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 5.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 5.5,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "low"
        }
      ],
      "cwes": [
        476
      ],
      "description": "Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL\nto crash leading to a potential Denial of Service attack\n\nImpact summary: Applications loading files in the PKCS12 format from untrusted\nsources might terminate abruptly.\n\nA file in PKCS12 format can contain certificates and keys and may come from an\nuntrusted source. The PKCS12 specification allows certain fields to be NULL, but\nOpenSSL does not correctly check for this case. This can lead to a NULL pointer\ndereference that results in OpenSSL crashing. If an application processes PKCS12\nfiles from an untrusted source using the OpenSSL APIs then that application will\nbe vulnerable to this issue.\n\nOpenSSL APIs that are vulnerable to this are: PKCS12_parse(),\nPKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()\nand PKCS12_newpass().\n\nWe have also fixed a similar issue in SMIME_write_PKCS7(). However since this\nfunction is related to writing data we do not consider it security significant.\n\nThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2024-0727"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/03/11/1"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2024:9088"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2024-0727"
        },
        {
          "url": "https://bugzilla.redhat.com/2257571"
        },
        {
          "url": "https://bugzilla.redhat.com/2258502"
        },
        {
          "url": "https://bugzilla.redhat.com/2259944"
        },
        {
          "url": "https://bugzilla.redhat.com/2284243"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257571"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258502"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259944"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2284243"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-277137.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-331112.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-769027.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-915275.html"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6129"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6237"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0727"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1298"
        },
        {
          "url": "https://errata.almalinux.org/9/ALSA-2024-9088.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2024:9088"
        },
        {
          "url": "https://github.com/advisories/GHSA-9v9h-cgj8-h64p"
        },
        {
          "url": "https://github.com/alexcrichton/openssl-src-rs/commit/add20f73b6b42be7451af2e1044d4e0e778992b2"
        },
        {
          "url": "https://github.com/github/advisory-database/pull/3472"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c"
        },
        {
          "url": "https://github.com/openssl/openssl/pull/23362"
        },
        {
          "url": "https://github.com/pyca/cryptography/commit/3519591d255d4506fbcd0d04037d45271903c64d"
        },
        {
          "url": "https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8"
        },
        {
          "url": "https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2024-0727.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2024-9088.html"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00033.html"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00000.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0727"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240208-0006"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240208-0006/"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-6622-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-6632-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-6709-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7018-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7894-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-0727"
        },
        {
          "url": "https://www.openssl.org/news/secadv/20240125.txt"
        }
      ],
      "published": "2024-01-26T09:15:07+00:00",
      "updated": "2026-05-12T12:16:16+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1",
          "versions": [
            {
              "version": "1:1.1.1k-15.el8_6",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1",
          "versions": [
            {
              "version": "1:1.1.1k-15.el8_6",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": "Java Runtime that executes Confluent Platform does not invoke any Python code. That assures that the vulnerable code path in the affected library is not reachable. The Python libraries are only used for diagnostics."
      }
    },
    {
      "id": "CVE-2024-10524",
      "ratings": [
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "julia"
          },
          "score": 6.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 6.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L"
        }
      ],
      "cwes": [
        918
      ],
      "description": "Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2024-10524"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/11/18/6"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2024-10524"
        },
        {
          "url": "https://git.savannah.gnu.org/cgit/wget.git/commit/?id=c419542d956a2607bbce5df64b9d378a8588d778"
        },
        {
          "url": "https://github.com/advisories/GHSA-mqrm-h2pw-9j9r"
        },
        {
          "url": "https://jfrog.com/blog/cve-2024-10524-wget-zero-day-vulnerability"
        },
        {
          "url": "https://jfrog.com/blog/cve-2024-10524-wget-zero-day-vulnerability/"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10524"
        },
        {
          "url": "https://seclists.org/oss-sec/2024/q4/107"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20250321-0007"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20250321-0007/"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-10524"
        }
      ],
      "published": "2024-11-19T15:15:06+00:00",
      "updated": "2026-04-15T00:35:42+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/wget@1.19.5-12.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "1.19.5-12.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/wget@1.19.5-12.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/wget@1.19.5-12.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/wget@1.19.5-12.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/wget@1.19.5-12.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/wget@1.19.5-12.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/wget@1.19.5-12.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/wget@1.19.5-12.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/wget@1.19.5-12.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/wget@1.19.5-12.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/wget@1.19.5-12.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/wget@1.19.5-12.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/wget@1.19.5-12.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/wget@1.19.5-12.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/wget@1.19.5-12.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/wget@1.19.5-12.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/wget@1.19.5-12.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/wget@1.19.5-12.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/wget@1.19.5-12.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/wget@1.19.5-12.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2024-11053",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "julia"
          },
          "score": 3.4,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 5.9,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "low"
        }
      ],
      "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2024-11053"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/12/11/1"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2025:1671"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2024-11053"
        },
        {
          "url": "https://bugzilla.redhat.com/2294581"
        },
        {
          "url": "https://bugzilla.redhat.com/2294676"
        },
        {
          "url": "https://bugzilla.redhat.com/2301888"
        },
        {
          "url": "https://bugzilla.redhat.com/2318857"
        },
        {
          "url": "https://bugzilla.redhat.com/2318858"
        },
        {
          "url": "https://bugzilla.redhat.com/2318870"
        },
        {
          "url": "https://bugzilla.redhat.com/2318873"
        },
        {
          "url": "https://bugzilla.redhat.com/2318874"
        },
        {
          "url": "https://bugzilla.redhat.com/2318876"
        },
        {
          "url": "https://bugzilla.redhat.com/2318882"
        },
        {
          "url": "https://bugzilla.redhat.com/2318883"
        },
        {
          "url": "https://bugzilla.redhat.com/2318884"
        },
        {
          "url": "https://bugzilla.redhat.com/2318885"
        },
        {
          "url": "https://bugzilla.redhat.com/2318886"
        },
        {
          "url": "https://bugzilla.redhat.com/2318897"
        },
        {
          "url": "https://bugzilla.redhat.com/2318900"
        },
        {
          "url": "https://bugzilla.redhat.com/2318905"
        },
        {
          "url": "https://bugzilla.redhat.com/2318914"
        },
        {
          "url": "https://bugzilla.redhat.com/2318922"
        },
        {
          "url": "https://bugzilla.redhat.com/2318923"
        },
        {
          "url": "https://bugzilla.redhat.com/2318925"
        },
        {
          "url": "https://bugzilla.redhat.com/2318926"
        },
        {
          "url": "https://bugzilla.redhat.com/2318927"
        },
        {
          "url": "https://bugzilla.redhat.com/2331191"
        },
        {
          "url": "https://bugzilla.redhat.com/2339218"
        },
        {
          "url": "https://bugzilla.redhat.com/2339220"
        },
        {
          "url": "https://bugzilla.redhat.com/2339221"
        },
        {
          "url": "https://bugzilla.redhat.com/2339226"
        },
        {
          "url": "https://bugzilla.redhat.com/2339231"
        },
        {
          "url": "https://bugzilla.redhat.com/2339236"
        },
        {
          "url": "https://bugzilla.redhat.com/2339238"
        },
        {
          "url": "https://bugzilla.redhat.com/2339243"
        },
        {
          "url": "https://bugzilla.redhat.com/2339247"
        },
        {
          "url": "https://bugzilla.redhat.com/2339252"
        },
        {
          "url": "https://bugzilla.redhat.com/2339259"
        },
        {
          "url": "https://bugzilla.redhat.com/2339266"
        },
        {
          "url": "https://bugzilla.redhat.com/2339270"
        },
        {
          "url": "https://bugzilla.redhat.com/2339271"
        },
        {
          "url": "https://bugzilla.redhat.com/2339275"
        },
        {
          "url": "https://bugzilla.redhat.com/2339277"
        },
        {
          "url": "https://bugzilla.redhat.com/2339281"
        },
        {
          "url": "https://bugzilla.redhat.com/2339284"
        },
        {
          "url": "https://bugzilla.redhat.com/2339291"
        },
        {
          "url": "https://bugzilla.redhat.com/2339293"
        },
        {
          "url": "https://bugzilla.redhat.com/2339295"
        },
        {
          "url": "https://bugzilla.redhat.com/2339299"
        },
        {
          "url": "https://bugzilla.redhat.com/2339300"
        },
        {
          "url": "https://bugzilla.redhat.com/2339304"
        },
        {
          "url": "https://bugzilla.redhat.com/2339305"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294581"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294676"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301888"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318857"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318858"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318870"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318873"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318874"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318876"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318882"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318883"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318884"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318885"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318886"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318897"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318900"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318905"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318914"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318922"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318923"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318925"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318926"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318927"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331191"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339218"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339220"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339221"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339226"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339231"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339236"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339238"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339243"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339247"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339252"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339259"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339266"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339270"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339271"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339275"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339277"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339281"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339284"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339291"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339293"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339295"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339299"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339300"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339304"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339305"
        },
        {
          "url": "https://curl.se/docs/CVE-2024-11053.html"
        },
        {
          "url": "https://curl.se/docs/CVE-2024-11053.json"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21193"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21194"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21196"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21197"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21198"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21199"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21201"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21203"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21212"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21213"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21218"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21219"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21230"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21231"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21236"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21237"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21238"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21239"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21241"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21247"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37371"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5535"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21490"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21491"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21494"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21497"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21500"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21501"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21503"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21504"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21505"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21518"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21519"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21520"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21521"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21522"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21523"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21525"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21529"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21531"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21534"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21536"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21540"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21543"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21546"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21555"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21559"
        },
        {
          "url": "https://errata.almalinux.org/9/ALSA-2025-1671.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2025:1671"
        },
        {
          "url": "https://github.com/advisories/GHSA-h288-5fq8-5pfw"
        },
        {
          "url": "https://hackerone.com/reports/2829063"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2024-11053.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2025-1673.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20250124-0012"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20250124-0012/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20250131-0003"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20250131-0003/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20250131-0004"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20250131-0004/"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7162-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-11053"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujan2025.html#AppendixMSQL"
        }
      ],
      "published": "2024-12-11T08:15:05+00:00",
      "updated": "2025-11-03T21:16:04+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "7.61.1-34.el8_10.11",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "7.61.1-34.el8_10.11",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        }
      ]
    },
    {
      "id": "CVE-2024-13176",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "julia"
          },
          "score": 4.1,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 4.7,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "low"
        }
      ],
      "cwes": [
        385
      ],
      "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2024-13176"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2025/01/20/2"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2025:16046"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2024-13176"
        },
        {
          "url": "https://bugzilla.redhat.com/2359885"
        },
        {
          "url": "https://bugzilla.redhat.com/2359888"
        },
        {
          "url": "https://bugzilla.redhat.com/2359892"
        },
        {
          "url": "https://bugzilla.redhat.com/2359894"
        },
        {
          "url": "https://bugzilla.redhat.com/2359895"
        },
        {
          "url": "https://bugzilla.redhat.com/2359899"
        },
        {
          "url": "https://bugzilla.redhat.com/2359900"
        },
        {
          "url": "https://bugzilla.redhat.com/2359902"
        },
        {
          "url": "https://bugzilla.redhat.com/2359903"
        },
        {
          "url": "https://bugzilla.redhat.com/2359911"
        },
        {
          "url": "https://bugzilla.redhat.com/2359918"
        },
        {
          "url": "https://bugzilla.redhat.com/2359920"
        },
        {
          "url": "https://bugzilla.redhat.com/2359924"
        },
        {
          "url": "https://bugzilla.redhat.com/2359928"
        },
        {
          "url": "https://bugzilla.redhat.com/2359930"
        },
        {
          "url": "https://bugzilla.redhat.com/2359932"
        },
        {
          "url": "https://bugzilla.redhat.com/2359934"
        },
        {
          "url": "https://bugzilla.redhat.com/2359938"
        },
        {
          "url": "https://bugzilla.redhat.com/2359940"
        },
        {
          "url": "https://bugzilla.redhat.com/2359943"
        },
        {
          "url": "https://bugzilla.redhat.com/2359944"
        },
        {
          "url": "https://bugzilla.redhat.com/2359945"
        },
        {
          "url": "https://bugzilla.redhat.com/2359947"
        },
        {
          "url": "https://bugzilla.redhat.com/2359950"
        },
        {
          "url": "https://bugzilla.redhat.com/2359963"
        },
        {
          "url": "https://bugzilla.redhat.com/2359964"
        },
        {
          "url": "https://bugzilla.redhat.com/2359972"
        },
        {
          "url": "https://bugzilla.redhat.com/2370920"
        },
        {
          "url": "https://bugzilla.redhat.com/2380264"
        },
        {
          "url": "https://bugzilla.redhat.com/2380273"
        },
        {
          "url": "https://bugzilla.redhat.com/2380274"
        },
        {
          "url": "https://bugzilla.redhat.com/2380278"
        },
        {
          "url": "https://bugzilla.redhat.com/2380280"
        },
        {
          "url": "https://bugzilla.redhat.com/2380283"
        },
        {
          "url": "https://bugzilla.redhat.com/2380284"
        },
        {
          "url": "https://bugzilla.redhat.com/2380290"
        },
        {
          "url": "https://bugzilla.redhat.com/2380291"
        },
        {
          "url": "https://bugzilla.redhat.com/2380295"
        },
        {
          "url": "https://bugzilla.redhat.com/2380298"
        },
        {
          "url": "https://bugzilla.redhat.com/2380306"
        },
        {
          "url": "https://bugzilla.redhat.com/2380308"
        },
        {
          "url": "https://bugzilla.redhat.com/2380309"
        },
        {
          "url": "https://bugzilla.redhat.com/2380310"
        },
        {
          "url": "https://bugzilla.redhat.com/2380312"
        },
        {
          "url": "https://bugzilla.redhat.com/2380313"
        },
        {
          "url": "https://bugzilla.redhat.com/2380320"
        },
        {
          "url": "https://bugzilla.redhat.com/2380321"
        },
        {
          "url": "https://bugzilla.redhat.com/2380322"
        },
        {
          "url": "https://bugzilla.redhat.com/2380326"
        },
        {
          "url": "https://bugzilla.redhat.com/2380327"
        },
        {
          "url": "https://bugzilla.redhat.com/2380334"
        },
        {
          "url": "https://bugzilla.redhat.com/2380335"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2338999"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359885"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359888"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359892"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359894"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359895"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359899"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359900"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359902"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359903"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359911"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359918"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359920"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359924"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359928"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359930"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359932"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359934"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359938"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359940"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359943"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359944"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359945"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359947"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359950"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359963"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359964"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359972"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370920"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380264"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380273"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380274"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380278"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380280"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380283"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380284"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380290"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380291"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380295"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380298"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380306"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380308"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380309"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380310"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380312"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380313"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380320"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380321"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380322"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380326"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380327"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380334"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380335"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21574"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21575"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21577"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21579"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21580"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21581"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21584"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21585"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21588"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30681"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30682"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30683"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30684"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30685"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30687"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30688"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30689"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30693"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30695"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30696"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30699"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30703"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30704"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30705"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30715"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30721"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30722"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50077"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50078"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50079"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50080"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50081"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50082"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50083"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50084"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50085"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50086"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50087"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50088"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50091"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50092"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50093"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50094"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50096"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50097"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50098"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50099"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50100"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50101"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50102"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50104"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5399"
        },
        {
          "url": "https://errata.almalinux.org/9/ALSA-2025-16046.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2025:15699"
        },
        {
          "url": "https://github.com/advisories/GHSA-r9fv-h47r-823f"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f"
        },
        {
          "url": "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded"
        },
        {
          "url": "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2024-13176.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2025-16046.html"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176"
        },
        {
          "url": "https://openssl-library.org/news/secadv/20250120.txt"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20250124-0005"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20250124-0005/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20250418-0010"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20250418-0010/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20250502-0006"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20250502-0006/"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7264-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7278-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7894-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-13176"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuapr2025.html#AppendixMSQL"
        }
      ],
      "published": "2025-01-20T14:15:26+00:00",
      "updated": "2026-04-15T00:35:42+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1",
          "versions": [
            {
              "version": "1:1.1.1k-15.el8_6",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1",
          "versions": [
            {
              "version": "1:1.1.1k-15.el8_6",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        }
      ]
    },
    {
      "id": "CVE-2024-2236",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 5.9,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "low"
        }
      ],
      "cwes": [
        385
      ],
      "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2024-2236"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2024:9404"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2025:3530"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2025:3534"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2024-2236"
        },
        {
          "url": "https://bugzilla.redhat.com/2245218"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245218"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268268"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236"
        },
        {
          "url": "https://dev.gnupg.org/T7136"
        },
        {
          "url": "https://errata.almalinux.org/9/ALSA-2024-9404.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2024:9404"
        },
        {
          "url": "https://github.com/tomato42/marvin-toolkit/tree/master/example/libgcrypt"
        },
        {
          "url": "https://gitlab.com/redhat-crypto/libgcrypt/libgcrypt-mirror/-/merge_requests/17"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2024-2236.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2024-9404.html"
        },
        {
          "url": "https://lists.gnupg.org/pipermail/gcrypt-devel/2024-March/005607.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-2236"
        }
      ],
      "published": "2024-03-06T22:15:57+00:00",
      "updated": "2026-04-15T00:35:42+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "1.8.5-7.el8_6",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": "Java Runtime that executes Confluent Platform\u00a0 is not linked against the vulnerable system library. That assures that the vulnerable code path in the affected library is not reachable."
      }
    },
    {
      "id": "CVE-2024-2511",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "julia"
          },
          "score": 5.9,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 3.7,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "low"
        }
      ],
      "cwes": [
        1325
      ],
      "description": "Issue summary: Some non-default TLS server configurations can cause unbounded\nmemory growth when processing TLSv1.3 sessions\n\nImpact summary: An attacker may exploit certain server configurations to trigger\nunbounded memory growth that would lead to a Denial of Service\n\nThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is\nbeing used (but not if early_data support is also configured and the default\nanti-replay protection is in use). In this case, under certain conditions, the\nsession cache can get into an incorrect state and it will fail to flush properly\nas it fills. The session cache will continue to grow in an unbounded manner. A\nmalicious client could deliberately create the scenario for this failure to\nforce a Denial of Service. It may also happen by accident in normal operation.\n\nThis issue only affects TLS servers supporting TLSv1.3. It does not affect TLS\nclients.\n\nThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL\n1.0.2 is also not affected by this issue.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2024-2511"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/04/08/5"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2024:9333"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2024-2511"
        },
        {
          "url": "https://bugzilla.redhat.com/2274020"
        },
        {
          "url": "https://bugzilla.redhat.com/2281029"
        },
        {
          "url": "https://bugzilla.redhat.com/2283757"
        },
        {
          "url": "https://bugzilla.redhat.com/2294581"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274020"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281029"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2283757"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294581"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-354112.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-398330.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-613116.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-769027.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-915275.html"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2511"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4603"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4741"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5535"
        },
        {
          "url": "https://errata.almalinux.org/9/ALSA-2024-9333.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2024:9333"
        },
        {
          "url": "https://github.com/advisories/GHSA-299c-jvhc-gxj8"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08"
        },
        {
          "url": "https://github.openssl.org/openssl/extended-releases/commit/5f8d25770ae6437db119dfc951e207271a326640"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2024-2511.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2024-9333.html"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00033.html"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00000.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2511"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240503-0013"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240503-0013/"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-6937-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7894-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-2511"
        },
        {
          "url": "https://www.openssl.org/news/secadv/20240408.txt"
        },
        {
          "url": "https://www.openssl.org/news/vulnerabilities.html"
        }
      ],
      "published": "2024-04-08T14:15:07+00:00",
      "updated": "2026-05-12T12:16:33+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1",
          "versions": [
            {
              "version": "1:1.1.1k-15.el8_6",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1",
          "versions": [
            {
              "version": "1:1.1.1k-15.el8_6",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": "Java Runtime that executes Confluent Platform does not invoke any binaries present in the container. That assures that the vulnerable code path in the affected application is not reachable."
      }
    },
    {
      "id": "CVE-2024-25260",
      "ratings": [
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 4,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "low"
        }
      ],
      "cwes": [
        476
      ],
      "description": "elfutils v0.189 was discovered to contain a NULL pointer dereference via the handle_verdef() function at readelf.c.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2024-25260"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2024-25260"
        },
        {
          "url": "https://github.com/schsiung/fuzzer_issues/issues/1"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25260"
        },
        {
          "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=31058"
        },
        {
          "url": "https://sourceware.org/elfutils/"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7369-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-25260"
        }
      ],
      "published": "2024-02-20T18:15:52+00:00",
      "updated": "2025-04-25T20:42:23+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/elfutils-default-yama-scope@0.190-2.el8?arch=noarch&distro=redhat-8.10",
          "versions": [
            {
              "version": "0.190-2.el8",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/elfutils-libelf@0.190-2.el8?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "0.190-2.el8",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/elfutils-libs@0.190-2.el8?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "0.190-2.el8",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/elfutils-default-yama-scope@0.190-2.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/elfutils-libelf@0.190-2.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/elfutils-libs@0.190-2.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/elfutils-default-yama-scope@0.190-2.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/elfutils-libelf@0.190-2.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/elfutils-libs@0.190-2.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/elfutils-default-yama-scope@0.190-2.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/elfutils-libelf@0.190-2.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/elfutils-libs@0.190-2.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/elfutils-default-yama-scope@0.190-2.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/elfutils-libelf@0.190-2.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/elfutils-libs@0.190-2.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/elfutils-default-yama-scope@0.190-2.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/elfutils-libelf@0.190-2.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/elfutils-libs@0.190-2.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/elfutils-default-yama-scope@0.190-2.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/elfutils-libelf@0.190-2.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/elfutils-libs@0.190-2.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/elfutils-default-yama-scope@0.190-2.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/elfutils-libelf@0.190-2.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/elfutils-libs@0.190-2.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/elfutils-default-yama-scope@0.190-2.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/elfutils-libelf@0.190-2.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/elfutils-libs@0.190-2.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/elfutils-default-yama-scope@0.190-2.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/elfutils-libelf@0.190-2.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/elfutils-libs@0.190-2.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/elfutils-default-yama-scope@0.190-2.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/elfutils-libelf@0.190-2.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/elfutils-libs@0.190-2.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/elfutils-default-yama-scope@0.190-2.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/elfutils-libelf@0.190-2.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/elfutils-libs@0.190-2.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/elfutils-default-yama-scope@0.190-2.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/elfutils-libelf@0.190-2.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/elfutils-libs@0.190-2.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/elfutils-default-yama-scope@0.190-2.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/elfutils-libelf@0.190-2.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/elfutils-libs@0.190-2.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/elfutils-default-yama-scope@0.190-2.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/elfutils-libelf@0.190-2.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/elfutils-libs@0.190-2.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/elfutils-default-yama-scope@0.190-2.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/elfutils-libelf@0.190-2.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/elfutils-libs@0.190-2.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/elfutils-default-yama-scope@0.190-2.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/elfutils-libelf@0.190-2.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/elfutils-libs@0.190-2.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/elfutils-default-yama-scope@0.190-2.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/elfutils-libelf@0.190-2.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/elfutils-libs@0.190-2.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/elfutils-default-yama-scope@0.190-2.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/elfutils-libelf@0.190-2.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/elfutils-libs@0.190-2.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/elfutils-default-yama-scope@0.190-2.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/elfutils-libelf@0.190-2.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/elfutils-libs@0.190-2.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/elfutils-default-yama-scope@0.190-2.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/elfutils-libelf@0.190-2.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/elfutils-libs@0.190-2.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/elfutils-default-yama-scope@0.190-2.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/elfutils-libelf@0.190-2.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/elfutils-libs@0.190-2.el8?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": "Java Runtime that executes Confluent Platform\u00a0 is not linked against the vulnerable system library. That assures that the vulnerable code path in the affected library is not reachable."
      }
    },
    {
      "id": "CVE-2024-33655",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 3.7,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "low"
        }
      ],
      "cwes": [
        400
      ],
      "description": "The DNS protocol in RFC 1035 and updates allows remote attackers to cause a denial of service (resource consumption) by arranging for DNS queries to be accumulated for seconds, such that responses are later sent in a pulsing burst (which can be considered traffic amplification in some cases), aka the \"DNSBomb\" issue.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2024-33655"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:18931"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2024-33655"
        },
        {
          "url": "https://alas.aws.amazon.com/ALAS-2024-1934.html"
        },
        {
          "url": "https://bugzilla.redhat.com/2279942"
        },
        {
          "url": "https://bugzilla.redhat.com/2405706"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279942"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2405706"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33655"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11411"
        },
        {
          "url": "https://datatracker.ietf.org/doc/html/rfc1035"
        },
        {
          "url": "https://errata.almalinux.org/9/ALSA-2026-18931.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2026:18556"
        },
        {
          "url": "https://github.com/NLnetLabs/unbound/commit/c3206f4568f60c486be6d165b1f2b5b254fea3de"
        },
        {
          "url": "https://github.com/TechnitiumSoftware/DnsServer/blob/master/CHANGELOG.md#version-120"
        },
        {
          "url": "https://gitlab.isc.org/isc-projects/bind9/-/issues/4398"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00019.html"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3TBXPRJ2Q235YUZKYDRWOSYNDFBJQWJ3/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QITY2QBX2OCBTZIXD2A5ES62STFIA4AL/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3TBXPRJ2Q235YUZKYDRWOSYNDFBJQWJ3/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QITY2QBX2OCBTZIXD2A5ES62STFIA4AL/"
        },
        {
          "url": "https://meterpreter.org/researchers-uncover-dnsbomb-a-new-pdos-attack-exploiting-legitimate-dns-features/"
        },
        {
          "url": "https://nlnetlabs.nl/downloads/unbound/CVE-2024-33655.txt"
        },
        {
          "url": "https://nlnetlabs.nl/projects/unbound/security-advisories/"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33655"
        },
        {
          "url": "https://sp2024.ieee-security.org/accepted-papers.html"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-6791-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-33655"
        },
        {
          "url": "https://www.isc.org/blogs/2024-dnsbomb/"
        },
        {
          "url": "https://www.nlnetlabs.nl/news/2024/May/08/unbound-1.20.0-released/"
        }
      ],
      "published": "2024-06-06T17:15:51+00:00",
      "updated": "2026-04-15T00:35:42+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "1.16.2-5.9.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "1.16.2-5.9.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": "Java Runtime that executes Confluent Platform\u00a0 is not linked against the vulnerable system library. That assures that the vulnerable code path in the affected library is not reachable."
      }
    },
    {
      "id": "CVE-2024-34459",
      "ratings": [
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 5.5,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "low"
        }
      ],
      "cwes": [
        122
      ],
      "description": "An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2024-34459"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2024-34459"
        },
        {
          "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/720"
        },
        {
          "url": "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8"
        },
        {
          "url": "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34459"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7240-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7302-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-34459"
        }
      ],
      "published": "2024-05-14T15:39:11+00:00",
      "updated": "2025-11-04T22:16:01+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "2.9.7-21.el8_10.4",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": "Java Runtime that executes Confluent Platform\u00a0 is not linked against the vulnerable system library. That assures that the vulnerable code path in the affected library is not reachable."
      }
    },
    {
      "id": "CVE-2024-41996",
      "ratings": [
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 5.9,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
        }
      ],
      "cwes": [
        295
      ],
      "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2024-41996"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2024-41996"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-089022.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-485750.html"
        },
        {
          "url": "https://dheatattack.gitlab.io/details/"
        },
        {
          "url": "https://dheatattack.gitlab.io/faq/"
        },
        {
          "url": "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1"
        },
        {
          "url": "https://github.com/openssl/openssl/issues/17374"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996"
        },
        {
          "url": "https://openssl-library.org/post/2022-10-21-tls-groups-configuration/"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-41996"
        }
      ],
      "published": "2024-08-26T06:15:04+00:00",
      "updated": "2026-05-12T12:17:03+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1",
          "versions": [
            {
              "version": "1:1.1.1k-15.el8_6",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1",
          "versions": [
            {
              "version": "1:1.1.1k-15.el8_6",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": "Java Runtime that executes Confluent                  Platform does not invoke any binaries present in the container. That                 assures that the vulnerable code path in the affected application is not reachable."
      }
    },
    {
      "id": "CVE-2024-43167",
      "ratings": [
        {
          "source": {
            "name": "amazon"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 2.8,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        476
      ],
      "description": "DISPUTE NOTE: this issue does not pose a security risk as it (according to analysis by the original software developer, NLnet Labs) falls within the expected functionality and security controls of the application. Red Hat has made a claim that there is a security risk within Red Hat products. NLnet Labs has no further information about the claim, and suggests that affected Red Hat customers refer to available Red Hat documentation or support channels. ORIGINAL DESCRIPTION: A NULL pointer dereference flaw was found in the ub_ctx_set_fwd function in Unbound. This issue could allow an attacker who can invoke specific sequences of API calls to cause a segmentation fault. When certain API functions such as ub_ctx_set_fwd and ub_ctx_resolvconf are called in a particular order, the program attempts to read from a NULL pointer, leading to a crash. This issue can result in a denial of service by causing the application to terminate unexpectedly.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2024-43167"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/08/16/6"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2024-43167"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2303456"
        },
        {
          "url": "https://github.com/NLnetLabs/unbound/issues/1072"
        },
        {
          "url": "https://github.com/NLnetLabs/unbound/pull/1073"
        },
        {
          "url": "https://github.com/NLnetLabs/unbound/pull/1073/files"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00046.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43167"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-6998-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-43167"
        }
      ],
      "published": "2024-08-12T13:38:35+00:00",
      "updated": "2026-04-15T00:35:42+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "1.16.2-5.9.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "1.16.2-5.9.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": "Java Runtime that executes Confluent Platform does not invoke any binaries present in the container. That assures that the vulnerable code path in the affected application is not reachable."
      }
    },
    {
      "id": "CVE-2024-43168",
      "ratings": [
        {
          "source": {
            "name": "amazon"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 4.8,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        122
      ],
      "description": "DISPUTE NOTE: this issue does not pose a security risk as it (according to analysis by the original software developer, NLnet Labs) falls within the expected functionality and security controls of the application. Red Hat has made a claim that there is a security risk within Red Hat products. NLnet Labs has no further information about the claim, and suggests that affected Red Hat customers refer to available Red Hat documentation or support channels. ORIGINAL DESCRIPTION: A heap-buffer-overflow flaw was found in the cfg_mark_ports function within Unbound's config_file.c, which can lead to memory corruption. This issue could allow an attacker with local access to provide specially crafted input, potentially causing the application to crash or allowing arbitrary code execution. This could result in a denial of service or unauthorized actions on the system.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2024-43168"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2024-43168"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2303462"
        },
        {
          "url": "https://github.com/NLnetLabs/unbound/issues/1039"
        },
        {
          "url": "https://github.com/NLnetLabs/unbound/pull/1040"
        },
        {
          "url": "https://github.com/NLnetLabs/unbound/pull/1040/files"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00046.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43168"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-6998-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-43168"
        }
      ],
      "published": "2024-08-12T13:38:36+00:00",
      "updated": "2026-04-15T00:35:42+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "1.16.2-5.9.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "1.16.2-5.9.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": "Java Runtime that executes Confluent Platform does not invoke any binaries present in the container. That assures that the vulnerable code path in the affected application is not reachable."
      }
    },
    {
      "id": "CVE-2024-4741",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "julia"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 5.6,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "low"
        }
      ],
      "cwes": [
        416
      ],
      "description": "Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause\nmemory to be accessed that was previously freed in some situations\n\nImpact summary: A use after free can have a range of potential consequences such\nas the corruption of valid data, crashes or execution of arbitrary code.\nHowever, only applications that directly call the SSL_free_buffers function are\naffected by this issue. Applications that do not call this function are not\nvulnerable. Our investigations indicate that this function is rarely used by\napplications.\n\nThe SSL_free_buffers function is used to free the internal OpenSSL buffer used\nwhen processing an incoming record from the network. The call is only expected\nto succeed if the buffer is not currently in use. However, two scenarios have\nbeen identified where the buffer is freed even when still in use.\n\nThe first scenario occurs where a record header has been received from the\nnetwork and processed by OpenSSL, but the full record body has not yet arrived.\nIn this case calling SSL_free_buffers will succeed even though a record has only\nbeen partially processed and the buffer is still in use.\n\nThe second scenario occurs where a full record containing application data has\nbeen received and processed by OpenSSL but the application has only read part of\nthis data. Again a call to SSL_free_buffers will succeed even though the buffer\nis still in use.\n\nWhile these scenarios could occur accidentally during normal operation a\nmalicious attacker could attempt to engineer a stituation where this occurs.\nWe are not aware of this issue being actively exploited.\n\nThe FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2024-4741"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2024:9333"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2024-4741"
        },
        {
          "url": "https://bugzilla.redhat.com/2274020"
        },
        {
          "url": "https://bugzilla.redhat.com/2281029"
        },
        {
          "url": "https://bugzilla.redhat.com/2283757"
        },
        {
          "url": "https://bugzilla.redhat.com/2294581"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274020"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281029"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2283757"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294581"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2511"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4603"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4741"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5535"
        },
        {
          "url": "https://errata.almalinux.org/9/ALSA-2024-9333.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2024:9333"
        },
        {
          "url": "https://github.com/advisories/GHSA-6vgq-8qjq-h578"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/704f725b96aa373ee45ecfb23f6abfe8be8d9177"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/b3f0eb0a295f58f16ba43ba99dad70d4ee5c437d"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/c88c3de51020c37e8706bf7a682a162593053aac"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/e5093133c35ca82874ad83697af76f4b0f7e3bd8"
        },
        {
          "url": "https://github.openssl.org/openssl/extended-releases/commit/f7a045f3143fc6da2ee66bf52d8df04829590dd4"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2024-4741.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2024-9333.html"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00033.html"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00000.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4741"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0004"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0004/"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-6937-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7894-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-4741"
        },
        {
          "url": "https://www.openssl.org/news/secadv/20240528.txt"
        }
      ],
      "published": "2024-11-13T11:15:04+00:00",
      "updated": "2026-04-15T00:35:42+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1",
          "versions": [
            {
              "version": "1:1.1.1k-15.el8_6",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1",
          "versions": [
            {
              "version": "1:1.1.1k-15.el8_6",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": "Java Runtime that executes Confluent Platform does not invoke any binaries present in the container. That assures that the vulnerable code path in the affected application is not reachable."
      }
    },
    {
      "id": "CVE-2024-56433",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 3.6,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "low"
        }
      ],
      "cwes": [
        1188
      ],
      "description": "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2024-56433"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2025:20559"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2024-56433"
        },
        {
          "url": "https://bugzilla.redhat.com/2334165"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2334165"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56433"
        },
        {
          "url": "https://errata.almalinux.org/9/ALSA-2025-20559.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2025:20145"
        },
        {
          "url": "https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241"
        },
        {
          "url": "https://github.com/shadow-maint/shadow/issues/1157"
        },
        {
          "url": "https://github.com/shadow-maint/shadow/releases/tag/4.4"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2024-56433.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2025-20559-0.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56433"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-56433"
        }
      ],
      "published": "2024-12-26T09:15:07+00:00",
      "updated": "2026-04-15T00:35:42+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/shadow-utils@4.6-23.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2",
          "versions": [
            {
              "version": "2:4.6-23.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/shadow-utils@4.6-23.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/shadow-utils@4.6-23.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/shadow-utils@4.6-23.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/shadow-utils@4.6-23.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/shadow-utils@4.6-23.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/shadow-utils@4.6-23.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/shadow-utils@4.6-23.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/shadow-utils@4.6-23.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/shadow-utils@4.6-23.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/shadow-utils@4.6-23.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/shadow-utils@4.6-23.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/shadow-utils@4.6-23.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/shadow-utils@4.6-23.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/shadow-utils@4.6-23.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/shadow-utils@4.6-23.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/shadow-utils@4.6-23.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/shadow-utils@4.6-23.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/shadow-utils@4.6-23.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/shadow-utils@4.6-23.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/shadow-utils@4.6-23.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/shadow-utils@4.6-23.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2024-57970",
      "ratings": [
        {
          "source": {
            "name": "julia"
          },
          "score": 4,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 4,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        126
      ],
      "description": "libarchive through 3.7.7 has a heap-based buffer over-read in header_gnu_longlink in archive_read_support_format_tar.c via a TAR archive because it mishandles truncation in the middle of a GNU long linkname.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2024-57970"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2024-57970"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345954"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57970"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2025:7510"
        },
        {
          "url": "https://github.com/advisories/GHSA-2q66-6w43-8rm9"
        },
        {
          "url": "https://github.com/libarchive/libarchive/issues/2415"
        },
        {
          "url": "https://github.com/libarchive/libarchive/pull/2422"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2024-57970.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2025-7510.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57970"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-57970"
        }
      ],
      "published": "2025-02-16T04:15:21+00:00",
      "updated": "2026-04-15T00:35:42+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.3.3-7.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2024-7264",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 6.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 5.3,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        125
      ],
      "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2024-7264"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/07/31/1"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2025:1671"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2024-7264"
        },
        {
          "url": "https://bugzilla.redhat.com/2294581"
        },
        {
          "url": "https://bugzilla.redhat.com/2294676"
        },
        {
          "url": "https://bugzilla.redhat.com/2301888"
        },
        {
          "url": "https://bugzilla.redhat.com/2318857"
        },
        {
          "url": "https://bugzilla.redhat.com/2318858"
        },
        {
          "url": "https://bugzilla.redhat.com/2318870"
        },
        {
          "url": "https://bugzilla.redhat.com/2318873"
        },
        {
          "url": "https://bugzilla.redhat.com/2318874"
        },
        {
          "url": "https://bugzilla.redhat.com/2318876"
        },
        {
          "url": "https://bugzilla.redhat.com/2318882"
        },
        {
          "url": "https://bugzilla.redhat.com/2318883"
        },
        {
          "url": "https://bugzilla.redhat.com/2318884"
        },
        {
          "url": "https://bugzilla.redhat.com/2318885"
        },
        {
          "url": "https://bugzilla.redhat.com/2318886"
        },
        {
          "url": "https://bugzilla.redhat.com/2318897"
        },
        {
          "url": "https://bugzilla.redhat.com/2318900"
        },
        {
          "url": "https://bugzilla.redhat.com/2318905"
        },
        {
          "url": "https://bugzilla.redhat.com/2318914"
        },
        {
          "url": "https://bugzilla.redhat.com/2318922"
        },
        {
          "url": "https://bugzilla.redhat.com/2318923"
        },
        {
          "url": "https://bugzilla.redhat.com/2318925"
        },
        {
          "url": "https://bugzilla.redhat.com/2318926"
        },
        {
          "url": "https://bugzilla.redhat.com/2318927"
        },
        {
          "url": "https://bugzilla.redhat.com/2331191"
        },
        {
          "url": "https://bugzilla.redhat.com/2339218"
        },
        {
          "url": "https://bugzilla.redhat.com/2339220"
        },
        {
          "url": "https://bugzilla.redhat.com/2339221"
        },
        {
          "url": "https://bugzilla.redhat.com/2339226"
        },
        {
          "url": "https://bugzilla.redhat.com/2339231"
        },
        {
          "url": "https://bugzilla.redhat.com/2339236"
        },
        {
          "url": "https://bugzilla.redhat.com/2339238"
        },
        {
          "url": "https://bugzilla.redhat.com/2339243"
        },
        {
          "url": "https://bugzilla.redhat.com/2339247"
        },
        {
          "url": "https://bugzilla.redhat.com/2339252"
        },
        {
          "url": "https://bugzilla.redhat.com/2339259"
        },
        {
          "url": "https://bugzilla.redhat.com/2339266"
        },
        {
          "url": "https://bugzilla.redhat.com/2339270"
        },
        {
          "url": "https://bugzilla.redhat.com/2339271"
        },
        {
          "url": "https://bugzilla.redhat.com/2339275"
        },
        {
          "url": "https://bugzilla.redhat.com/2339277"
        },
        {
          "url": "https://bugzilla.redhat.com/2339281"
        },
        {
          "url": "https://bugzilla.redhat.com/2339284"
        },
        {
          "url": "https://bugzilla.redhat.com/2339291"
        },
        {
          "url": "https://bugzilla.redhat.com/2339293"
        },
        {
          "url": "https://bugzilla.redhat.com/2339295"
        },
        {
          "url": "https://bugzilla.redhat.com/2339299"
        },
        {
          "url": "https://bugzilla.redhat.com/2339300"
        },
        {
          "url": "https://bugzilla.redhat.com/2339304"
        },
        {
          "url": "https://bugzilla.redhat.com/2339305"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294581"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294676"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301888"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318857"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318858"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318870"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318873"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318874"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318876"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318882"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318883"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318884"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318885"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318886"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318897"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318900"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318905"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318914"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318922"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318923"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318925"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318926"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318927"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331191"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339218"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339220"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339221"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339226"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339231"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339236"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339238"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339243"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339247"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339252"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339259"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339266"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339270"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339271"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339275"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339277"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339281"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339284"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339291"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339293"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339295"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339299"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339300"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339304"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339305"
        },
        {
          "url": "https://curl.se/docs/CVE-2024-7264.html"
        },
        {
          "url": "https://curl.se/docs/CVE-2024-7264.json"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21193"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21194"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21196"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21197"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21198"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21199"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21201"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21203"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21212"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21213"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21218"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21219"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21230"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21231"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21236"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21237"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21238"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21239"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21241"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21247"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37371"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5535"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21490"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21491"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21494"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21497"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21500"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21501"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21503"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21504"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21505"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21518"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21519"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21520"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21521"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21522"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21523"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21525"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21529"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21531"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21534"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21536"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21540"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21543"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21546"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21555"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21559"
        },
        {
          "url": "https://errata.almalinux.org/9/ALSA-2025-1671.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2025:1671"
        },
        {
          "url": "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519"
        },
        {
          "url": "https://hackerone.com/reports/2629968"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2024-7264.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2025-1673.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240828-0008/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20241025-0006/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20241025-0010/"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-6944-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-6944-2"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-7264"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL"
        }
      ],
      "published": "2024-07-31T08:15:02+00:00",
      "updated": "2025-11-03T23:17:31+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "7.61.1-34.el8_10.11",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "7.61.1-34.el8_10.11",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2024-7592",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "bitnami"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 4.8,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "low"
        }
      ],
      "cwes": [
        400,
        1333
      ],
      "description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2024-7592"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2025:3634"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2024-7592"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2305879"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7592"
        },
        {
          "url": "https://errata.almalinux.org/9/ALSA-2025-3634.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2025:3634"
        },
        {
          "url": "https://github.com/python/cpython/commit/391e5626e3ee5af267b97e37abc7475732e67621"
        },
        {
          "url": "https://github.com/python/cpython/commit/44e458357fca05ca0ae2658d62c8c595b048b5ef"
        },
        {
          "url": "https://github.com/python/cpython/commit/a77ab24427a18bff817025adb03ca920dc3f1a06"
        },
        {
          "url": "https://github.com/python/cpython/commit/b2f11ca7667e4d57c71c1c88b255115f16042d9a"
        },
        {
          "url": "https://github.com/python/cpython/commit/d4ac921a4b081f7f996a5d2b101684b67ba0ed7f"
        },
        {
          "url": "https://github.com/python/cpython/commit/d662e2db2605515a767f88ad48096b8ac623c774"
        },
        {
          "url": "https://github.com/python/cpython/commit/dcc3eaef98cd94d6cb6cb0f44bd1c903d04f33b1"
        },
        {
          "url": "https://github.com/python/cpython/issues/123067"
        },
        {
          "url": "https://github.com/python/cpython/pull/123075"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2024-7592.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2025-3634.html"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html"
        },
        {
          "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7592"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20241018-0006/"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7015-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7015-2"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-7592"
        }
      ],
      "published": "2024-08-19T19:15:08+00:00",
      "updated": "2025-11-03T23:17:31+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.6.8-76.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.6.8-76.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4",
          "versions": [
            {
              "version": "3.9.25-2.module+el8.10.0+23718+1842ae33",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1",
          "versions": [
            {
              "version": "20.2.4-9.module+el8.10.0+21329+8d76b841",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1",
          "versions": [
            {
              "version": "20.2.4-9.module+el8.10.0+21329+8d76b841",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4",
          "versions": [
            {
              "version": "50.3.2-7.module+el8.10.0+23406+03055bfb",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4",
          "versions": [
            {
              "version": "3.9.25-2.module+el8.10.0+23718+1842ae33",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": "Temurin JVM binary is not linked against freetype library:\n$ ldd /usr/lib/jvm/temurin-17-jre/bin/java\nlinux-vdso.so.1 (0x0000ffff8cd00000)\nlibjli.so => /usr/lib/jvm/temurin-17-jre/bin/../lib/libjli.so (0x0000ffff8cc70000)\nlibpthread.so.0 => /lib64/libpthread.so.0 (0x0000ffff8cc3b000)\nlibdl.so.2 => /lib64/libdl.so.2 (0x0000ffff8cc1a000)\nlibc.so.6 => /lib64/libc.so.6 (0x0000ffff8caa4000)\n/lib/ld-linux-aarch64.so.1 (0x0000ffff8ccc2000)"
      }
    },
    {
      "id": "CVE-2025-11411",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 6.1,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        349
      ],
      "description": "NLnet Labs Unbound up to and including version 1.24.1 is vulnerable to possible domain hijack attacks. Promiscuous NS RRSets that complement positive DNS replies in the authority section can be used to trick resolvers to update their delegation information for the zone. Usually these RRSets are used to update the resolver's knowledge of the zone's name servers. A malicious actor can exploit the possible poisonous effect by injecting NS RRSets (and possibly their respective address records) in a reply. This could be done for example by trying to spoof a packet or fragmentation attacks. Unbound would then proceed to update the NS RRSet data it already has since the new data has enough trust for it, i.e., in-zone data for the delegation point. Unbound 1.24.1 includes a fix that scrubs unsolicited NS RRSets (and their respective address records) from replies mitigating the possible poison effect. Unbound 1.24.2 includes an additional fix that scrubs unsolicited NS RRSets (and their respective address records) from YXDOMAIN and non-referral nodata replies, further mitigating the possible poison effect.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2025-11411"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2025/11/26/4"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:18931"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2025-11411"
        },
        {
          "url": "https://bugzilla.redhat.com/2279942"
        },
        {
          "url": "https://bugzilla.redhat.com/2405706"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279942"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2405706"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33655"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11411"
        },
        {
          "url": "https://errata.almalinux.org/9/ALSA-2026-18931.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2026:18556"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2025/11/msg00008.html"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2025/11/msg00032.html"
        },
        {
          "url": "https://nlnetlabs.nl/news/2025/Nov/26/unbound-1.24.2-released/"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11411"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7855-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7855-2"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-11411"
        },
        {
          "url": "https://www.nlnetlabs.nl/downloads/unbound/CVE-2025-11411.txt"
        }
      ],
      "published": "2025-10-22T13:15:29+00:00",
      "updated": "2026-04-15T00:35:42+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "1.16.2-5.9.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "1.16.2-5.9.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2025-11468",
      "ratings": [
        {
          "source": {
            "name": "amazon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 4.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        93
      ],
      "description": "When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2025-11468"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2025-11468"
        },
        {
          "url": "https://github.com/python/cpython/commit/003b8315669b9f08b1010a49071f73f15f818094"
        },
        {
          "url": "https://github.com/python/cpython/commit/17d1490aa97bd6b98a42b1a9b324ead84e7fd8a2"
        },
        {
          "url": "https://github.com/python/cpython/commit/61614a5e5056e4f61ced65008d4576f3df34acb6"
        },
        {
          "url": "https://github.com/python/cpython/commit/a76e4cd62dd68e7cbe86e37e6ed988495a646b66"
        },
        {
          "url": "https://github.com/python/cpython/commit/e9970f077240c7c670e8a6fc6662f2b30d3b6ad0"
        },
        {
          "url": "https://github.com/python/cpython/commit/f738386838021c762efea6c9802c82de65e87796"
        },
        {
          "url": "https://github.com/python/cpython/issues/143935"
        },
        {
          "url": "https://github.com/python/cpython/pull/143936"
        },
        {
          "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/FELSEOLBI2QR6YLG6Q7VYF7FWSGQTKLI/"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11468"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8018-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-11468"
        }
      ],
      "published": "2026-01-20T22:15:50+00:00",
      "updated": "2026-04-15T00:35:42+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.6.8-76.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.6.8-76.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2025-11961",
      "ratings": [
        {
          "source": {
            "name": "azure"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 1.9,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N"
        }
      ],
      "cwes": [
        122,
        126
      ],
      "description": "pcap_ether_aton() is an auxiliary function in libpcap, it takes a string argument and returns a fixed-size allocated buffer.  The string argument must be a well-formed MAC-48 address in one of the supported formats, but this requirement has been poorly documented.  If an application calls the function with an argument that deviates from the expected format, the function can read data beyond the end of the provided string and write data beyond the end of the allocated buffer.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2025-11961"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2025-11961"
        },
        {
          "url": "https://github.com/the-tcpdump-group/libpcap/commit/b2d2f9a9a0581c40780bde509f7cc715920f1c02"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11961"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-11961"
        }
      ],
      "published": "2025-12-31T01:15:54+00:00",
      "updated": "2026-04-15T00:35:42+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/libpcap@1.9.1-5.el8?arch=x86_64&distro=redhat-8.10&epoch=14",
          "versions": [
            {
              "version": "14:1.9.1-5.el8",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libpcap@1.9.1-5.el8?arch=x86_64&distro=redhat-8.10&epoch=14"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libpcap@1.9.1-5.el8?arch=x86_64&distro=redhat-8.10&epoch=14"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libpcap@1.9.1-5.el8?arch=x86_64&distro=redhat-8.10&epoch=14"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libpcap@1.9.1-5.el8?arch=x86_64&distro=redhat-8.10&epoch=14"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libpcap@1.9.1-5.el8?arch=x86_64&distro=redhat-8.10&epoch=14"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libpcap@1.9.1-5.el8?arch=x86_64&distro=redhat-8.10&epoch=14"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libpcap@1.9.1-5.el8?arch=x86_64&distro=redhat-8.10&epoch=14"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libpcap@1.9.1-5.el8?arch=x86_64&distro=redhat-8.10&epoch=14"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libpcap@1.9.1-5.el8?arch=x86_64&distro=redhat-8.10&epoch=14"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libpcap@1.9.1-5.el8?arch=x86_64&distro=redhat-8.10&epoch=14"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libpcap@1.9.1-5.el8?arch=x86_64&distro=redhat-8.10&epoch=14"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libpcap@1.9.1-5.el8?arch=x86_64&distro=redhat-8.10&epoch=14"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libpcap@1.9.1-5.el8?arch=x86_64&distro=redhat-8.10&epoch=14"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libpcap@1.9.1-5.el8?arch=x86_64&distro=redhat-8.10&epoch=14"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libpcap@1.9.1-5.el8?arch=x86_64&distro=redhat-8.10&epoch=14"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libpcap@1.9.1-5.el8?arch=x86_64&distro=redhat-8.10&epoch=14"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libpcap@1.9.1-5.el8?arch=x86_64&distro=redhat-8.10&epoch=14"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libpcap@1.9.1-5.el8?arch=x86_64&distro=redhat-8.10&epoch=14"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libpcap@1.9.1-5.el8?arch=x86_64&distro=redhat-8.10&epoch=14"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2025-12781",
      "ratings": [
        {
          "source": {
            "name": "nvd"
          },
          "score": 5.3,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 5.3,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
        }
      ],
      "cwes": [
        704
      ],
      "description": "When passing data to the b64decode(), standard_b64decode(), and urlsafe_b64decode() functions in the \"base64\" module the characters \"+/\" will always be accepted, regardless of the value of \"altchars\" parameter, typically used to establish an \"alternative base64 alphabet\" such as the URL safe alphabet. This behavior matches what is recommended in earlier base64 RFCs, but newer RFCs now recommend either dropping characters outside the specified base64 alphabet or raising an error. The old behavior has the possibility of causing data integrity issues.\n\n\n\n\nThis behavior can only be insecure if your application uses an alternate base64 alphabet (without \"+/\"). If your application does not use the \"altchars\" parameter or the urlsafe_b64decode() function, then your application does not use an alternative base64 alphabet.\n\n\n\n\nThe attached patches DOES NOT make the base64-decode behavior raise an error, as this would be a change in behavior and break existing programs. Instead, the patch deprecates the behavior which will be replaced with the newly recommended behavior in a future version of Python.\u00a0Users are recommended to mitigate by verifying user-controlled inputs match the base64 \nalphabet they are expecting or verify that their application would not be \naffected if the b64decode() functions accepted \"+\" or \"/\" outside of altchars.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2025-12781"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2025-12781"
        },
        {
          "url": "https://github.com/python/cpython/commit/13360efd385d1a7d0659beba03787ea3d063ef9b"
        },
        {
          "url": "https://github.com/python/cpython/commit/1be80bec7960f5ccd059e75f3dfbd45fca302947"
        },
        {
          "url": "https://github.com/python/cpython/commit/9060b4abbe475591b6230b23c2afefeff26fcca5"
        },
        {
          "url": "https://github.com/python/cpython/commit/e95e783dff443b68e8179fdb57737025bf02ba76"
        },
        {
          "url": "https://github.com/python/cpython/commit/fd17ee026fa9b67f6288cbafe374a3e479fe03a5"
        },
        {
          "url": "https://github.com/python/cpython/issues/125346"
        },
        {
          "url": "https://github.com/python/cpython/pull/141128"
        },
        {
          "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/KRI7GC6S27YV5NJ4FPDALS2WI5ENAFJ6/"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12781"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-12781"
        }
      ],
      "published": "2026-01-21T20:16:04+00:00",
      "updated": "2026-02-02T17:25:23+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.6.8-76.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.6.8-76.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2025-13034",
      "ratings": [
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "julia"
          },
          "score": 5.9,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 6.8,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        295
      ],
      "description": "When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `--pinnedpubkey`\nwith the curl tool,curl should check the public key of the server certificate\nto verify the peer.\n\nThis check was skipped in a certain condition that would then make curl allow\nthe connection without performing the proper check, thus not noticing a\npossible impostor. To skip this check, the connection had to be done with QUIC\nwith ngtcp2 built to use GnuTLS and the user had to explicitly disable the\nstandard certificate verification.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2025-13034"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2025-13034"
        },
        {
          "url": "https://curl.se/docs/CVE-2025-13034.html"
        },
        {
          "url": "https://curl.se/docs/CVE-2025-13034.json"
        },
        {
          "url": "https://github.com/advisories/GHSA-9r76-qj98-jfhc"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13034"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8062-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-13034"
        }
      ],
      "published": "2026-01-08T10:15:45+00:00",
      "updated": "2026-01-20T14:54:02+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "7.61.1-34.el8_10.11",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "7.61.1-34.el8_10.11",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2025-13151",
      "ratings": [
        {
          "source": {
            "name": "amazon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 5.9,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        787
      ],
      "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2025-13151"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2026/01/08/5"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2025-13151"
        },
        {
          "url": "https://gitlab.com/gnutls/libtasn1"
        },
        {
          "url": "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7954-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7954-2"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-13151"
        },
        {
          "url": "https://www.kb.cert.org/vuls/id/271649"
        }
      ],
      "published": "2026-01-07T22:15:43+00:00",
      "updated": "2026-02-02T19:27:23+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "4.13-5.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2025-13837",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 5.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 5.9,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        400
      ],
      "description": "When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2025-13837"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:19177"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2025-13837"
        },
        {
          "url": "https://bugzilla.redhat.com/2395108"
        },
        {
          "url": "https://bugzilla.redhat.com/2408891"
        },
        {
          "url": "https://bugzilla.redhat.com/2418084"
        },
        {
          "url": "https://bugzilla.redhat.com/2431366"
        },
        {
          "url": "https://bugzilla.redhat.com/2431374"
        },
        {
          "url": "https://bugzilla.redhat.com/2444691"
        },
        {
          "url": "https://bugzilla.redhat.com/2448168"
        },
        {
          "url": "https://bugzilla.redhat.com/2448181"
        },
        {
          "url": "https://bugzilla.redhat.com/2449649"
        },
        {
          "url": "https://bugzilla.redhat.com/2457409"
        },
        {
          "url": "https://bugzilla.redhat.com/2457932"
        },
        {
          "url": "https://bugzilla.redhat.com/2458049"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408891"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418084"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431366"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431374"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2444691"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448168"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448181"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449649"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457409"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457932"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458049"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13837"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15282"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59375"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6075"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0672"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1502"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2297"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3644"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4224"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4519"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4786"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6100"
        },
        {
          "url": "https://errata.almalinux.org/9/ALSA-2026-19177.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2026:19064"
        },
        {
          "url": "https://github.com/python/cpython/commit/568342cfc8f002d9a15f30238f26b9d2e0e79036"
        },
        {
          "url": "https://github.com/python/cpython/commit/5a8b19677d818fb41ee55f310233772e15aa1a2b"
        },
        {
          "url": "https://github.com/python/cpython/commit/694922cf40aa3a28f898b5f5ee08b71b4922df70"
        },
        {
          "url": "https://github.com/python/cpython/commit/71fa8eb8233b37f16c88b6e3e583b461b205d1ba"
        },
        {
          "url": "https://github.com/python/cpython/commit/b64441e4852383645af5b435411a6f849dd1b4cb"
        },
        {
          "url": "https://github.com/python/cpython/commit/cefee7d118a26ef6cd43db59bb9d98ca9a331111"
        },
        {
          "url": "https://github.com/python/cpython/issues/119342"
        },
        {
          "url": "https://github.com/python/cpython/pull/119343"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2025-13837.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2026-10950.html"
        },
        {
          "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/2X5IBCJXRQAZ5PSERLHMSJFBHFR3QM2C/"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13837"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8018-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-13837"
        }
      ],
      "published": "2025-12-01T18:16:04+00:00",
      "updated": "2026-03-03T15:16:14+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.6.8-76.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.6.8-76.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2025-14017",
      "ratings": [
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "julia"
          },
          "score": 6.3,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 4.8,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2025-14017"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2026/01/07/3"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2025-14017"
        },
        {
          "url": "https://curl.se/docs/CVE-2025-14017.html"
        },
        {
          "url": "https://curl.se/docs/CVE-2025-14017.json"
        },
        {
          "url": "https://github.com/advisories/GHSA-jh4h-2cg6-889h"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8062-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8062-2"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-14017"
        }
      ],
      "published": "2026-01-08T10:15:45+00:00",
      "updated": "2026-01-27T21:29:39+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "7.61.1-34.el8_10.11",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "7.61.1-34.el8_10.11",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2025-14087",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "julia"
          },
          "score": 5.6,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 9.8,
          "severity": "critical",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "critical"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 5.6,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        190
      ],
      "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.",
      "recommendation": "Upgrade glib2 to version 2.56.4-169.el8_10",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2025-14087"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:15953"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:15969"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:15971"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:19148"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:19361"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:19452"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:19457"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:19459"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:19460"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:19523"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:19524"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:19565"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:19566"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:19567"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:21275"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:22634"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:7461"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2025-14087"
        },
        {
          "url": "https://bugzilla.redhat.com/2419093"
        },
        {
          "url": "https://bugzilla.redhat.com/2421339"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419093"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2421339"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512"
        },
        {
          "url": "https://errata.almalinux.org/9/ALSA-2026-19361.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2026:19148"
        },
        {
          "url": "https://github.com/advisories/GHSA-frh9-7wfp-w73p"
        },
        {
          "url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3834"
        },
        {
          "url": "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4933"
        },
        {
          "url": "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4934"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2025-14087.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2026-15971.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7942-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7942-2"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-14087"
        }
      ],
      "published": "2025-12-10T09:15:47+00:00",
      "updated": "2026-06-02T20:16:30+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "2.56.4-168.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": "Exploitability analysis, additional details:\nTemurin JVM binary is linked only against glibc:\n$ ldd /usr/lib/jvm/temurin-17-jre/bin/java\n        linux-vdso.so.1 (0x0000ffff8cd00000)\n        libjli.so => /usr/lib/jvm/temurin-17-jre/bin/../lib/libjli.so (0x0000ffff8cc70000)\n        libpthread.so.0 => /lib64/libpthread.so.0 (0x0000ffff8cc3b000)\n        libdl.so.2 => /lib64/libdl.so.2 (0x0000ffff8cc1a000)\n        libc.so.6 => /lib64/libc.so.6 (0x0000ffff8caa4000)\n        /lib/ld-linux-aarch64.so.1 (0x0000ffff8ccc2000)"
      }
    },
    {
      "id": "CVE-2025-14512",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "julia"
          },
          "score": 6.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 6.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        190
      ],
      "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.",
      "recommendation": "Upgrade glib2 to version 2.56.4-169.el8_10",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2025-14512"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:15953"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:15969"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:15971"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:19148"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:19361"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:19452"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:19457"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:19459"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:19460"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:19523"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:19524"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:19565"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:19567"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:21275"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:22634"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:7461"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2025-14512"
        },
        {
          "url": "https://bugzilla.redhat.com/2419093"
        },
        {
          "url": "https://bugzilla.redhat.com/2421339"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419093"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2421339"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512"
        },
        {
          "url": "https://errata.almalinux.org/9/ALSA-2026-19361.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2026:19148"
        },
        {
          "url": "https://github.com/advisories/GHSA-2p5v-p767-wqv5"
        },
        {
          "url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3845"
        },
        {
          "url": "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4935"
        },
        {
          "url": "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4936"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2025-14512.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2026-15971.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-14512"
        }
      ],
      "published": "2025-12-11T07:16:00+00:00",
      "updated": "2026-06-02T20:16:31+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "2.56.4-168.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": "Exploitability analysis, additional details:\nTemurin JVM binary is linked only against glibc:\n$ ldd /usr/lib/jvm/temurin-17-jre/bin/java\n        linux-vdso.so.1 (0x0000ffff8cd00000)\n        libjli.so => /usr/lib/jvm/temurin-17-jre/bin/../lib/libjli.so (0x0000ffff8cc70000)\n        libpthread.so.0 => /lib64/libpthread.so.0 (0x0000ffff8cc3b000)\n        libdl.so.2 => /lib64/libdl.so.2 (0x0000ffff8cc1a000)\n        libc.so.6 => /lib64/libc.so.6 (0x0000ffff8caa4000)\n        /lib/ld-linux-aarch64.so.1 (0x0000ffff8ccc2000)"
      }
    },
    {
      "id": "CVE-2025-14524",
      "ratings": [
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "julia"
          },
          "score": 5.3,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 6.5,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "low"
        }
      ],
      "cwes": [
        601
      ],
      "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a cross-protocol redirect to a second URL that uses an IMAP, LDAP,\nPOP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new\ntarget host.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2025-14524"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2026/01/07/4"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2025-14524"
        },
        {
          "url": "https://curl.se/docs/CVE-2025-14524.html"
        },
        {
          "url": "https://curl.se/docs/CVE-2025-14524.json"
        },
        {
          "url": "https://github.com/advisories/GHSA-g897-jvjx-78vg"
        },
        {
          "url": "https://hackerone.com/reports/3459417"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14524"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8062-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-14524"
        }
      ],
      "published": "2026-01-08T10:15:46+00:00",
      "updated": "2026-01-20T14:53:11+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "7.61.1-34.el8_10.11",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "7.61.1-34.el8_10.11",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2025-15079",
      "ratings": [
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "julia"
          },
          "score": 5.3,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 8.1,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "low"
        }
      ],
      "cwes": [
        297
      ],
      "description": "When doing SSH-based transfers using either SCP or SFTP, and setting the\nknown_hosts file, libcurl could still mistakenly accept connecting to hosts\n*not present* in the specified file if they were added as recognized in the\nlibssh *global* known_hosts file.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2025-15079"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2026/01/07/6"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2025-15079"
        },
        {
          "url": "https://curl.se/docs/CVE-2025-15079.html"
        },
        {
          "url": "https://curl.se/docs/CVE-2025-15079.json"
        },
        {
          "url": "https://github.com/advisories/GHSA-7q9p-cx8r-rh2q"
        },
        {
          "url": "https://hackerone.com/reports/3477116"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15079"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8062-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8062-2"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-15079"
        }
      ],
      "published": "2026-01-08T10:15:47+00:00",
      "updated": "2026-01-20T14:50:24+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "7.61.1-34.el8_10.11",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "7.61.1-34.el8_10.11",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "in_triage",
        "justification": "",
        "response": [],
        "detail": "This CVE is under investigation by Confluent."
      }
    },
    {
      "id": "CVE-2025-15224",
      "ratings": [
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "julia"
          },
          "score": 3.1,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 4.7,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "low"
        }
      ],
      "cwes": [
        287
      ],
      "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do\npublic key authentication, curl would wrongly still ask and authenticate using\na locally running SSH agent.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2025-15224"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2026/01/07/7"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2025-15224"
        },
        {
          "url": "https://curl.se/docs/CVE-2025-15224.html"
        },
        {
          "url": "https://curl.se/docs/CVE-2025-15224.json"
        },
        {
          "url": "https://github.com/advisories/GHSA-hccr-q52r-4w88"
        },
        {
          "url": "https://hackerone.com/reports/3480925"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15224"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8062-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8062-2"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-15224"
        }
      ],
      "published": "2026-01-08T10:15:47+00:00",
      "updated": "2026-01-20T14:47:52+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "7.61.1-34.el8_10.11",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "7.61.1-34.el8_10.11",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2025-15282",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 4.8,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        93
      ],
      "description": "User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2025-15282"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:19177"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2025-15282"
        },
        {
          "url": "https://bugzilla.redhat.com/2395108"
        },
        {
          "url": "https://bugzilla.redhat.com/2408891"
        },
        {
          "url": "https://bugzilla.redhat.com/2418084"
        },
        {
          "url": "https://bugzilla.redhat.com/2431366"
        },
        {
          "url": "https://bugzilla.redhat.com/2431374"
        },
        {
          "url": "https://bugzilla.redhat.com/2444691"
        },
        {
          "url": "https://bugzilla.redhat.com/2448168"
        },
        {
          "url": "https://bugzilla.redhat.com/2448181"
        },
        {
          "url": "https://bugzilla.redhat.com/2449649"
        },
        {
          "url": "https://bugzilla.redhat.com/2457409"
        },
        {
          "url": "https://bugzilla.redhat.com/2457932"
        },
        {
          "url": "https://bugzilla.redhat.com/2458049"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408891"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418084"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431366"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431374"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2444691"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448168"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448181"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449649"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457409"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457932"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458049"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13837"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15282"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59375"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6075"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0672"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1502"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2297"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3644"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4224"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4519"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4786"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6100"
        },
        {
          "url": "https://errata.almalinux.org/9/ALSA-2026-19177.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2026:19064"
        },
        {
          "url": "https://github.com/python/cpython/commit/05356b1cc153108aaf27f3b72ce438af4aa218c0"
        },
        {
          "url": "https://github.com/python/cpython/commit/34d76b00dabde81a793bd06dd8ecb057838c4b38"
        },
        {
          "url": "https://github.com/python/cpython/commit/3f396ca9d7bbe2a50ea6b8c9b27c0082884d9f80"
        },
        {
          "url": "https://github.com/python/cpython/commit/4ed11d3cd288e6b90196a15c5a825a45d318fe47"
        },
        {
          "url": "https://github.com/python/cpython/commit/a35ca3be5842505dab74dc0b90b89cde0405017a"
        },
        {
          "url": "https://github.com/python/cpython/commit/f25509e78e8be6ea73c811ac2b8c928c28841b9f"
        },
        {
          "url": "https://github.com/python/cpython/issues/143925"
        },
        {
          "url": "https://github.com/python/cpython/pull/143926"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2025-15282.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2026-10950.html"
        },
        {
          "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/X66HL7SISGJT33J53OHXMZT4DFLMHVKF/"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15282"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8018-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8018-3"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-15282"
        }
      ],
      "published": "2026-01-20T22:15:50+00:00",
      "updated": "2026-04-15T00:35:42+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.6.8-76.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.6.8-76.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2025-15468",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "julia"
          },
          "score": 5.9,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 5.9,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "low"
        }
      ],
      "cwes": [
        476
      ],
      "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2025-15468"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:1473"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2025-15468"
        },
        {
          "url": "https://bugzilla.redhat.com/2430375"
        },
        {
          "url": "https://bugzilla.redhat.com/2430376"
        },
        {
          "url": "https://bugzilla.redhat.com/2430377"
        },
        {
          "url": "https://bugzilla.redhat.com/2430378"
        },
        {
          "url": "https://bugzilla.redhat.com/2430379"
        },
        {
          "url": "https://bugzilla.redhat.com/2430380"
        },
        {
          "url": "https://bugzilla.redhat.com/2430381"
        },
        {
          "url": "https://bugzilla.redhat.com/2430386"
        },
        {
          "url": "https://bugzilla.redhat.com/2430387"
        },
        {
          "url": "https://bugzilla.redhat.com/2430388"
        },
        {
          "url": "https://bugzilla.redhat.com/2430389"
        },
        {
          "url": "https://bugzilla.redhat.com/2430390"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430375"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430376"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430377"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430378"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430379"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430380"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430381"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430386"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430387"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430388"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430389"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430390"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796"
        },
        {
          "url": "https://errata.almalinux.org/9/ALSA-2026-1473.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2026:1472"
        },
        {
          "url": "https://github.com/advisories/GHSA-rhx3-fg8p-f9m4"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2025-15468.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2026-50081.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468"
        },
        {
          "url": "https://openssl-library.org/news/secadv/20260127.txt"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7980-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-15468"
        }
      ],
      "published": "2026-01-27T16:16:14+00:00",
      "updated": "2026-02-02T18:38:00+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1",
          "versions": [
            {
              "version": "1:1.1.1k-15.el8_6",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1",
          "versions": [
            {
              "version": "1:1.1.1k-15.el8_6",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": "Exploitability analysis, additional details:\nTemurin JVM binary is linked only against glibc:\n$ ldd /usr/lib/jvm/temurin-17-jre/bin/java\n        linux-vdso.so.1 (0x0000ffff8cd00000)\n        libjli.so => /usr/lib/jvm/temurin-17-jre/bin/../lib/libjli.so (0x0000ffff8cc70000)\n        libpthread.so.0 => /lib64/libpthread.so.0 (0x0000ffff8cc3b000)\n        libdl.so.2 => /lib64/libdl.so.2 (0x0000ffff8cc1a000)\n        libc.so.6 => /lib64/libc.so.6 (0x0000ffff8caa4000)\n        /lib/ld-linux-aarch64.so.1 (0x0000ffff8ccc2000)"
      }
    },
    {
      "id": "CVE-2025-15469",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "julia"
          },
          "score": 5.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 5.5,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "low"
        }
      ],
      "cwes": [
        347
      ],
      "description": "Issue summary: The 'openssl dgst' command-line tool silently truncates input\ndata to 16MB when using one-shot signing algorithms and reports success instead\nof an error.\n\nImpact summary: A user signing or verifying files larger than 16MB with\none-shot algorithms (such as Ed25519, Ed448, or ML-DSA) may believe the entire\nfile is authenticated while trailing data beyond 16MB remains unauthenticated.\n\nWhen the 'openssl dgst' command is used with algorithms that only support\none-shot signing (Ed25519, Ed448, ML-DSA-44, ML-DSA-65, ML-DSA-87), the input\nis buffered with a 16MB limit. If the input exceeds this limit, the tool\nsilently truncates to the first 16MB and continues without signaling an error,\ncontrary to what the documentation states. This creates an integrity gap where\ntrailing bytes can be modified without detection if both signing and\nverification are performed using the same affected codepath.\n\nThe issue affects only the command-line tool behavior. Verifiers that process\nthe full message using library APIs will reject the signature, so the risk\nprimarily affects workflows that both sign and verify with the affected\n'openssl dgst' command. Streaming digest algorithms for 'openssl dgst' and\nlibrary users are unaffected.\n\nThe FIPS modules in 3.5 and 3.6 are not affected by this issue, as the\ncommand-line tools are outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.5 and 3.6 are vulnerable to this issue.\n\nOpenSSL 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2025-15469"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:1473"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2025-15469"
        },
        {
          "url": "https://bugzilla.redhat.com/2430375"
        },
        {
          "url": "https://bugzilla.redhat.com/2430376"
        },
        {
          "url": "https://bugzilla.redhat.com/2430377"
        },
        {
          "url": "https://bugzilla.redhat.com/2430378"
        },
        {
          "url": "https://bugzilla.redhat.com/2430379"
        },
        {
          "url": "https://bugzilla.redhat.com/2430380"
        },
        {
          "url": "https://bugzilla.redhat.com/2430381"
        },
        {
          "url": "https://bugzilla.redhat.com/2430386"
        },
        {
          "url": "https://bugzilla.redhat.com/2430387"
        },
        {
          "url": "https://bugzilla.redhat.com/2430388"
        },
        {
          "url": "https://bugzilla.redhat.com/2430389"
        },
        {
          "url": "https://bugzilla.redhat.com/2430390"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430375"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430376"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430377"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430378"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430379"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430380"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430381"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430386"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430387"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430388"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430389"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430390"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796"
        },
        {
          "url": "https://errata.almalinux.org/9/ALSA-2026-1473.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2026:1472"
        },
        {
          "url": "https://github.com/advisories/GHSA-v2vr-926q-29fr"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/310f305eb92ea8040d6b3cb75a5feeba8e6acf2f"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/a7936fa4bd23c906e1955a16a0a0ab39a4953a61"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2025-15469.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2026-50081.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15469"
        },
        {
          "url": "https://openssl-library.org/news/secadv/20260127.txt"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7980-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-15469"
        }
      ],
      "published": "2026-01-27T16:16:14+00:00",
      "updated": "2026-02-02T18:37:39+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1",
          "versions": [
            {
              "version": "1:1.1.1k-15.el8_6",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1",
          "versions": [
            {
              "version": "1:1.1.1k-15.el8_6",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": "Exploitability analysis, additional details:\nTemurin JVM binary is linked only against glibc:\n$ ldd /usr/lib/jvm/temurin-17-jre/bin/java\n        linux-vdso.so.1 (0x0000ffff8cd00000)\n        libjli.so => /usr/lib/jvm/temurin-17-jre/bin/../lib/libjli.so (0x0000ffff8cc70000)\n        libpthread.so.0 => /lib64/libpthread.so.0 (0x0000ffff8cc3b000)\n        libdl.so.2 => /lib64/libdl.so.2 (0x0000ffff8cc1a000)\n        libc.so.6 => /lib64/libc.so.6 (0x0000ffff8caa4000)\n        /lib/ld-linux-aarch64.so.1 (0x0000ffff8ccc2000)"
      }
    },
    {
      "id": "CVE-2025-1632",
      "ratings": [
        {
          "source": {
            "name": "azure"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 5.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 3.3,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "low"
        }
      ],
      "cwes": [
        404,
        476
      ],
      "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2025-1632"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2025-1632"
        },
        {
          "url": "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7454-1"
        },
        {
          "url": "https://vuldb.com/?ctiid.296619"
        },
        {
          "url": "https://vuldb.com/?id.296619"
        },
        {
          "url": "https://vuldb.com/?submit.496460"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-1632"
        }
      ],
      "published": "2025-02-24T14:15:11+00:00",
      "updated": "2025-03-25T15:41:41+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.3.3-7.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2025-1795",
      "ratings": [
        {
          "source": {
            "name": "amazon"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 3.1,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "low"
        }
      ],
      "cwes": [
        116
      ],
      "description": "During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is also unicode-encoded. Expected behavior is that the separating comma remains a plan comma. This can result in the address header being misinterpreted by some mail servers.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2025-1795"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2025-1795"
        },
        {
          "url": "https://github.com/python/cpython/commit/09fab93c3d857496c0bd162797fab816c311ee48"
        },
        {
          "url": "https://github.com/python/cpython/commit/70754d21c288535e86070ca7a6e90dcb670b8593"
        },
        {
          "url": "https://github.com/python/cpython/commit/9148b77e0af91cdacaa7fe3dfac09635c3fe9a74"
        },
        {
          "url": "https://github.com/python/cpython/commit/a4ef689ce670684ec132204b1cd03720c8e0a03d"
        },
        {
          "url": "https://github.com/python/cpython/commit/d4df3c55e4c5513947f907f24766b34d2ae8c090"
        },
        {
          "url": "https://github.com/python/cpython/issues/100884"
        },
        {
          "url": "https://github.com/python/cpython/pull/100885"
        },
        {
          "url": "https://github.com/python/cpython/pull/119099"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00013.html"
        },
        {
          "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MB62IZMEC3UM6SGHP5LET5JX2Y7H4ZUR/"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1795"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7570-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-1795"
        }
      ],
      "published": "2025-02-28T19:15:36+00:00",
      "updated": "2026-04-15T00:35:42+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.6.8-76.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.6.8-76.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4",
          "versions": [
            {
              "version": "3.9.25-2.module+el8.10.0+23718+1842ae33",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1",
          "versions": [
            {
              "version": "20.2.4-9.module+el8.10.0+21329+8d76b841",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1",
          "versions": [
            {
              "version": "20.2.4-9.module+el8.10.0+21329+8d76b841",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4",
          "versions": [
            {
              "version": "50.3.2-7.module+el8.10.0+23406+03055bfb",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4",
          "versions": [
            {
              "version": "3.9.25-2.module+el8.10.0+23718+1842ae33",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/python39-libs@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/python39-pip-wheel@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/python39-pip@20.2.4-9.module%2Bel8.10.0%2B21329%2B8d76b841?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020240214182535%3A7044f6c1"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/python39-setuptools-wheel@50.3.2-7.module%2Bel8.10.0%2B23406%2B03055bfb?arch=noarch&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020250806092742%3Ad47b87a4"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/python39@3.9.25-2.module%2Bel8.10.0%2B23718%2B1842ae33?arch=x86_64&distro=redhat-8.10&modularitylabel=python39%3A3.9%3A8100020251126112422%3Ad47b87a4"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2025-25724",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "julia"
          },
          "score": 4,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 7.8,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 4,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        252
      ],
      "description": "list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2025-25724"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2025:9431"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2025-25724"
        },
        {
          "url": "https://bugzilla.redhat.com/2349221"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2349221"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25724"
        },
        {
          "url": "https://errata.almalinux.org/9/ALSA-2025-9431.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2025:9420"
        },
        {
          "url": "https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92"
        },
        {
          "url": "https://github.com/Ekkosun/pocs/blob/main/bsdtarbug"
        },
        {
          "url": "https://github.com/advisories/GHSA-722w-734r-qg74"
        },
        {
          "url": "https://github.com/libarchive/libarchive/blob/b439d586f53911c84be5e380445a8a259e19114c/tar/util.c#L751-L752"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2025-25724.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2025-9431.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25724"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7454-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8147-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-25724"
        }
      ],
      "published": "2025-03-02T02:15:36+00:00",
      "updated": "2025-07-17T15:56:36+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.3.3-7.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2025-27113",
      "ratings": [
        {
          "source": {
            "name": "amazon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "bitnami"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 3.1,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        476
      ],
      "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2025-27113"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2025/Apr/10"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2025/Apr/11"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2025/Apr/12"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2025/Apr/13"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2025/Apr/4"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2025/Apr/5"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2025/Apr/8"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2025/Apr/9"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2025-27113"
        },
        {
          "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20250306-0004/"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7302-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-27113"
        },
        {
          "url": "https://www.openwall.com/lists/oss-security/2025/02/18/2"
        }
      ],
      "published": "2025-02-18T23:15:10+00:00",
      "updated": "2025-11-03T22:18:43+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "2.9.7-21.el8_10.4",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2025-30258",
      "ratings": [
        {
          "source": {
            "name": "amazon"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 4.7,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 2.7,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        754
      ],
      "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2025-30258"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2025-30258"
        },
        {
          "url": "https://dev.gnupg.org/T7527"
        },
        {
          "url": "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158"
        },
        {
          "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7412-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7412-3"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-30258"
        }
      ],
      "published": "2025-03-19T20:15:20+00:00",
      "updated": "2025-10-16T16:53:07+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "2.2.20-4.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2025-3360",
      "ratings": [
        {
          "source": {
            "name": "amazon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 3.7,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "low"
        }
      ],
      "cwes": [
        190
      ],
      "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2025-3360"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2025-3360"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2357754"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7942-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7942-2"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-3360"
        }
      ],
      "published": "2025-04-07T13:15:43+00:00",
      "updated": "2026-04-15T00:35:42+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "2.56.4-168.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2025-4516",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 5.1,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        416
      ],
      "description": "There is an issue in CPython when using `bytes.decode(\"unicode_escape\", error=\"ignore|replace\")`. If you are not using the \"unicode_escape\" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode() call in a try-except catching the DecodeError.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2025-4516"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2025/05/16/4"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2025/05/19/1"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2025:23530"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2025-4516"
        },
        {
          "url": "https://bugzilla.redhat.com/2294682"
        },
        {
          "url": "https://bugzilla.redhat.com/2321440"
        },
        {
          "url": "https://bugzilla.redhat.com/2325776"
        },
        {
          "url": "https://bugzilla.redhat.com/2343237"
        },
        {
          "url": "https://bugzilla.redhat.com/2366509"
        },
        {
          "url": "https://bugzilla.redhat.com/2370010"
        },
        {
          "url": "https://bugzilla.redhat.com/2370014"
        },
        {
          "url": "https://bugzilla.redhat.com/2370016"
        },
        {
          "url": "https://bugzilla.redhat.com/2372426"
        },
        {
          "url": "https://bugzilla.redhat.com/2373234"
        },
        {
          "url": "https://bugzilla.redhat.com/2402342"
        },
        {
          "url": "https://bugzilla.redhat.com/2408891"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294682"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2321440"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2325776"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2343237"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2366509"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370010"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370014"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370016"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372426"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373234"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402342"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408891"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11168"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5642"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9287"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0938"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4138"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4330"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4435"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4516"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4517"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6069"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6075"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8291"
        },
        {
          "url": "https://errata.almalinux.org/8/ALSA-2025-23530.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2025:23530"
        },
        {
          "url": "https://github.com/python/cpython/commit/4398b788ffc1f954a2c552da285477d42a571292"
        },
        {
          "url": "https://github.com/python/cpython/commit/5646648678295a44aa82636c6e92826651baf33a"
        },
        {
          "url": "https://github.com/python/cpython/commit/6279eb8c076d89d3739a6edb393e43c7929b429d"
        },
        {
          "url": "https://github.com/python/cpython/commit/69b4387f78f413e8c47572a85b3478c47eba8142"
        },
        {
          "url": "https://github.com/python/cpython/commit/73b3040f592436385007918887b7e2132aa8431f"
        },
        {
          "url": "https://github.com/python/cpython/commit/8d35fd1b34935221aff23a1ab69a429dd156be77"
        },
        {
          "url": "https://github.com/python/cpython/commit/9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e"
        },
        {
          "url": "https://github.com/python/cpython/commit/9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e"
        },
        {
          "url": "https://github.com/python/cpython/commit/ab9893c40609935e0d40a6d2a7307ea51aec598b"
        },
        {
          "url": "https://github.com/python/cpython/issues/133767"
        },
        {
          "url": "https://github.com/python/cpython/pull/129648"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2025-4516.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2025-23530.html"
        },
        {
          "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/L75IPBBTSCYEF56I2M4KIW353BB3AY74/"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4516"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7570-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-4516"
        }
      ],
      "published": "2025-05-15T14:15:31+00:00",
      "updated": "2026-04-15T00:35:42+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.6.8-76.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.6.8-76.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2025-45582",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 5.6,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        24
      ],
      "description": "GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file, specified via a relative pathname that begins with the symlink name and ends with that critical file's name. Here, the extraction follows the symlink and overwrites the critical file. This bypasses the protection mechanism of \"Member name contains '..'\" that would occur for a single TAR archive that attempted to specify the critical file via a ../ approach. For example, the first archive can contain \"x -> ../../../../../home/victim/.ssh\" and the second archive can contain x/authorized_keys. This can affect server applications that automatically extract any number of user-supplied TAR archives, and were relying on the blocking of traversal. This can also affect software installation processes in which \"tar xf\" is run more than once (e.g., when installing a package can automatically install two dependencies that are set up as untrusted tarballs instead of official packages). NOTE: the official GNU Tar manual has an otherwise-empty directory for each \"tar xf\" in its Security Rules of Thumb; however, third-party advice leads users to run \"tar xf\" more than once into the same directory.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2025-45582"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2025/11/01/6"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:0067"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2025-45582"
        },
        {
          "url": "https://bugzilla.redhat.com/2379592"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379592"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-45582"
        },
        {
          "url": "https://errata.almalinux.org/9/ALSA-2026-0067.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2026:0002"
        },
        {
          "url": "https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2025-45582.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2026-0067.html"
        },
        {
          "url": "https://lists.gnu.org/archive/html/bug-tar/2025-08/msg00012.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-45582"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-45582"
        },
        {
          "url": "https://www.gnu.org/software/tar/"
        },
        {
          "url": "https://www.gnu.org/software/tar/manual/html_node/Integrity.html"
        },
        {
          "url": "https://www.gnu.org/software/tar/manual/html_node/Integrity.html#Integrity"
        },
        {
          "url": "https://www.gnu.org/software/tar/manual/html_node/Security-rules-of-thumb.html"
        }
      ],
      "published": "2025-07-11T17:15:37+00:00",
      "updated": "2025-11-02T01:15:32+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2",
          "versions": [
            {
              "version": "2:1.30-11.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": "Exploitability analysis, additional details:\nTemurin JVM binary is linked only against glibc:\n$ ldd /usr/lib/jvm/temurin-17-jre/bin/java\n        linux-vdso.so.1 (0x0000ffff8cd00000)\n        libjli.so => /usr/lib/jvm/temurin-17-jre/bin/../lib/libjli.so (0x0000ffff8cc70000)\n        libpthread.so.0 => /lib64/libpthread.so.0 (0x0000ffff8cc3b000)\n        libdl.so.2 => /lib64/libdl.so.2 (0x0000ffff8cc1a000)\n        libc.so.6 => /lib64/libc.so.6 (0x0000ffff8caa4000)\n        /lib/ld-linux-aarch64.so.1 (0x0000ffff8ccc2000)"
      }
    },
    {
      "id": "CVE-2025-4598",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 4.7,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        364
      ],
      "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2025-4598"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2025/Jun/9"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2025/06/05/1"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2025/06/05/3"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2025/08/18/3"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2025:22660"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2025:22868"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2025:23227"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2025:23234"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:0414"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:1652"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:18153"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2025-4598"
        },
        {
          "url": "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598"
        },
        {
          "url": "https://bugzilla.redhat.com/2369242"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369242"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
        },
        {
          "url": "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598"
        },
        {
          "url": "https://errata.almalinux.org/9/ALSA-2025-22660.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2026:18153"
        },
        {
          "url": "https://git.kernel.org/linus/b5325b2a270fcaf7b2a9a0f23d422ca8a5a8bdea"
        },
        {
          "url": "https://github.com/systemd/systemd/commit/0c49e0049b7665bb7769a13ef346fef92e1ad4d6"
        },
        {
          "url": "https://github.com/systemd/systemd/commit/13902e025321242b1d95c6d8b4e482b37f58cdef"
        },
        {
          "url": "https://github.com/systemd/systemd/commit/49f1f2d4a7612bbed5211a73d11d6a94fbe3bb69"
        },
        {
          "url": "https://github.com/systemd/systemd/commit/76e0ab49c47965877c19772a2b3bf55f6417ca39"
        },
        {
          "url": "https://github.com/systemd/systemd/commit/868d95577ec9f862580ad365726515459be582fc"
        },
        {
          "url": "https://github.com/systemd/systemd/commit/8fc7b2a211eb13ef1a94250b28e1c79cab8bdcb9"
        },
        {
          "url": "https://github.com/systemd/systemd/commit/9ce8e3e449def92c75ada41b7d10c5bc3946be77"
        },
        {
          "url": "https://github.com/systemd/systemd/commit/e6a8687b939ab21854f12f59a3cce703e32768cf"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2025-4598.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2025-22660.html"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7559-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-4598"
        },
        {
          "url": "https://www.openwall.com/lists/oss-security/2025/05/29/3"
        },
        {
          "url": "https://www.openwall.com/lists/oss-security/2025/08/18/3"
        },
        {
          "url": "https://www.qualys.com/2025/05/29/apport-coredump/apport-coredump.txt"
        }
      ],
      "published": "2025-05-30T14:15:23+00:00",
      "updated": "2026-05-19T16:16:18+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "239-82.el8_10.16",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "239-82.el8_10.16",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "239-82.el8_10.16",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": "Exploitability analysis, additional details:\nTemurin JVM binary is linked only against glibc:\n$ ldd /usr/lib/jvm/temurin-17-jre/bin/java\n        linux-vdso.so.1 (0x0000ffff8cd00000)\n        libjli.so => /usr/lib/jvm/temurin-17-jre/bin/../lib/libjli.so (0x0000ffff8cc70000)\n        libpthread.so.0 => /lib64/libpthread.so.0 (0x0000ffff8cc3b000)\n        libdl.so.2 => /lib64/libdl.so.2 (0x0000ffff8cc1a000)\n        libc.so.6 => /lib64/libc.so.6 (0x0000ffff8caa4000)\n        /lib/ld-linux-aarch64.so.1 (0x0000ffff8ccc2000)"
      }
    },
    {
      "id": "CVE-2025-47268",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 6.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "low"
        }
      ],
      "cwes": [
        190
      ],
      "description": "ping in iputils before 20250602 allows a denial of service (application error or incorrect data collection) via a crafted ICMP Echo Reply packet, because of a signed 64-bit integer overflow in timestamp multiplication.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2025-47268"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2025:9432"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2025-47268"
        },
        {
          "url": "https://bugzilla.redhat.com/2364090"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2364090"
        },
        {
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=1242300"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47268"
        },
        {
          "url": "https://errata.almalinux.org/9/ALSA-2025-9432.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2025:9421"
        },
        {
          "url": "https://github.com/Zephkek/ping-rtt-overflow/"
        },
        {
          "url": "https://github.com/iputils/iputils/commit/070cfacd7348386173231fb16fad4983d4e6ae40"
        },
        {
          "url": "https://github.com/iputils/iputils/issues/584"
        },
        {
          "url": "https://github.com/iputils/iputils/pull/585"
        },
        {
          "url": "https://github.com/iputils/iputils/releases/tag/20250602"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2025-47268.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2025-9432.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47268"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7670-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-47268"
        }
      ],
      "published": "2025-05-05T14:15:29+00:00",
      "updated": "2026-04-06T14:12:20+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/iputils@20180629-11.el8?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "20180629-11.el8",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/iputils@20180629-11.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/iputils@20180629-11.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/iputils@20180629-11.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/iputils@20180629-11.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/iputils@20180629-11.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/iputils@20180629-11.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/iputils@20180629-11.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/iputils@20180629-11.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/iputils@20180629-11.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/iputils@20180629-11.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/iputils@20180629-11.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/iputils@20180629-11.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/iputils@20180629-11.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/iputils@20180629-11.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/iputils@20180629-11.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/iputils@20180629-11.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/iputils@20180629-11.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/iputils@20180629-11.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/iputils@20180629-11.el8?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": "Exploitability analysis, additional details:\nTemurin JVM binary is linked only against glibc:\n$ ldd /usr/lib/jvm/temurin-17-jre/bin/java\n        linux-vdso.so.1 (0x0000ffff8cd00000)\n        libjli.so => /usr/lib/jvm/temurin-17-jre/bin/../lib/libjli.so (0x0000ffff8cc70000)\n        libpthread.so.0 => /lib64/libpthread.so.0 (0x0000ffff8cc3b000)\n        libdl.so.2 => /lib64/libdl.so.2 (0x0000ffff8cc1a000)\n        libc.so.6 => /lib64/libc.so.6 (0x0000ffff8caa4000)\n        /lib/ld-linux-aarch64.so.1 (0x0000ffff8ccc2000)"
      }
    },
    {
      "id": "CVE-2025-4878",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 3.6,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        416
      ],
      "description": "A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekey_from_file() function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2025-4878"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:18683"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2025-4878"
        },
        {
          "url": "https://bugzilla.redhat.com/2369367"
        },
        {
          "url": "https://bugzilla.redhat.com/2376184"
        },
        {
          "url": "https://bugzilla.redhat.com/2376193"
        },
        {
          "url": "https://bugzilla.redhat.com/2383220"
        },
        {
          "url": "https://bugzilla.redhat.com/2383888"
        },
        {
          "url": "https://bugzilla.redhat.com/2433121"
        },
        {
          "url": "https://bugzilla.redhat.com/2436979"
        },
        {
          "url": "https://bugzilla.redhat.com/2436980"
        },
        {
          "url": "https://bugzilla.redhat.com/2436981"
        },
        {
          "url": "https://bugzilla.redhat.com/2436982"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369367"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376184"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376193"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2383220"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2383888"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433121"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436979"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436980"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436981"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436982"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4877"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4878"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5351"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8114"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8277"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0964"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0965"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0966"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0967"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0968"
        },
        {
          "url": "https://errata.almalinux.org/9/ALSA-2026-18683.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2026:18683"
        },
        {
          "url": "https://git.libssh.org/projects/libssh.git/commit/?id=697650caa97eaf7623924c75f9fcfec6dd423cd1"
        },
        {
          "url": "https://git.libssh.org/projects/libssh.git/commit/?id=b35ee876adc92a208d47194772e99f9c71e0bedb"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4878"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7619-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7696-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-4878"
        },
        {
          "url": "https://www.libssh.org/security/advisories/CVE-2025-4878.txt"
        }
      ],
      "published": "2025-07-22T15:15:36+00:00",
      "updated": "2026-05-19T14:16:28+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10",
          "versions": [
            {
              "version": "0.9.6-16.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "0.9.6-16.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2025-48964",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 5.3,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "low"
        }
      ],
      "cwes": [
        190
      ],
      "description": "ping in iputils before 20250602 allows a denial of service (application error in adaptive ping mode or incorrect data collection) via a crafted ICMP Echo Reply packet, because a zero timestamp can lead to large intermediate values that have an integer overflow when squared during statistics calculations. NOTE: this issue exists because of an incomplete fix for CVE-2025-47268 (that fix was only about timestamp calculations, and it did not account for a specific scenario where the original timestamp in the ICMP payload is zero).",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2025-48964"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2025:17558"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2025-48964"
        },
        {
          "url": "https://bugzilla.redhat.com/2382657"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2382657"
        },
        {
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=1243772"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48964"
        },
        {
          "url": "https://errata.almalinux.org/9/ALSA-2025-17558.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2026:18162"
        },
        {
          "url": "https://github.com/iputils/iputils/commit/afa36390394a6e0cceba03b52b59b6d41710608c"
        },
        {
          "url": "https://github.com/iputils/iputils/issues"
        },
        {
          "url": "https://github.com/iputils/iputils/releases/tag/20250602"
        },
        {
          "url": "https://github.com/iputils/iputils/security/advisories/GHSA-25fr-jw29-74f9"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2025-48964.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2025-17558.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48964"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7670-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-48964"
        }
      ],
      "published": "2025-07-22T18:15:36+00:00",
      "updated": "2026-04-15T00:35:42+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/iputils@20180629-11.el8?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "20180629-11.el8",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/iputils@20180629-11.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/iputils@20180629-11.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/iputils@20180629-11.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/iputils@20180629-11.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/iputils@20180629-11.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/iputils@20180629-11.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/iputils@20180629-11.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/iputils@20180629-11.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/iputils@20180629-11.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/iputils@20180629-11.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/iputils@20180629-11.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/iputils@20180629-11.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/iputils@20180629-11.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/iputils@20180629-11.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/iputils@20180629-11.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/iputils@20180629-11.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/iputils@20180629-11.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/iputils@20180629-11.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/iputils@20180629-11.el8?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2025-50181",
      "ratings": [
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "ghsa"
          },
          "score": 5.3,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 6.1,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 5.3,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        601
      ],
      "description": "urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attempting to mitigate SSRF or open redirect vulnerabilities by disabling redirects at the PoolManager level will remain vulnerable. This issue has been patched in version 2.5.0.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2025-50181"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2025-50181"
        },
        {
          "url": "https://github.com/urllib3/urllib3"
        },
        {
          "url": "https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857"
        },
        {
          "url": "https://github.com/urllib3/urllib3/releases/tag/2.5.0"
        },
        {
          "url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-pq67-6m6q-mj2v"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-50181"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7599-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7599-2"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
        }
      ],
      "published": "2025-06-19T01:15:24+00:00",
      "updated": "2025-12-22T19:15:49+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10",
          "versions": [
            {
              "version": "9.0.3-24.el8",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10",
          "versions": [
            {
              "version": "9.0.3-24.el8",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        }
      ]
    },
    {
      "id": "CVE-2025-50182",
      "ratings": [
        {
          "source": {
            "name": "ghsa"
          },
          "score": 5.3,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 6.1,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 5.3,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        601
      ],
      "description": "urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpRequest. This means Python libraries can be used to make HTTP requests from a browser or Node.js. Additionally, urllib3 provides a mechanism to control redirects, but the retries and redirect parameters are ignored with Pyodide; the runtime itself determines redirect behavior. This issue has been patched in version 2.5.0.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2025-50182"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2025-50182"
        },
        {
          "url": "https://github.com/urllib3/urllib3"
        },
        {
          "url": "https://github.com/urllib3/urllib3/commit/7eb4a2aafe49a279c29b6d1f0ed0f42e9736194f"
        },
        {
          "url": "https://github.com/urllib3/urllib3/releases/tag/2.5.0"
        },
        {
          "url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-48p4-8xcf-vxj5"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-50182"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7599-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-50182"
        }
      ],
      "published": "2025-06-19T02:15:17+00:00",
      "updated": "2025-12-22T19:15:49+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10",
          "versions": [
            {
              "version": "9.0.3-24.el8",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10",
          "versions": [
            {
              "version": "9.0.3-24.el8",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": "Exploitability analysis, additional details:\nTemurin JVM binary is linked only against glibc:\n$ ldd /usr/lib/jvm/temurin-17-jre/bin/java\n        linux-vdso.so.1 (0x0000ffff8cd00000)\n        libjli.so => /usr/lib/jvm/temurin-17-jre/bin/../lib/libjli.so (0x0000ffff8cc70000)\n        libpthread.so.0 => /lib64/libpthread.so.0 (0x0000ffff8cc3b000)\n        libdl.so.2 => /lib64/libdl.so.2 (0x0000ffff8cc1a000)\n        libc.so.6 => /lib64/libc.so.6 (0x0000ffff8caa4000)\n        /lib/ld-linux-aarch64.so.1 (0x0000ffff8ccc2000)"
      }
    },
    {
      "id": "CVE-2025-5278",
      "ratings": [
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 4.4,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"
        }
      ],
      "cwes": [
        121
      ],
      "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2025-5278"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2025/05/27/2"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2025/05/29/1"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2025/05/29/2"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2025-5278"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368764"
        },
        {
          "url": "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633"
        },
        {
          "url": "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14"
        },
        {
          "url": "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=78507"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278"
        },
        {
          "url": "https://security-tracker.debian.org/tracker/CVE-2025-5278"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-5278"
        }
      ],
      "published": "2025-05-27T21:15:23+00:00",
      "updated": "2026-05-19T17:16:21+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/coreutils-single@8.30-17.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "8.30-17.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/coreutils-single@8.30-17.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/coreutils-single@8.30-17.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/coreutils-single@8.30-17.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/coreutils-single@8.30-17.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/coreutils-single@8.30-17.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/coreutils-single@8.30-17.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/coreutils-single@8.30-17.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/coreutils-single@8.30-17.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/coreutils-single@8.30-17.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/coreutils-single@8.30-17.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/coreutils-single@8.30-17.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/coreutils-single@8.30-17.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/coreutils-single@8.30-17.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/coreutils-single@8.30-17.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/coreutils-single@8.30-17.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/coreutils-single@8.30-17.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/coreutils-single@8.30-17.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/coreutils-single@8.30-17.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/coreutils-single@8.30-17.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/coreutils-single@8.30-17.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/coreutils-single@8.30-17.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2025-5351",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 6.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 6.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        415
      ],
      "description": "A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition may result in heap corruption or application instability in low-memory scenarios, posing a risk to system reliability where key export operations are performed.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2025-5351"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:18683"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2025-5351"
        },
        {
          "url": "https://bugzilla.redhat.com/2369367"
        },
        {
          "url": "https://bugzilla.redhat.com/2376184"
        },
        {
          "url": "https://bugzilla.redhat.com/2376193"
        },
        {
          "url": "https://bugzilla.redhat.com/2383220"
        },
        {
          "url": "https://bugzilla.redhat.com/2383888"
        },
        {
          "url": "https://bugzilla.redhat.com/2433121"
        },
        {
          "url": "https://bugzilla.redhat.com/2436979"
        },
        {
          "url": "https://bugzilla.redhat.com/2436980"
        },
        {
          "url": "https://bugzilla.redhat.com/2436981"
        },
        {
          "url": "https://bugzilla.redhat.com/2436982"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369367"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376184"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376193"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2383220"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2383888"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433121"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436979"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436980"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436981"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436982"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4877"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4878"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5351"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8114"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8277"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0964"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0965"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0966"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0967"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0968"
        },
        {
          "url": "https://errata.almalinux.org/9/ALSA-2026-18683.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2026:18683"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5351"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7619-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-5351"
        },
        {
          "url": "https://www.libssh.org/security/advisories/CVE-2025-5351.txt"
        }
      ],
      "published": "2025-07-04T09:15:37+00:00",
      "updated": "2026-05-19T14:16:28+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10",
          "versions": [
            {
              "version": "0.9.6-16.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "0.9.6-16.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2025-5915",
      "ratings": [
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 6.6,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 6.6,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        122
      ],
      "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2025-5915"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2025-5915"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370865"
        },
        {
          "url": "https://github.com/libarchive/libarchive/pull/2599"
        },
        {
          "url": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7601-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-5915"
        }
      ],
      "published": "2025-06-09T20:15:26+00:00",
      "updated": "2026-01-08T04:15:55+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.3.3-7.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2025-5916",
      "ratings": [
        {
          "source": {
            "name": "azure"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 5.6,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 3.9,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        190
      ],
      "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2025-5916"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2025-5916"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370872"
        },
        {
          "url": "https://github.com/libarchive/libarchive/pull/2568"
        },
        {
          "url": "https://github.com/libarchive/libarchive/pull/2568/commits/bce70c4c26864df2a8d6953e7db6e4b156253508"
        },
        {
          "url": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7601-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8147-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-5916"
        }
      ],
      "published": "2025-06-09T20:15:27+00:00",
      "updated": "2025-12-12T01:15:46+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.3.3-7.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2025-5917",
      "ratings": [
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 2.8,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        787
      ],
      "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2025-5917"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2025-5917"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370874"
        },
        {
          "url": "https://github.com/libarchive/libarchive/pull/2588"
        },
        {
          "url": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7601-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8147-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-5917"
        }
      ],
      "published": "2025-06-09T20:15:27+00:00",
      "updated": "2025-12-12T01:15:46+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.3.3-7.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2025-5918",
      "ratings": [
        {
          "source": {
            "name": "azure"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 6.6,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 3.9,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "low"
        }
      ],
      "cwes": [
        125
      ],
      "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2025-5918"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2025-5918"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370877"
        },
        {
          "url": "https://github.com/libarchive/libarchive/pull/2584"
        },
        {
          "url": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8147-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-5918"
        }
      ],
      "published": "2025-06-09T20:15:27+00:00",
      "updated": "2025-08-15T18:35:04+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.3.3-7.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2025-6069",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "bitnami"
          },
          "score": 4.3,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 4.3,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        1333
      ],
      "description": "The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2025-6069"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2025:23342"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2025-6069"
        },
        {
          "url": "https://bugzilla.redhat.com/2294682"
        },
        {
          "url": "https://bugzilla.redhat.com/2373234"
        },
        {
          "url": "https://bugzilla.redhat.com/2402342"
        },
        {
          "url": "https://bugzilla.redhat.com/2408891"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294682"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373234"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402342"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408891"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5642"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6069"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6075"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8291"
        },
        {
          "url": "https://errata.almalinux.org/9/ALSA-2025-23342.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2025:23342"
        },
        {
          "url": "https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949"
        },
        {
          "url": "https://github.com/python/cpython/commit/6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41"
        },
        {
          "url": "https://github.com/python/cpython/commit/6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41"
        },
        {
          "url": "https://github.com/python/cpython/commit/8d1b3dfa09135affbbf27fb8babcf3c11415df49"
        },
        {
          "url": "https://github.com/python/cpython/commit/ab0893fd5c579d9cea30841680e6d35fc478afb5"
        },
        {
          "url": "https://github.com/python/cpython/commit/d851f8e258c7328814943e923a7df81bca15df4b"
        },
        {
          "url": "https://github.com/python/cpython/commit/f3c6f882cddc8dc30320d2e73edf019e201394fc"
        },
        {
          "url": "https://github.com/python/cpython/commit/fdc9d214c01cb4588f540cfa03726bbf2a33fc15"
        },
        {
          "url": "https://github.com/python/cpython/issues/135462"
        },
        {
          "url": "https://github.com/python/cpython/pull/135464"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2025-6069.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2025-23530.html"
        },
        {
          "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/K5PIYLR6EP3WR7ZOKKYQUWEDNQVUXOYM/"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6069"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7710-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
        }
      ],
      "published": "2025-06-17T14:15:33+00:00",
      "updated": "2026-04-15T00:35:42+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.6.8-76.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.6.8-76.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2025-6075",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 5.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 4,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        400
      ],
      "description": "If the value passed to os.path.expandvars() is user-controlled a \nperformance degradation is possible when expanding environment \nvariables.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2025-6075"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:19177"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2025-6075"
        },
        {
          "url": "https://bugzilla.redhat.com/2395108"
        },
        {
          "url": "https://bugzilla.redhat.com/2408891"
        },
        {
          "url": "https://bugzilla.redhat.com/2418084"
        },
        {
          "url": "https://bugzilla.redhat.com/2431366"
        },
        {
          "url": "https://bugzilla.redhat.com/2431374"
        },
        {
          "url": "https://bugzilla.redhat.com/2444691"
        },
        {
          "url": "https://bugzilla.redhat.com/2448168"
        },
        {
          "url": "https://bugzilla.redhat.com/2448181"
        },
        {
          "url": "https://bugzilla.redhat.com/2449649"
        },
        {
          "url": "https://bugzilla.redhat.com/2457409"
        },
        {
          "url": "https://bugzilla.redhat.com/2457932"
        },
        {
          "url": "https://bugzilla.redhat.com/2458049"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408891"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418084"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431366"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431374"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2444691"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448168"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448181"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449649"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457409"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457932"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458049"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13837"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15282"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59375"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6075"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0672"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1502"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2297"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3644"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4224"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4519"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4786"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6100"
        },
        {
          "url": "https://errata.almalinux.org/9/ALSA-2026-19177.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2026:19064"
        },
        {
          "url": "https://github.com/python/cpython/commit/2e6150adccaaf5bd95d4c19dfd04a36e0b325d8c"
        },
        {
          "url": "https://github.com/python/cpython/commit/5dceb93486176e6b4a6d9754491005113eb23427"
        },
        {
          "url": "https://github.com/python/cpython/commit/631ba3407e3348ccd56ce5160c4fb2c5dc5f4d84"
        },
        {
          "url": "https://github.com/python/cpython/commit/892747b4cf0f95ba8beb51c0d0658bfaa381ebca"
        },
        {
          "url": "https://github.com/python/cpython/commit/9ab89c026aa9611c4b0b67c288b8303a480fe742"
        },
        {
          "url": "https://github.com/python/cpython/commit/c8a5f3435c342964e0a432cc9fb448b7dbecd1ba"
        },
        {
          "url": "https://github.com/python/cpython/commit/f029e8db626ddc6e3a3beea4eff511a71aaceb5c"
        },
        {
          "url": "https://github.com/python/cpython/issues/136065"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2025-6075.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2026-10950.html"
        },
        {
          "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA/"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6075"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7886-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7886-2"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-6075"
        }
      ],
      "published": "2025-10-31T17:15:48+00:00",
      "updated": "2026-02-04T19:05:15+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.6.8-76.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.6.8-76.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": "Exploitability analysis, additional details:\nTemurin JVM binary is linked only against glibc:\n$ ldd /usr/lib/jvm/temurin-17-jre/bin/java\n        linux-vdso.so.1 (0x0000ffff8cd00000)\n        libjli.so => /usr/lib/jvm/temurin-17-jre/bin/../lib/libjli.so (0x0000ffff8cc70000)\n        libpthread.so.0 => /lib64/libpthread.so.0 (0x0000ffff8cc3b000)\n        libdl.so.2 => /lib64/libdl.so.2 (0x0000ffff8cc1a000)\n        libc.so.6 => /lib64/libc.so.6 (0x0000ffff8caa4000)\n        /lib/ld-linux-aarch64.so.1 (0x0000ffff8ccc2000)"
      }
    },
    {
      "id": "CVE-2025-60753",
      "ratings": [
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 5.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "low"
        }
      ],
      "cwes": [
        400,
        835
      ],
      "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2025-60753"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2025-60753"
        },
        {
          "url": "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753"
        },
        {
          "url": "https://github.com/libarchive/libarchive/issues/2725"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8147-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-60753"
        }
      ],
      "published": "2025-11-05T16:15:40+00:00",
      "updated": "2026-02-04T21:19:45+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.3.3-7.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2025-6170",
      "ratings": [
        {
          "source": {
            "name": "azure"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 2.5,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 2.5,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        121
      ],
      "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2025-6170"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:7519"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2025-6170"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372952"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-253495.html"
        },
        {
          "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/941"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7694-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-6170"
        }
      ],
      "published": "2025-06-16T16:15:20+00:00",
      "updated": "2026-06-02T14:16:38+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "2.9.7-21.el8_10.4",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2025-64118",
      "ratings": [
        {
          "source": {
            "name": "redhat"
          },
          "score": 4.7,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"
        }
      ],
      "cwes": [
        362,
        367
      ],
      "description": "node-tar is a Tar for Node.js. In 7.5.1, using .t (aka .list) with { sync: true } to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. This vulnerability is fixed in 7.5.2.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2025-64118"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2025-64118"
        },
        {
          "url": "https://github.com/isaacs/node-tar"
        },
        {
          "url": "https://github.com/isaacs/node-tar/commit/5330eb04bc43014f216e5c271b40d5c00d45224d"
        },
        {
          "url": "https://github.com/isaacs/node-tar/commit/5e1a8e638600d3c3a2969b4de6a6ec44fa8d74c9"
        },
        {
          "url": "https://github.com/isaacs/node-tar/issues/445"
        },
        {
          "url": "https://github.com/isaacs/node-tar/pull/446"
        },
        {
          "url": "https://github.com/isaacs/node-tar/security/advisories/GHSA-29xp-372q-xqph"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64118"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-64118"
        }
      ],
      "published": "2025-10-30T18:15:33+00:00",
      "updated": "2026-04-15T00:35:42+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2",
          "versions": [
            {
              "version": "2:1.30-11.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2025-66382",
      "ratings": [
        {
          "source": {
            "name": "nvd"
          },
          "score": 5.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 2.9,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        407
      ],
      "description": "In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2025-66382"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2025/12/02/1"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2025-66382"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-253495.html"
        },
        {
          "url": "https://github.com/libexpat/libexpat/issues/1076"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66382"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-66382"
        }
      ],
      "published": "2025-11-28T07:15:57+00:00",
      "updated": "2026-06-02T14:16:37+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "2.5.0-1.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2025-68160",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "julia"
          },
          "score": 4.7,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 4.7,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "low"
        }
      ],
      "cwes": [
        787
      ],
      "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2025-68160"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:1473"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2025-68160"
        },
        {
          "url": "https://bugzilla.redhat.com/2430375"
        },
        {
          "url": "https://bugzilla.redhat.com/2430376"
        },
        {
          "url": "https://bugzilla.redhat.com/2430377"
        },
        {
          "url": "https://bugzilla.redhat.com/2430378"
        },
        {
          "url": "https://bugzilla.redhat.com/2430379"
        },
        {
          "url": "https://bugzilla.redhat.com/2430380"
        },
        {
          "url": "https://bugzilla.redhat.com/2430381"
        },
        {
          "url": "https://bugzilla.redhat.com/2430386"
        },
        {
          "url": "https://bugzilla.redhat.com/2430387"
        },
        {
          "url": "https://bugzilla.redhat.com/2430388"
        },
        {
          "url": "https://bugzilla.redhat.com/2430389"
        },
        {
          "url": "https://bugzilla.redhat.com/2430390"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430375"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430376"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430377"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430378"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430379"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430380"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430381"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430386"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430387"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430388"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430389"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430390"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796"
        },
        {
          "url": "https://errata.almalinux.org/9/ALSA-2026-1473.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2026:1472"
        },
        {
          "url": "https://github.com/advisories/GHSA-g78j-46j5-97cr"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2025-68160.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2026-50081.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160"
        },
        {
          "url": "https://openssl-library.org/news/secadv/20260127.txt"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7980-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7980-2"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68160"
        }
      ],
      "published": "2026-01-27T16:16:15+00:00",
      "updated": "2026-05-12T13:17:24+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1",
          "versions": [
            {
              "version": "1:1.1.1k-15.el8_6",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1",
          "versions": [
            {
              "version": "1:1.1.1k-15.el8_6",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": "Exploitability analysis, additional details:\nTemurin JVM binary is linked only against glibc:\n$ ldd /usr/lib/jvm/temurin-17-jre/bin/java\n        linux-vdso.so.1 (0x0000ffff8cd00000)\n        libjli.so => /usr/lib/jvm/temurin-17-jre/bin/../lib/libjli.so (0x0000ffff8cc70000)\n        libpthread.so.0 => /lib64/libpthread.so.0 (0x0000ffff8cc3b000)\n        libdl.so.2 => /lib64/libdl.so.2 (0x0000ffff8cc1a000)\n        libc.so.6 => /lib64/libc.so.6 (0x0000ffff8caa4000)\n        /lib/ld-linux-aarch64.so.1 (0x0000ffff8ccc2000)"
      }
    },
    {
      "id": "CVE-2025-68972",
      "ratings": [
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "julia"
          },
          "score": 5.9,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 4.7,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 5.9,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N"
        }
      ],
      "cwes": [
        347
      ],
      "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2025-68972"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2025-68972"
        },
        {
          "url": "https://github.com/advisories/GHSA-w789-3q45-984r"
        },
        {
          "url": "https://gpg.fail/formfeed"
        },
        {
          "url": "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i"
        },
        {
          "url": "https://news.ycombinator.com/item?id=46404339"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68972"
        }
      ],
      "published": "2025-12-27T23:15:40+00:00",
      "updated": "2026-01-09T20:08:47+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "2.2.20-4.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2025-69418",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "julia"
          },
          "score": 4,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 4,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "low"
        }
      ],
      "cwes": [
        325
      ],
      "description": "Issue summary: When using the low-level OCB API directly with AES-NI or<br>other hardware-accelerated code paths, inputs whose length is not a multiple<br>of 16 bytes can leave the final partial block unencrypted and unauthenticated.<br><br>Impact summary: The trailing 1-15 bytes of a message may be exposed in<br>cleartext on encryption and are not covered by the authentication tag,<br>allowing an attacker to read or tamper with those bytes without detection.<br><br>The low-level OCB encrypt and decrypt routines in the hardware-accelerated<br>stream path process full 16-byte blocks but do not advance the input/output<br>pointers. The subsequent tail-handling code then operates on the original<br>base pointers, effectively reprocessing the beginning of the buffer while<br>leaving the actual trailing bytes unprocessed. The authentication checksum<br>also excludes the true tail bytes.<br><br>However, typical OpenSSL consumers using EVP are not affected because the<br>higher-level EVP and provider OCB implementations split inputs so that full<br>blocks and trailing partial blocks are processed in separate calls, avoiding<br>the problematic code path. Additionally, TLS does not use OCB ciphersuites.<br>The vulnerability only affects applications that call the low-level<br>CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with<br>non-block-aligned lengths in a single call on hardware-accelerated builds.<br>For these reasons the issue was assessed as Low severity.<br><br>The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected<br>by this issue, as OCB mode is not a FIPS-approved algorithm.<br><br>OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.<br><br>OpenSSL 1.0.2 is not affected by this issue.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2025-69418"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:1473"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2025-69418"
        },
        {
          "url": "https://bugzilla.redhat.com/2430375"
        },
        {
          "url": "https://bugzilla.redhat.com/2430376"
        },
        {
          "url": "https://bugzilla.redhat.com/2430377"
        },
        {
          "url": "https://bugzilla.redhat.com/2430378"
        },
        {
          "url": "https://bugzilla.redhat.com/2430379"
        },
        {
          "url": "https://bugzilla.redhat.com/2430380"
        },
        {
          "url": "https://bugzilla.redhat.com/2430381"
        },
        {
          "url": "https://bugzilla.redhat.com/2430386"
        },
        {
          "url": "https://bugzilla.redhat.com/2430387"
        },
        {
          "url": "https://bugzilla.redhat.com/2430388"
        },
        {
          "url": "https://bugzilla.redhat.com/2430389"
        },
        {
          "url": "https://bugzilla.redhat.com/2430390"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430375"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430376"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430377"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430378"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430379"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430380"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430381"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430386"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430387"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430388"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430389"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430390"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796"
        },
        {
          "url": "https://errata.almalinux.org/9/ALSA-2026-1473.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2026:1472"
        },
        {
          "url": "https://github.com/advisories/GHSA-78qr-24v5-7q73"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2025-69418.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2026-50081.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418"
        },
        {
          "url": "https://openssl-library.org/news/secadv/20260127.txt"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7980-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7980-2"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-69418"
        }
      ],
      "published": "2026-01-27T16:16:33+00:00",
      "updated": "2026-05-12T13:17:24+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1",
          "versions": [
            {
              "version": "1:1.1.1k-15.el8_6",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1",
          "versions": [
            {
              "version": "1:1.1.1k-15.el8_6",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": "Exploitability analysis, additional details:\nTemurin JVM binary is linked only against glibc:\n$ ldd /usr/lib/jvm/temurin-17-jre/bin/java\n        linux-vdso.so.1 (0x0000ffff8cd00000)\n        libjli.so => /usr/lib/jvm/temurin-17-jre/bin/../lib/libjli.so (0x0000ffff8cc70000)\n        libpthread.so.0 => /lib64/libpthread.so.0 (0x0000ffff8cc3b000)\n        libdl.so.2 => /lib64/libdl.so.2 (0x0000ffff8cc1a000)\n        libc.so.6 => /lib64/libc.so.6 (0x0000ffff8caa4000)\n        /lib/ld-linux-aarch64.so.1 (0x0000ffff8ccc2000)"
      }
    },
    {
      "id": "CVE-2025-69420",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "julia"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 5.9,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "low"
        }
      ],
      "cwes": [
        754
      ],
      "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2025-69420"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:1473"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2025-69420"
        },
        {
          "url": "https://bugzilla.redhat.com/2430375"
        },
        {
          "url": "https://bugzilla.redhat.com/2430376"
        },
        {
          "url": "https://bugzilla.redhat.com/2430377"
        },
        {
          "url": "https://bugzilla.redhat.com/2430378"
        },
        {
          "url": "https://bugzilla.redhat.com/2430379"
        },
        {
          "url": "https://bugzilla.redhat.com/2430380"
        },
        {
          "url": "https://bugzilla.redhat.com/2430381"
        },
        {
          "url": "https://bugzilla.redhat.com/2430386"
        },
        {
          "url": "https://bugzilla.redhat.com/2430387"
        },
        {
          "url": "https://bugzilla.redhat.com/2430388"
        },
        {
          "url": "https://bugzilla.redhat.com/2430389"
        },
        {
          "url": "https://bugzilla.redhat.com/2430390"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430375"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430376"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430377"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430378"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430379"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430380"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430381"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430386"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430387"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430388"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430389"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430390"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796"
        },
        {
          "url": "https://errata.almalinux.org/9/ALSA-2026-1473.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2026:1472"
        },
        {
          "url": "https://github.com/advisories/GHSA-w42r-ph9f-9x66"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2025-69420.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2026-50081.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420"
        },
        {
          "url": "https://openssl-library.org/news/secadv/20260127.txt"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7980-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7980-2"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-69420"
        }
      ],
      "published": "2026-01-27T16:16:34+00:00",
      "updated": "2026-05-12T13:17:26+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1",
          "versions": [
            {
              "version": "1:1.1.1k-15.el8_6",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1",
          "versions": [
            {
              "version": "1:1.1.1k-15.el8_6",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": "Exploitability analysis, additional details:\nTemurin JVM binary is linked only against glibc:\n$ ldd /usr/lib/jvm/temurin-17-jre/bin/java\n        linux-vdso.so.1 (0x0000ffff8cd00000)\n        libjli.so => /usr/lib/jvm/temurin-17-jre/bin/../lib/libjli.so (0x0000ffff8cc70000)\n        libpthread.so.0 => /lib64/libpthread.so.0 (0x0000ffff8cc3b000)\n        libdl.so.2 => /lib64/libdl.so.2 (0x0000ffff8cc1a000)\n        libc.so.6 => /lib64/libc.so.6 (0x0000ffff8caa4000)\n        /lib/ld-linux-aarch64.so.1 (0x0000ffff8ccc2000)"
      }
    },
    {
      "id": "CVE-2025-69421",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "julia"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 6.5,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "low"
        }
      ],
      "cwes": [
        476
      ],
      "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2025-69421"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:1473"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2025-69421"
        },
        {
          "url": "https://bugzilla.redhat.com/2430375"
        },
        {
          "url": "https://bugzilla.redhat.com/2430376"
        },
        {
          "url": "https://bugzilla.redhat.com/2430377"
        },
        {
          "url": "https://bugzilla.redhat.com/2430378"
        },
        {
          "url": "https://bugzilla.redhat.com/2430379"
        },
        {
          "url": "https://bugzilla.redhat.com/2430380"
        },
        {
          "url": "https://bugzilla.redhat.com/2430381"
        },
        {
          "url": "https://bugzilla.redhat.com/2430386"
        },
        {
          "url": "https://bugzilla.redhat.com/2430387"
        },
        {
          "url": "https://bugzilla.redhat.com/2430388"
        },
        {
          "url": "https://bugzilla.redhat.com/2430389"
        },
        {
          "url": "https://bugzilla.redhat.com/2430390"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430375"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430376"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430377"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430378"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430379"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430380"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430381"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430386"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430387"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430388"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430389"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430390"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796"
        },
        {
          "url": "https://errata.almalinux.org/9/ALSA-2026-1473.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2026:1472"
        },
        {
          "url": "https://github.com/advisories/GHSA-w9rv-xc8m-cmqp"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2025-69421.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2026-50081.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421"
        },
        {
          "url": "https://openssl-library.org/news/secadv/20260127.txt"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7980-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7980-2"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-69421"
        }
      ],
      "published": "2026-01-27T16:16:34+00:00",
      "updated": "2026-05-12T13:17:26+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1",
          "versions": [
            {
              "version": "1:1.1.1k-15.el8_6",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1",
          "versions": [
            {
              "version": "1:1.1.1k-15.el8_6",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": "Exploitability analysis, additional details:\nTemurin JVM binary is linked only against glibc:\n$ ldd /usr/lib/jvm/temurin-17-jre/bin/java\n        linux-vdso.so.1 (0x0000ffff8cd00000)\n        libjli.so => /usr/lib/jvm/temurin-17-jre/bin/../lib/libjli.so (0x0000ffff8cc70000)\n        libpthread.so.0 => /lib64/libpthread.so.0 (0x0000ffff8cc3b000)\n        libdl.so.2 => /lib64/libdl.so.2 (0x0000ffff8cc1a000)\n        libc.so.6 => /lib64/libc.so.6 (0x0000ffff8caa4000)\n        /lib/ld-linux-aarch64.so.1 (0x0000ffff8ccc2000)"
      }
    },
    {
      "id": "CVE-2025-7039",
      "ratings": [
        {
          "source": {
            "name": "azure"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 3.7,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "low"
        }
      ],
      "cwes": [
        22
      ],
      "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2025-7039"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2025-7039"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392423"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-253495.html"
        },
        {
          "url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3716"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7942-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7942-2"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-7039"
        }
      ],
      "published": "2025-09-03T02:15:38+00:00",
      "updated": "2026-06-02T14:16:39+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "2.56.4-168.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2025-70873",
      "ratings": [
        {
          "source": {
            "name": "azure"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "bitnami"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 3.3,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"
        }
      ],
      "cwes": [
        244
      ],
      "description": "An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2025-70873"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2025-70873"
        },
        {
          "url": "https://gist.github.com/cnwangjihe/f496393f30f5ecec5b18c8f5ab072054"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70873"
        },
        {
          "url": "https://sqlite.org/forum/forumpost/761eac3c82"
        },
        {
          "url": "https://sqlite.org/src/info/3d459f1fb1bd1b5e"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-70873"
        }
      ],
      "published": "2026-03-12T19:16:15+00:00",
      "updated": "2026-04-16T21:15:47+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.26.0-20.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2025-8114",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 4.7,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 4.7,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "low"
        }
      ],
      "cwes": [
        476
      ],
      "description": "A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2025-8114"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:18683"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2025-8114"
        },
        {
          "url": "https://bugzilla.redhat.com/2369367"
        },
        {
          "url": "https://bugzilla.redhat.com/2376184"
        },
        {
          "url": "https://bugzilla.redhat.com/2376193"
        },
        {
          "url": "https://bugzilla.redhat.com/2383220"
        },
        {
          "url": "https://bugzilla.redhat.com/2383888"
        },
        {
          "url": "https://bugzilla.redhat.com/2433121"
        },
        {
          "url": "https://bugzilla.redhat.com/2436979"
        },
        {
          "url": "https://bugzilla.redhat.com/2436980"
        },
        {
          "url": "https://bugzilla.redhat.com/2436981"
        },
        {
          "url": "https://bugzilla.redhat.com/2436982"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369367"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376184"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376193"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2383220"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2383888"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433121"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436979"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436980"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436981"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436982"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4877"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4878"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5351"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8114"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8277"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0964"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0965"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0966"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0967"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0968"
        },
        {
          "url": "https://errata.almalinux.org/9/ALSA-2026-18683.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2026:18683"
        },
        {
          "url": "https://git.libssh.org/projects/libssh.git/commit/?id=53ac23ded4cb2c5463f6c4cd1525331bd578812d"
        },
        {
          "url": "https://git.libssh.org/projects/libssh.git/commit/?id=65f363c9"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8114"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7849-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-8114"
        },
        {
          "url": "https://www.libssh.org/security/advisories/CVE-2025-8114.txt"
        }
      ],
      "published": "2025-07-24T15:15:27+00:00",
      "updated": "2026-05-19T14:16:28+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10",
          "versions": [
            {
              "version": "0.9.6-16.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "0.9.6-16.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2025-8277",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 3.1,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "low"
        }
      ],
      "cwes": [
        401
      ],
      "description": "A flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory. This issue can lead to crashes on the client side, particularly when using libgcrypt, which impacts application stability and availability.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2025-8277"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:18683"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2025-8277"
        },
        {
          "url": "https://bugzilla.redhat.com/2369367"
        },
        {
          "url": "https://bugzilla.redhat.com/2376184"
        },
        {
          "url": "https://bugzilla.redhat.com/2376193"
        },
        {
          "url": "https://bugzilla.redhat.com/2383220"
        },
        {
          "url": "https://bugzilla.redhat.com/2383888"
        },
        {
          "url": "https://bugzilla.redhat.com/2433121"
        },
        {
          "url": "https://bugzilla.redhat.com/2436979"
        },
        {
          "url": "https://bugzilla.redhat.com/2436980"
        },
        {
          "url": "https://bugzilla.redhat.com/2436981"
        },
        {
          "url": "https://bugzilla.redhat.com/2436982"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369367"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376184"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376193"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2383220"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2383888"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433121"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436979"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436980"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436981"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436982"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4877"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4878"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5351"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8114"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8277"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0964"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0965"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0966"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0967"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0968"
        },
        {
          "url": "https://errata.almalinux.org/9/ALSA-2026-18683.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2026:18683"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8277"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8051-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8051-2"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-8277"
        },
        {
          "url": "https://www.libssh.org/security/advisories/CVE-2025-8277.txt"
        }
      ],
      "published": "2025-09-09T12:15:30+00:00",
      "updated": "2026-05-19T14:16:29+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10",
          "versions": [
            {
              "version": "0.9.6-16.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "0.9.6-16.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2025-8291",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "bitnami"
          },
          "score": 4.3,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 4.3,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        1285
      ],
      "description": "The 'zipfile' module would not check the validity of the ZIP64 End of\nCentral Directory (EOCD) Locator record offset value would not be used to\nlocate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be\nassumed to be the previous record in the ZIP archive. This could be abused\nto create ZIP archives that are handled differently by the 'zipfile' module\ncompared to other ZIP implementations.\n\n\nRemediation maintains this behavior, but checks that the offset specified\nin the ZIP64 EOCD Locator record matches the expected value.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2025-8291"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2025:23342"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2025-8291"
        },
        {
          "url": "https://bugzilla.redhat.com/2294682"
        },
        {
          "url": "https://bugzilla.redhat.com/2373234"
        },
        {
          "url": "https://bugzilla.redhat.com/2402342"
        },
        {
          "url": "https://bugzilla.redhat.com/2408891"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402342"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8291"
        },
        {
          "url": "https://errata.almalinux.org/9/ALSA-2025-23342.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2025:23940"
        },
        {
          "url": "https://github.com/google/security-research/security/advisories/GHSA-hhv7-p4pg-wm6p"
        },
        {
          "url": "https://github.com/psf/advisory-database/blob/main/advisories/python/PSF-2025-12.json"
        },
        {
          "url": "https://github.com/python/cpython/commit/162997bb70e067668c039700141770687bc8f267"
        },
        {
          "url": "https://github.com/python/cpython/commit/1d29afb0d6218aa8fb5e1e4a6133a4778d89bb46"
        },
        {
          "url": "https://github.com/python/cpython/commit/333d4a6f4967d3ace91492a39ededbcf3faa76a6"
        },
        {
          "url": "https://github.com/python/cpython/commit/76437ac248ad8ca44e9bf697b02b1e2241df2196"
        },
        {
          "url": "https://github.com/python/cpython/commit/8392b2f0d35678407d9ce7d95655a5b77de161b4"
        },
        {
          "url": "https://github.com/python/cpython/commit/bca11ae7d575d87ed93f5dd6a313be6246e3e388"
        },
        {
          "url": "https://github.com/python/cpython/commit/d11e69d6203080e3ec450446bfed0516727b85c3"
        },
        {
          "url": "https://github.com/python/cpython/issues/139700"
        },
        {
          "url": "https://github.com/python/cpython/pull/139702"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2025-8291.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2026-0123.html"
        },
        {
          "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/QECOPWMTH4VPPJAXAH2BGTA4XADOP62G/"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8291"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7886-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7886-2"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-8291"
        }
      ],
      "published": "2025-10-07T18:16:00+00:00",
      "updated": "2026-04-15T00:35:42+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.6.8-76.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.6.8-76.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-0672",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 4.8,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        93
      ],
      "description": "When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-0672"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:19177"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-0672"
        },
        {
          "url": "https://bugzilla.redhat.com/2395108"
        },
        {
          "url": "https://bugzilla.redhat.com/2408891"
        },
        {
          "url": "https://bugzilla.redhat.com/2418084"
        },
        {
          "url": "https://bugzilla.redhat.com/2431366"
        },
        {
          "url": "https://bugzilla.redhat.com/2431374"
        },
        {
          "url": "https://bugzilla.redhat.com/2444691"
        },
        {
          "url": "https://bugzilla.redhat.com/2448168"
        },
        {
          "url": "https://bugzilla.redhat.com/2448181"
        },
        {
          "url": "https://bugzilla.redhat.com/2449649"
        },
        {
          "url": "https://bugzilla.redhat.com/2457409"
        },
        {
          "url": "https://bugzilla.redhat.com/2457932"
        },
        {
          "url": "https://bugzilla.redhat.com/2458049"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408891"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418084"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431366"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431374"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2444691"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448168"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448181"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449649"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457409"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457932"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458049"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13837"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15282"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59375"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6075"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0672"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1502"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2297"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3644"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4224"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4519"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4786"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6100"
        },
        {
          "url": "https://errata.almalinux.org/9/ALSA-2026-19177.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2026:19064"
        },
        {
          "url": "https://github.com/python/cpython/commit/62700107418eb2cca3fc88da036a243ea975f172"
        },
        {
          "url": "https://github.com/python/cpython/commit/712452e6f1d4b9f7f8c4c92ebfcaac1705faa440"
        },
        {
          "url": "https://github.com/python/cpython/commit/7852d72b653fea0199acf5fc2a84f6f8b84eba8d"
        },
        {
          "url": "https://github.com/python/cpython/commit/918387e4912d12ffc166c8f2a38df92b6ec756ca"
        },
        {
          "url": "https://github.com/python/cpython/commit/95746b3a13a985787ef53b977129041971ed7f70"
        },
        {
          "url": "https://github.com/python/cpython/commit/b1869ff648bbee0717221d09e6deff46617f3e85"
        },
        {
          "url": "https://github.com/python/cpython/issues/143919"
        },
        {
          "url": "https://github.com/python/cpython/pull/143920"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2026-0672.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2026-10950.html"
        },
        {
          "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/6VFLQQEIX673KXKFUZXCUNE5AZOGZ45M/"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0672"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8018-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8018-3"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-0672"
        }
      ],
      "published": "2026-01-20T22:15:52+00:00",
      "updated": "2026-04-15T00:35:42+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.6.8-76.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.6.8-76.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-0964",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 6.3,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 5,
          "severity": "medium",
          "method": "CVSSv3",
          "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        22
      ],
      "description": "A malicious SCP server can send unexpected paths that could make the\nclient application override local files outside of working directory.\nThis could be misused to create malicious executable or configuration\nfiles and make the user execute them under specific consequences.\n\nThis is the same issue as in OpenSSH, tracked as CVE-2019-6111.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-0964"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:18160"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:18683"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-0964"
        },
        {
          "url": "https://bugzilla.redhat.com/2369367"
        },
        {
          "url": "https://bugzilla.redhat.com/2376184"
        },
        {
          "url": "https://bugzilla.redhat.com/2376193"
        },
        {
          "url": "https://bugzilla.redhat.com/2383220"
        },
        {
          "url": "https://bugzilla.redhat.com/2383888"
        },
        {
          "url": "https://bugzilla.redhat.com/2433121"
        },
        {
          "url": "https://bugzilla.redhat.com/2436979"
        },
        {
          "url": "https://bugzilla.redhat.com/2436980"
        },
        {
          "url": "https://bugzilla.redhat.com/2436981"
        },
        {
          "url": "https://bugzilla.redhat.com/2436982"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433121"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436979"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436980"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436981"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436982"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0964"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0965"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0966"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0967"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0968"
        },
        {
          "url": "https://errata.almalinux.org/9/ALSA-2026-18683.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2026:18160"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0964"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8051-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8051-2"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-0964"
        },
        {
          "url": "https://www.libssh.org/2026/02/10/libssh-0-12-0-and-0-11-4-security-releases/"
        },
        {
          "url": "https://www.libssh.org/security/advisories/CVE-2026-0964.txt"
        }
      ],
      "published": "2026-03-26T21:17:00+00:00",
      "updated": "2026-05-19T14:16:32+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10",
          "versions": [
            {
              "version": "0.9.6-16.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "0.9.6-16.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-0965",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 3.3,
          "severity": "low",
          "method": "CVSSv3",
          "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "low"
        }
      ],
      "cwes": [
        73
      ],
      "description": "A flaw was found in libssh where it can attempt to open arbitrary files during configuration parsing. A local attacker can exploit this by providing a malicious configuration file or when the system is misconfigured. This vulnerability could lead to a Denial of Service (DoS) by causing the system to try and access dangerous files, such as block devices or large system files, which can disrupt normal operations.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-0965"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:18160"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:18683"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-0965"
        },
        {
          "url": "https://bugzilla.redhat.com/2369367"
        },
        {
          "url": "https://bugzilla.redhat.com/2376184"
        },
        {
          "url": "https://bugzilla.redhat.com/2376193"
        },
        {
          "url": "https://bugzilla.redhat.com/2383220"
        },
        {
          "url": "https://bugzilla.redhat.com/2383888"
        },
        {
          "url": "https://bugzilla.redhat.com/2433121"
        },
        {
          "url": "https://bugzilla.redhat.com/2436979"
        },
        {
          "url": "https://bugzilla.redhat.com/2436980"
        },
        {
          "url": "https://bugzilla.redhat.com/2436981"
        },
        {
          "url": "https://bugzilla.redhat.com/2436982"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433121"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436979"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436980"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436981"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436982"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0964"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0965"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0966"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0967"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0968"
        },
        {
          "url": "https://errata.almalinux.org/9/ALSA-2026-18683.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2026:18160"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0965"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8051-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8051-2"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-0965"
        },
        {
          "url": "https://www.libssh.org/security/advisories/CVE-2026-0965.txt"
        }
      ],
      "published": "2026-03-26T21:17:00+00:00",
      "updated": "2026-05-19T14:16:33+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10",
          "versions": [
            {
              "version": "0.9.6-16.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "0.9.6-16.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-0966",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 8.2,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 6.5,
          "severity": "medium",
          "method": "CVSSv3",
          "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "low"
        }
      ],
      "cwes": [
        124
      ],
      "description": "A flaw was found in libssh. The API function `ssh_get_hexa()` is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI (Generic Security Service Application Program Interface) authentication if the server's logging verbosity is set to `SSH_LOG_PACKET (3)` or higher. Successful exploitation could lead to a self-Denial of Service of the per-connection daemon process.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-0966"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:18160"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:18683"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:7067"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-0966"
        },
        {
          "url": "https://bugzilla.redhat.com/2369367"
        },
        {
          "url": "https://bugzilla.redhat.com/2376184"
        },
        {
          "url": "https://bugzilla.redhat.com/2376193"
        },
        {
          "url": "https://bugzilla.redhat.com/2383220"
        },
        {
          "url": "https://bugzilla.redhat.com/2383888"
        },
        {
          "url": "https://bugzilla.redhat.com/2433121"
        },
        {
          "url": "https://bugzilla.redhat.com/2436979"
        },
        {
          "url": "https://bugzilla.redhat.com/2436980"
        },
        {
          "url": "https://bugzilla.redhat.com/2436981"
        },
        {
          "url": "https://bugzilla.redhat.com/2436982"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433121"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436979"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436980"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436981"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436982"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0964"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0965"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0966"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0967"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0968"
        },
        {
          "url": "https://errata.almalinux.org/9/ALSA-2026-18683.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2026:18160"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0966"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8051-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8051-2"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-0966"
        },
        {
          "url": "https://www.libssh.org/2026/02/10/libssh-0-12-0-and-0-11-4-security-releases/"
        },
        {
          "url": "https://www.libssh.org/security/advisories/CVE-2026-0966.txt"
        }
      ],
      "published": "2026-03-26T21:17:00+00:00",
      "updated": "2026-05-19T14:16:36+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10",
          "versions": [
            {
              "version": "0.9.6-16.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "0.9.6-16.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-0967",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 5.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 2.2,
          "severity": "low",
          "method": "CVSSv3",
          "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        1333
      ],
      "description": "A flaw was found in libssh. A remote attacker, by controlling client configuration files or known_hosts files, could craft specific hostnames that when processed by the `match_pattern()` function can lead to inefficient regular expression backtracking. This can cause timeouts and resource exhaustion, resulting in a Denial of Service (DoS) for the client.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-0967"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:18160"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:18683"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-0967"
        },
        {
          "url": "https://bugzilla.redhat.com/2369367"
        },
        {
          "url": "https://bugzilla.redhat.com/2376184"
        },
        {
          "url": "https://bugzilla.redhat.com/2376193"
        },
        {
          "url": "https://bugzilla.redhat.com/2383220"
        },
        {
          "url": "https://bugzilla.redhat.com/2383888"
        },
        {
          "url": "https://bugzilla.redhat.com/2433121"
        },
        {
          "url": "https://bugzilla.redhat.com/2436979"
        },
        {
          "url": "https://bugzilla.redhat.com/2436980"
        },
        {
          "url": "https://bugzilla.redhat.com/2436981"
        },
        {
          "url": "https://bugzilla.redhat.com/2436982"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433121"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436979"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436980"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436981"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436982"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0964"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0965"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0966"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0967"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0968"
        },
        {
          "url": "https://errata.almalinux.org/9/ALSA-2026-18683.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2026:18160"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0967"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8051-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8051-2"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-0967"
        },
        {
          "url": "https://www.libssh.org/2026/02/10/libssh-0-12-0-and-0-11-4-security-releases/"
        },
        {
          "url": "https://www.libssh.org/security/advisories/CVE-2026-0967.txt"
        }
      ],
      "published": "2026-03-26T21:17:00+00:00",
      "updated": "2026-05-19T14:16:36+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10",
          "versions": [
            {
              "version": "0.9.6-16.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "0.9.6-16.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-0968",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 3.1,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 3.1,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        476
      ],
      "description": "A flaw was found in libssh in which a malicious SFTP (SSH File Transfer Protocol) server can exploit this by sending a malformed 'longname' field within an `SSH_FXP_NAME` message during a file listing operation. This missing null check can lead to reading beyond allocated memory on the heap. This can cause unexpected behavior or lead to a denial of service (DoS) due to application crashes.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-0968"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:18160"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:18683"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-0968"
        },
        {
          "url": "https://bugzilla.redhat.com/2369367"
        },
        {
          "url": "https://bugzilla.redhat.com/2376184"
        },
        {
          "url": "https://bugzilla.redhat.com/2376193"
        },
        {
          "url": "https://bugzilla.redhat.com/2383220"
        },
        {
          "url": "https://bugzilla.redhat.com/2383888"
        },
        {
          "url": "https://bugzilla.redhat.com/2433121"
        },
        {
          "url": "https://bugzilla.redhat.com/2436979"
        },
        {
          "url": "https://bugzilla.redhat.com/2436980"
        },
        {
          "url": "https://bugzilla.redhat.com/2436981"
        },
        {
          "url": "https://bugzilla.redhat.com/2436982"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433121"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436979"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436980"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436981"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436982"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0964"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0965"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0966"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0967"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0968"
        },
        {
          "url": "https://errata.almalinux.org/9/ALSA-2026-18683.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2026:18160"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0968"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8051-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8051-2"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-0968"
        },
        {
          "url": "https://www.libssh.org/2026/02/10/libssh-0-12-0-and-0-11-4-security-releases/"
        },
        {
          "url": "https://www.libssh.org/security/advisories/CVE-2026-0968.txt"
        }
      ],
      "published": "2026-03-26T21:17:01+00:00",
      "updated": "2026-05-19T14:16:38+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10",
          "versions": [
            {
              "version": "0.9.6-16.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "0.9.6-16.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-0988",
      "ratings": [
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 3.7,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        190
      ],
      "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-0988"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:7461"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-0988"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429886"
        },
        {
          "url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3851"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7971-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-0988"
        }
      ],
      "published": "2026-01-21T12:15:55+00:00",
      "updated": "2026-04-24T21:16:17+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "2.56.4-168.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-0989",
      "ratings": [
        {
          "source": {
            "name": "amazon"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 3.7,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        674
      ],
      "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested <include> directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-0989"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:7519"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-0989"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429933"
        },
        {
          "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/998"
        },
        {
          "url": "https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/374"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7974-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-0989"
        }
      ],
      "published": "2026-01-15T15:15:52+00:00",
      "updated": "2026-04-22T10:16:49+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "2.9.7-21.el8_10.4",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-0990",
      "ratings": [
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 5.9,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        674
      ],
      "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-0990"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:7519"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-0990"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429959"
        },
        {
          "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/1018"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7974-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-0990"
        }
      ],
      "published": "2026-01-15T15:15:52+00:00",
      "updated": "2026-04-22T10:16:50+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "2.9.7-21.el8_10.4",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-0992",
      "ratings": [
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 2.9,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        400
      ],
      "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated <nextCatalog> elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-0992"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:7519"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-0992"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429975"
        },
        {
          "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/1019"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7974-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-0992"
        }
      ],
      "published": "2026-01-15T15:15:52+00:00",
      "updated": "2026-04-22T10:16:50+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "2.9.7-21.el8_10.4",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-1484",
      "ratings": [
        {
          "source": {
            "name": "azure"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 4.2,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        787
      ],
      "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-1484"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-1484"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433259"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-253495.html"
        },
        {
          "url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3870"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1484"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8017-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-1484"
        }
      ],
      "published": "2026-01-27T14:15:56+00:00",
      "updated": "2026-06-02T14:16:45+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "2.56.4-168.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-1485",
      "ratings": [
        {
          "source": {
            "name": "photon"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 2.8,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        124
      ],
      "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-1485"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-1485"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433325"
        },
        {
          "url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3871"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1485"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8017-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-1485"
        }
      ],
      "published": "2026-01-27T14:15:56+00:00",
      "updated": "2026-04-15T00:35:42+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "2.56.4-168.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-1489",
      "ratings": [
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 5.4,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        787
      ],
      "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-1489"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-1489"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433348"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-253495.html"
        },
        {
          "url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3872"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1489"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8017-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-1489"
        }
      ],
      "published": "2026-01-27T15:15:57+00:00",
      "updated": "2026-06-02T14:16:45+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "2.56.4-168.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-1502",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 4.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "high"
        }
      ],
      "cwes": [
        93
      ],
      "description": "CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-1502"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2026/04/11/4"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:19177"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-1502"
        },
        {
          "url": "https://bugzilla.redhat.com/2395108"
        },
        {
          "url": "https://bugzilla.redhat.com/2408891"
        },
        {
          "url": "https://bugzilla.redhat.com/2418084"
        },
        {
          "url": "https://bugzilla.redhat.com/2431366"
        },
        {
          "url": "https://bugzilla.redhat.com/2431374"
        },
        {
          "url": "https://bugzilla.redhat.com/2444691"
        },
        {
          "url": "https://bugzilla.redhat.com/2448168"
        },
        {
          "url": "https://bugzilla.redhat.com/2448181"
        },
        {
          "url": "https://bugzilla.redhat.com/2449649"
        },
        {
          "url": "https://bugzilla.redhat.com/2457409"
        },
        {
          "url": "https://bugzilla.redhat.com/2457932"
        },
        {
          "url": "https://bugzilla.redhat.com/2458049"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408891"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418084"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431366"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431374"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2444691"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448168"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448181"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449649"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457409"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457932"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458049"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13837"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15282"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59375"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6075"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0672"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1502"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2297"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3644"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4224"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4519"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4786"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6100"
        },
        {
          "url": "https://errata.almalinux.org/9/ALSA-2026-19177.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2026:19064"
        },
        {
          "url": "https://github.com/python/cpython/commit/05ed7ce7ae9e17c23a04085b2539fe6d6d3cef69"
        },
        {
          "url": "https://github.com/python/cpython/commit/9e071c9b28c17f347f81b388a003d4eeb3c7a8dd"
        },
        {
          "url": "https://github.com/python/cpython/commit/b1cf9016335cb637c5a425032e8274a224f4b2ed"
        },
        {
          "url": "https://github.com/python/cpython/commit/c00c386faa579ad71196d33408644478488e43ec"
        },
        {
          "url": "https://github.com/python/cpython/issues/146211"
        },
        {
          "url": "https://github.com/python/cpython/pull/146212"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2026-1502.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2026-10950.html"
        },
        {
          "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/2IVPAEQWUJBCTQZEJEVTYCIKSMQPGRZ3/"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1502"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-1502"
        }
      ],
      "published": "2026-04-10T18:16:40+00:00",
      "updated": "2026-06-04T15:16:50+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.6.8-76.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.6.8-76.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-1757",
      "ratings": [
        {
          "source": {
            "name": "amazon"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 6.2,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "low"
        }
      ],
      "cwes": [
        401
      ],
      "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-1757"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:7519"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-1757"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435940"
        },
        {
          "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/1009"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-1757"
        }
      ],
      "published": "2026-02-02T13:15:58+00:00",
      "updated": "2026-04-22T10:16:50+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "2.9.7-21.el8_10.4",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-1965",
      "ratings": [
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "julia"
          },
          "score": 6.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 6.8,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        305
      ],
      "description": "libcurl can in some circumstances reuse the wrong connection when asked to do\nan Negotiate-authenticated HTTP or HTTPS request.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criterion must first be met. Due to a\nlogical error in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials. One underlying reason being that\nNegotiate sometimes authenticates *connections* and not *requests*, contrary\nto how HTTP is designed to work.\n\nAn application that allows Negotiate authentication to a server (that responds\nwanting Negotiate) with `user1:password1` and then does another operation to\nthe same server also using Negotiate but with `user2:password2` (while the\nprevious connection is still alive) - the second request wrongly reused the\nsame connection and since it then sees that the Negotiate negotiation is\nalready made, it just sends the request over that connection thinking it uses\nthe user2 credentials when it is in fact still using the connection\nauthenticated for user1...\n\nThe set of authentication methods to use is set with  `CURLOPT_HTTPAUTH`.\n\nApplications can disable libcurl's reuse of connections and thus mitigate this\nproblem, by using one of the following libcurl options to alter how\nconnections are or are not reused: `CURLOPT_FRESH_CONNECT`,\n`CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the\ncurl_multi API).",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-1965"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-1965"
        },
        {
          "url": "https://curl.se/docs/CVE-2026-1965.html"
        },
        {
          "url": "https://curl.se/docs/CVE-2026-1965.json"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1965"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8084-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8099-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-1965"
        }
      ],
      "published": "2026-03-11T11:15:59+00:00",
      "updated": "2026-03-12T14:11:19+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "7.61.1-34.el8_10.11",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "7.61.1-34.el8_10.11",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-22185",
      "ratings": [
        {
          "source": {
            "name": "redhat"
          },
          "score": 6.8,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        125,
        191
      ],
      "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-22185"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-22185"
        },
        {
          "url": "https://bugs.openldap.org/show_bug.cgi?id=10421"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185"
        },
        {
          "url": "https://seclists.org/fulldisclosure/2026/Jan/5"
        },
        {
          "url": "https://seclists.org/fulldisclosure/2026/Jan/8"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22185"
        },
        {
          "url": "https://www.openldap.org/"
        },
        {
          "url": "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline"
        }
      ],
      "published": "2026-01-07T21:16:01+00:00",
      "updated": "2026-04-15T00:35:42+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "2.4.46-21.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-22795",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "julia"
          },
          "score": 5.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 5.5,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "low"
        }
      ],
      "cwes": [
        754
      ],
      "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-22795"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:1473"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-22795"
        },
        {
          "url": "https://bugzilla.redhat.com/2430375"
        },
        {
          "url": "https://bugzilla.redhat.com/2430376"
        },
        {
          "url": "https://bugzilla.redhat.com/2430377"
        },
        {
          "url": "https://bugzilla.redhat.com/2430378"
        },
        {
          "url": "https://bugzilla.redhat.com/2430379"
        },
        {
          "url": "https://bugzilla.redhat.com/2430380"
        },
        {
          "url": "https://bugzilla.redhat.com/2430381"
        },
        {
          "url": "https://bugzilla.redhat.com/2430386"
        },
        {
          "url": "https://bugzilla.redhat.com/2430387"
        },
        {
          "url": "https://bugzilla.redhat.com/2430388"
        },
        {
          "url": "https://bugzilla.redhat.com/2430389"
        },
        {
          "url": "https://bugzilla.redhat.com/2430390"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430375"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430376"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430377"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430378"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430379"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430380"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430381"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430386"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430387"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430388"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430389"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430390"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796"
        },
        {
          "url": "https://errata.almalinux.org/9/ALSA-2026-1473.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2026:1472"
        },
        {
          "url": "https://github.com/advisories/GHSA-3vqq-45qg-2xf6"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2026-22795.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2026-50081.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795"
        },
        {
          "url": "https://openssl-library.org/news/secadv/20260127.txt"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7980-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7980-2"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22795"
        }
      ],
      "published": "2026-01-27T16:16:35+00:00",
      "updated": "2026-05-12T13:17:32+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1",
          "versions": [
            {
              "version": "1:1.1.1k-15.el8_6",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1",
          "versions": [
            {
              "version": "1:1.1.1k-15.el8_6",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": "Exploitability analysis, additional details:\nTemurin JVM binary is linked only against glibc:\n$ ldd /usr/lib/jvm/temurin-17-jre/bin/java\n        linux-vdso.so.1 (0x0000ffff8cd00000)\n        libjli.so => /usr/lib/jvm/temurin-17-jre/bin/../lib/libjli.so (0x0000ffff8cc70000)\n        libpthread.so.0 => /lib64/libpthread.so.0 (0x0000ffff8cc3b000)\n        libdl.so.2 => /lib64/libdl.so.2 (0x0000ffff8cc1a000)\n        libc.so.6 => /lib64/libc.so.6 (0x0000ffff8caa4000)\n        /lib/ld-linux-aarch64.so.1 (0x0000ffff8ccc2000)"
      }
    },
    {
      "id": "CVE-2026-22796",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "julia"
          },
          "score": 5.3,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 5.9,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "low"
        }
      ],
      "cwes": [
        754
      ],
      "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-22796"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:1473"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-22796"
        },
        {
          "url": "https://bugzilla.redhat.com/2430375"
        },
        {
          "url": "https://bugzilla.redhat.com/2430376"
        },
        {
          "url": "https://bugzilla.redhat.com/2430377"
        },
        {
          "url": "https://bugzilla.redhat.com/2430378"
        },
        {
          "url": "https://bugzilla.redhat.com/2430379"
        },
        {
          "url": "https://bugzilla.redhat.com/2430380"
        },
        {
          "url": "https://bugzilla.redhat.com/2430381"
        },
        {
          "url": "https://bugzilla.redhat.com/2430386"
        },
        {
          "url": "https://bugzilla.redhat.com/2430387"
        },
        {
          "url": "https://bugzilla.redhat.com/2430388"
        },
        {
          "url": "https://bugzilla.redhat.com/2430389"
        },
        {
          "url": "https://bugzilla.redhat.com/2430390"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430375"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430376"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430377"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430378"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430379"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430380"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430381"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430386"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430387"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430388"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430389"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430390"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796"
        },
        {
          "url": "https://errata.almalinux.org/9/ALSA-2026-1473.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2026:1472"
        },
        {
          "url": "https://github.com/advisories/GHSA-r9hf-rxjm-gv2f"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2026-22796.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2026-50081.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796"
        },
        {
          "url": "https://openssl-library.org/news/secadv/20260127.txt"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7980-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-7980-2"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22796"
        }
      ],
      "published": "2026-01-27T16:16:35+00:00",
      "updated": "2026-05-12T13:17:32+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1",
          "versions": [
            {
              "version": "1:1.1.1k-15.el8_6",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1",
          "versions": [
            {
              "version": "1:1.1.1k-15.el8_6",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": "Exploitability analysis, additional details:\nTemurin JVM binary is linked only against glibc:\n$ ldd /usr/lib/jvm/temurin-17-jre/bin/java\n        linux-vdso.so.1 (0x0000ffff8cd00000)\n        libjli.so => /usr/lib/jvm/temurin-17-jre/bin/../lib/libjli.so (0x0000ffff8cc70000)\n        libpthread.so.0 => /lib64/libpthread.so.0 (0x0000ffff8cc3b000)\n        libdl.so.2 => /lib64/libdl.so.2 (0x0000ffff8cc1a000)\n        libc.so.6 => /lib64/libc.so.6 (0x0000ffff8caa4000)\n        /lib/ld-linux-aarch64.so.1 (0x0000ffff8ccc2000)"
      }
    },
    {
      "id": "CVE-2026-2297",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 3.3,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        668
      ],
      "description": "The import hook in CPython that handles legacy *.pyc files (SourcelessFileLoader) is incorrectly handled in FileLoader (a base class) and so does not use io.open_code() to read the .pyc files. sys.audit handlers for this audit event therefore do not fire.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-2297"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2026/03/05/6"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:19177"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-2297"
        },
        {
          "url": "https://bugzilla.redhat.com/2395108"
        },
        {
          "url": "https://bugzilla.redhat.com/2408891"
        },
        {
          "url": "https://bugzilla.redhat.com/2418084"
        },
        {
          "url": "https://bugzilla.redhat.com/2431366"
        },
        {
          "url": "https://bugzilla.redhat.com/2431374"
        },
        {
          "url": "https://bugzilla.redhat.com/2444691"
        },
        {
          "url": "https://bugzilla.redhat.com/2448168"
        },
        {
          "url": "https://bugzilla.redhat.com/2448181"
        },
        {
          "url": "https://bugzilla.redhat.com/2449649"
        },
        {
          "url": "https://bugzilla.redhat.com/2457409"
        },
        {
          "url": "https://bugzilla.redhat.com/2457932"
        },
        {
          "url": "https://bugzilla.redhat.com/2458049"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408891"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418084"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431366"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431374"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2444691"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448168"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448181"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449649"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457409"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457932"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458049"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13837"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15282"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59375"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6075"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0672"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1502"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2297"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3644"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4224"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4519"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4786"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6100"
        },
        {
          "url": "https://errata.almalinux.org/9/ALSA-2026-19177.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2026:19064"
        },
        {
          "url": "https://github.com/python/cpython/commit/482d6f8bdba9da3725d272e8bb4a2d25fb6a603e"
        },
        {
          "url": "https://github.com/python/cpython/commit/69ddd9bb2cc4bd69b1565647c18659c6a789ccd9"
        },
        {
          "url": "https://github.com/python/cpython/commit/876858c9f65d9ab656c7fa639f268ce7856d89dd"
        },
        {
          "url": "https://github.com/python/cpython/commit/a51b1b512de1d56b3714b65628a2eae2b07e535e"
        },
        {
          "url": "https://github.com/python/cpython/commit/e58e9802b9bec5cdbf48fc9bf1da5f4fda482e86"
        },
        {
          "url": "https://github.com/python/cpython/issues/145506"
        },
        {
          "url": "https://github.com/python/cpython/pull/145507"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2026-2297.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2026-10950.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2297"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-2297"
        }
      ],
      "published": "2026-03-04T23:16:10+00:00",
      "updated": "2026-05-01T16:16:30+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.6.8-76.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.6.8-76.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-24281",
      "source": {
        "name": "ghsa",
        "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven"
      },
      "ratings": [
        {
          "source": {
            "name": "bitnami"
          },
          "score": 7.4,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
        },
        {
          "source": {
            "name": "ghsa"
          },
          "score": 7.4,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 7.4,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 7.4,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
        }
      ],
      "cwes": [
        295,
        350
      ],
      "description": "Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS (PTR) when IP SAN validation fails, allowing attackers who control or spoof PTR records to impersonate ZooKeeper servers or clients with a valid certificate for the PTR name. It's important to note that attacker must present a certificate which is trusted by ZKTrustManager which makes the attack vector harder to exploit. Users are recommended to upgrade to version 3.8.6 or 3.9.5, which fixes this issue by introducing a new configuration option to disable reverse DNS lookup in client and quorum protocols.",
      "recommendation": "Upgrade org.apache.zookeeper:zookeeper to version 3.8.6, 3.9.5",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-24281"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2026/03/07/4"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-24281"
        },
        {
          "url": "https://github.com/apache/zookeeper"
        },
        {
          "url": "https://github.com/apache/zookeeper/commit/66c4efecdda1302d9cfb3af9eedb122b74452bf3"
        },
        {
          "url": "https://issues.apache.org/jira/browse/ZOOKEEPER-4986"
        },
        {
          "url": "https://lists.apache.org/thread/088ddsbrzhd5lxzbqf5n24yg0mwh9jt2"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24281"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24281"
        }
      ],
      "published": "2026-03-07T09:16:07+00:00",
      "updated": "2026-03-10T18:18:17+00:00",
      "affects": [
        {
          "ref": "pkg:maven/org.apache.zookeeper/zookeeper@3.8.4",
          "versions": [
            {
              "version": "3.8.4",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#315a835c-0158-4a80-9caa-f439dbe0b5ed"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#pkg:maven/org.apache.zookeeper/zookeeper@3.8.4"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#6c76e1d9-95f2-4405-b1e0-d6351fb331dd"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#dd284367-9fc5-40e9-a8ab-e4e17929076c"
        },
        {
          "ref": "urn:cdx:b3144944-978b-40c4-b130-dfbb479d3bd2/1#pkg:maven/org.apache.zookeeper/zookeeper@3.8.4"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/org.apache.zookeeper/zookeeper@3.8.4"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/org.apache.zookeeper/zookeeper@3.8.4"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/org.apache.zookeeper/zookeeper@3.8.4"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#pkg:maven/org.apache.zookeeper/zookeeper@3.8.4"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#53d48963-74c7-4bab-b716-f57cda40f78e"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:maven/org.apache.zookeeper/zookeeper@3.8.4"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:maven/org.apache.zookeeper/zookeeper@3.8.4"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#9643fb3d-f644-4389-b4e1-e0a8eefc7539"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#189f375a-5a4f-4e4b-9523-59c9820af4ac"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#054a2487-9ca9-485b-b9cd-71b15693dc1a"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#27f813c6-cb7e-4ad8-82e0-2d09e5d6503a"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:maven/org.apache.zookeeper/zookeeper@3.8.4"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#16c0dbbd-8577-4fe0-a20e-21e460d0c8e8"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#306e2d0e-9774-47bf-beef-7af11fda1351"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:maven/org.apache.zookeeper/zookeeper@3.8.4"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#0e89c78d-d71e-4cb3-a1b9-1d46b7b25843"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:maven/org.apache.zookeeper/zookeeper@3.8.4"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:maven/org.apache.zookeeper/zookeeper@3.8.4"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#12af7db6-c418-4c4b-85f2-3292ac3ebd78"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#3a079962-4acf-4229-abc1-442446c5a7c8"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#0d3458e1-1176-4966-8fdf-a1aa171dda14"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#1b788f12-e798-41a6-976f-e205d019ac8c"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#33e798fe-b8a5-4057-be9a-ca24fd2ff239"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:maven/org.apache.zookeeper/zookeeper@3.8.4"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#552e68a7-f2b3-4b0d-ab3a-ad2d9c516cd1"
        }
      ],
      "analysis": {
        "state": "in_triage",
        "justification": "",
        "response": [],
        "detail": "This CVE is under investigation by Confluent."
      }
    },
    {
      "id": "CVE-2026-24308",
      "source": {
        "name": "ghsa",
        "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven"
      },
      "ratings": [
        {
          "source": {
            "name": "bitnami"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 3.3,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
        }
      ],
      "cwes": [
        532
      ],
      "description": "Improper handling of configuration values in ZKConfig in Apache ZooKeeper 3.8.5 and 3.9.4 on all platforms allows an attacker to expose sensitive information stored in client configuration in the client's logfile. Configuration values are exposed at INFO level logging rendering potential production systems affected by the issue.\u00a0Users are recommended to upgrade to version 3.8.6 or 3.9.5 which fixes this issue.",
      "recommendation": "Upgrade org.apache.zookeeper:zookeeper to version 3.9.5, 3.8.6",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-24308"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2026/03/07/5"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-24308"
        },
        {
          "url": "https://github.com/apache/zookeeper"
        },
        {
          "url": "https://github.com/apache/zookeeper/releases/tag/release-3.8.6"
        },
        {
          "url": "https://github.com/apache/zookeeper/releases/tag/release-3.9.5"
        },
        {
          "url": "https://lists.apache.org/thread/qng3rtzv2pqkmko4rhv85jfplkyrgqdr"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24308"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24308"
        }
      ],
      "published": "2026-03-07T09:16:07+00:00",
      "updated": "2026-03-10T18:18:27+00:00",
      "affects": [
        {
          "ref": "pkg:maven/org.apache.zookeeper/zookeeper@3.8.4",
          "versions": [
            {
              "version": "3.8.4",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#315a835c-0158-4a80-9caa-f439dbe0b5ed"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#pkg:maven/org.apache.zookeeper/zookeeper@3.8.4"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#6c76e1d9-95f2-4405-b1e0-d6351fb331dd"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#dd284367-9fc5-40e9-a8ab-e4e17929076c"
        },
        {
          "ref": "urn:cdx:b3144944-978b-40c4-b130-dfbb479d3bd2/1#pkg:maven/org.apache.zookeeper/zookeeper@3.8.4"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/org.apache.zookeeper/zookeeper@3.8.4"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/org.apache.zookeeper/zookeeper@3.8.4"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/org.apache.zookeeper/zookeeper@3.8.4"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#pkg:maven/org.apache.zookeeper/zookeeper@3.8.4"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#53d48963-74c7-4bab-b716-f57cda40f78e"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:maven/org.apache.zookeeper/zookeeper@3.8.4"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:maven/org.apache.zookeeper/zookeeper@3.8.4"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#9643fb3d-f644-4389-b4e1-e0a8eefc7539"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#189f375a-5a4f-4e4b-9523-59c9820af4ac"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#054a2487-9ca9-485b-b9cd-71b15693dc1a"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#27f813c6-cb7e-4ad8-82e0-2d09e5d6503a"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:maven/org.apache.zookeeper/zookeeper@3.8.4"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#16c0dbbd-8577-4fe0-a20e-21e460d0c8e8"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#306e2d0e-9774-47bf-beef-7af11fda1351"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:maven/org.apache.zookeeper/zookeeper@3.8.4"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#0e89c78d-d71e-4cb3-a1b9-1d46b7b25843"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:maven/org.apache.zookeeper/zookeeper@3.8.4"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:maven/org.apache.zookeeper/zookeeper@3.8.4"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#12af7db6-c418-4c4b-85f2-3292ac3ebd78"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#3a079962-4acf-4229-abc1-442446c5a7c8"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#0d3458e1-1176-4966-8fdf-a1aa171dda14"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#1b788f12-e798-41a6-976f-e205d019ac8c"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#33e798fe-b8a5-4057-be9a-ca24fd2ff239"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:maven/org.apache.zookeeper/zookeeper@3.8.4"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#552e68a7-f2b3-4b0d-ab3a-ad2d9c516cd1"
        }
      ],
      "analysis": {
        "state": "in_triage",
        "justification": "",
        "response": [],
        "detail": "This CVE is under investigation by Confluent."
      }
    },
    {
      "id": "CVE-2026-24515",
      "ratings": [
        {
          "source": {
            "name": "azure"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 2.5,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 2.9,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        476
      ],
      "description": "In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-24515"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-24515"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-253495.html"
        },
        {
          "url": "https://github.com/libexpat/libexpat/pull/1131"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24515"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8022-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8022-2"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8023-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24515"
        }
      ],
      "published": "2026-01-23T08:16:01+00:00",
      "updated": "2026-06-02T14:16:49+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "2.5.0-1.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-24883",
      "ratings": [
        {
          "source": {
            "name": "julia"
          },
          "score": 3.7,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 5.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 3.7,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
        }
      ],
      "cwes": [
        476
      ],
      "description": "In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-24883"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-24883"
        },
        {
          "url": "https://dev.gnupg.org/T8049"
        },
        {
          "url": "https://github.com/advisories/GHSA-7246-cvp4-g68w"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24883"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24883"
        },
        {
          "url": "https://www.openwall.com/lists/oss-security/2026/01/27/8"
        }
      ],
      "published": "2026-01-27T19:16:16+00:00",
      "updated": "2026-02-06T18:06:07+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "2.2.20-4.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-25645",
      "source": {
        "name": "ghsa",
        "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
      },
      "ratings": [
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "ghsa"
          },
          "score": 4.4,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 5.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 4.7,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N"
        }
      ],
      "cwes": [
        377
      ],
      "description": "Requests is a HTTP library. Prior to version 2.33.0, the `requests.utils.extract_zipped_paths()` utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker with write access to the temp directory could pre-create a malicious file that would be loaded in place of the legitimate one. Standard usage of the Requests library is not affected by this vulnerability. Only applications that call `extract_zipped_paths()` directly are impacted. Starting in version 2.33.0, the library extracts files to a non-deterministic location. If developers are unable to upgrade, they can set `TMPDIR` in their environment to a directory with restricted write access.",
      "recommendation": "Upgrade requests to version 2.33.0",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-25645"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-25645"
        },
        {
          "url": "https://github.com/psf/requests"
        },
        {
          "url": "https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7"
        },
        {
          "url": "https://github.com/psf/requests/releases/tag/v2.33.0"
        },
        {
          "url": "https://github.com/psf/requests/security/advisories/GHSA-gc5v-m9x4-r6x2"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25645"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-25645"
        }
      ],
      "published": "2026-03-25T17:16:52+00:00",
      "updated": "2026-03-30T14:23:16+00:00",
      "affects": [
        {
          "ref": "pkg:pypi/requests@2.32.5",
          "versions": [
            {
              "version": "2.32.5",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10",
          "versions": [
            {
              "version": "9.0.3-24.el8",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10",
          "versions": [
            {
              "version": "9.0.3-24.el8",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:pypi/requests@2.32.5"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:pypi/requests@2.32.5"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:pypi/requests@2.32.5"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:pypi/requests@2.32.5"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:pypi/requests@2.32.5"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:pypi/requests@2.32.5"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:pypi/requests@2.32.5"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:pypi/requests@2.32.5"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:pypi/requests@2.32.5"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:pypi/requests@2.32.5"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:pypi/requests@2.32.5"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:pypi/requests@2.32.5"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:pypi/requests@2.32.5"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:pypi/requests@2.32.5"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:pypi/requests@2.32.5"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:pypi/requests@2.32.5"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:pypi/requests@2.32.5"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:pypi/requests@2.32.5"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:pypi/requests@2.32.5"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/platform-python-pip@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": "Exploitability analysis, additional details:\nTemurin JVM binary is linked only against glibc:\n$ ldd /usr/lib/jvm/temurin-17-jre/bin/java\n        linux-vdso.so.1 (0x0000ffff8cd00000)\n        libjli.so => /usr/lib/jvm/temurin-17-jre/bin/../lib/libjli.so (0x0000ffff8cc70000)\n        libpthread.so.0 => /lib64/libpthread.so.0 (0x0000ffff8cc3b000)\n        libdl.so.2 => /lib64/libdl.so.2 (0x0000ffff8cc1a000)\n        libc.so.6 => /lib64/libc.so.6 (0x0000ffff8caa4000)\n        /lib/ld-linux-aarch64.so.1 (0x0000ffff8ccc2000)"
      }
    },
    {
      "id": "CVE-2026-27171",
      "ratings": [
        {
          "source": {
            "name": "amazon"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "julia"
          },
          "score": 2.9,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 5.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 3.3,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "low"
        }
      ],
      "cwes": [
        1284
      ],
      "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-27171"
        },
        {
          "url": "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit"
        },
        {
          "url": "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/"
        },
        {
          "url": "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-27171"
        },
        {
          "url": "https://github.com/advisories/GHSA-h858-mf2m-8jf4"
        },
        {
          "url": "https://github.com/madler/zlib/issues/904"
        },
        {
          "url": "https://github.com/madler/zlib/releases/tag/v1.3.2"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27171"
        },
        {
          "url": "https://ostif.org/zlib-audit-complete"
        },
        {
          "url": "https://ostif.org/zlib-audit-complete/"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27171"
        }
      ],
      "published": "2026-02-18T04:16:01+00:00",
      "updated": "2026-03-25T21:27:04+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/zlib@1.2.11-25.el8?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "1.2.11-25.el8",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/zlib@1.2.11-25.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/zlib@1.2.11-25.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/zlib@1.2.11-25.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/zlib@1.2.11-25.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/zlib@1.2.11-25.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/zlib@1.2.11-25.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/zlib@1.2.11-25.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/zlib@1.2.11-25.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/zlib@1.2.11-25.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/zlib@1.2.11-25.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/zlib@1.2.11-25.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/zlib@1.2.11-25.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/zlib@1.2.11-25.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/zlib@1.2.11-25.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/zlib@1.2.11-25.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/zlib@1.2.11-25.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/zlib@1.2.11-25.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/zlib@1.2.11-25.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/zlib@1.2.11-25.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/zlib@1.2.11-25.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/zlib@1.2.11-25.el8?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-27456",
      "ratings": [
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "julia"
          },
          "score": 4.7,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 4.7,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        59,
        269,
        367
      ],
      "description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-27456"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-27456"
        },
        {
          "url": "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4"
        },
        {
          "url": "https://github.com/util-linux/util-linux/releases/tag/v2.41.4"
        },
        {
          "url": "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27456"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27456"
        }
      ],
      "published": "2026-04-03T22:16:25+00:00",
      "updated": "2026-04-22T16:08:55+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/libblkid@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "2.32.1-48.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/libfdisk@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "2.32.1-48.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/libmount@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "2.32.1-48.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/libsmartcols@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "2.32.1-48.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/libuuid@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "2.32.1-48.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/util-linux@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "2.32.1-48.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libblkid@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libfdisk@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libmount@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libsmartcols@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libuuid@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/util-linux@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libblkid@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libfdisk@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libmount@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libsmartcols@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libuuid@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/util-linux@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libblkid@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libfdisk@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libmount@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libsmartcols@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libuuid@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/util-linux@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libblkid@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libfdisk@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libmount@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libsmartcols@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libuuid@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/util-linux@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libblkid@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libfdisk@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libmount@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libsmartcols@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libuuid@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/util-linux@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libblkid@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libfdisk@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libmount@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libsmartcols@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libuuid@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/util-linux@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libblkid@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libfdisk@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libmount@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libsmartcols@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libuuid@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/util-linux@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libblkid@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libfdisk@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libmount@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libsmartcols@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libuuid@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/util-linux@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libblkid@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libfdisk@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libmount@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libsmartcols@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libuuid@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/util-linux@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libblkid@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libfdisk@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libmount@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libsmartcols@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libuuid@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/util-linux@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libblkid@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libfdisk@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libmount@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libsmartcols@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libuuid@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/util-linux@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libblkid@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libfdisk@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libmount@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libsmartcols@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libuuid@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/util-linux@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libblkid@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libfdisk@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libmount@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libsmartcols@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libuuid@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/util-linux@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libblkid@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libfdisk@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libmount@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libsmartcols@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libuuid@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/util-linux@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libblkid@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libfdisk@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libmount@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libsmartcols@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libuuid@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/util-linux@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libblkid@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libfdisk@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libmount@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libsmartcols@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libuuid@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/util-linux@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libblkid@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libfdisk@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libmount@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libsmartcols@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libuuid@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/util-linux@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libblkid@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libfdisk@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libmount@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libsmartcols@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libuuid@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/util-linux@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libblkid@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libfdisk@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libmount@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libsmartcols@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libuuid@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/util-linux@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libblkid@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libfdisk@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libmount@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libsmartcols@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libuuid@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/util-linux@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libblkid@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libfdisk@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libmount@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libsmartcols@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libuuid@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/util-linux@2.32.1-48.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-28387",
      "ratings": [
        {
          "source": {
            "name": "amazon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 8.1,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 3.7,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "low"
        }
      ],
      "cwes": [
        416
      ],
      "description": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based\nserver authentication, when paired with uncommon server DANE TLSA records, may\nresult in a use-after-free and/or double-free on the client side.\n\nImpact summary: A use after free can have a range of potential consequences\nsuch as the corruption of valid data, crashes or execution of arbitrary code.\n\nHowever, the issue only affects clients that make use of TLSA records with both\nthe PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate\nusage.\n\nBy far the most common deployment of DANE is in SMTP MTAs for which RFC7672\nrecommends that clients treat as 'unusable' any TLSA records that have the PKIX\ncertificate usages.  These SMTP (or other similar) clients are not vulnerable\nto this issue.  Conversely, any clients that support only the PKIX usages, and\nignore the DANE-TA(2) usage are also not vulnerable.\n\nThe client would also need to be communicating with a server that publishes a\nTLSA RRset with both types of TLSA records.\n\nNo FIPS modules are affected by this issue, the problem code is outside the\nFIPS module boundary.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-28387"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-28387"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/07e727d304746edb49a98ee8f6ab00256e1f012b"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/258a8f63b26995ba357f4326da00e19e29c6acbe"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/444958deaf450aea819171f97ae69eaedede42c3"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/7a4e08cee62a728d32e60b0de89e6764339df0a7"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/ec03fa050b3346997ed9c5fef3d0e16ad7db8177"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28387"
        },
        {
          "url": "https://openssl-library.org/news/secadv/20260407.txt"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8155-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8155-2"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28387"
        },
        {
          "url": "https://www.openwall.com/lists/oss-security/2026/04/07/11"
        }
      ],
      "published": "2026-04-07T22:16:20+00:00",
      "updated": "2026-05-12T13:17:33+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1",
          "versions": [
            {
              "version": "1:1.1.1k-15.el8_6",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1",
          "versions": [
            {
              "version": "1:1.1.1k-15.el8_6",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-28388",
      "ratings": [
        {
          "source": {
            "name": "amazon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "julia"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 5.9,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "low"
        }
      ],
      "cwes": [
        476
      ],
      "description": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension\nis processed a NULL pointer dereference might happen if the required CRL\nNumber extension is missing.\n\nImpact summary: A NULL pointer dereference can trigger a crash which\nleads to a Denial of Service for an application.\n\nWhen CRL processing and delta CRL processing is enabled during X.509\ncertificate verification, the delta CRL processing does not check\nwhether the CRL Number extension is NULL before dereferencing it.\nWhen a malformed delta CRL file is being processed, this parameter\ncan be NULL, causing a NULL pointer dereference.\n\nExploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in\nthe verification context, the certificate being verified to contain a\nfreshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and\nan attacker to provide a malformed CRL to an application that processes it.\n\nThe vulnerability is limited to Denial of Service and cannot be escalated to\nachieve code execution or memory disclosure. For that reason the issue was\nassessed as Low severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the affected code is outside the OpenSSL FIPS module boundary.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-28388"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-28388"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/59c3b3158553ab53275bbbccca5cb305d591cf2e"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/5a0b4930779cd2408880979db765db919da55139"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/602542f2c0c2d5edb47128f93eac10b62aeeefb3"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/a9d187dd1000130100fa7ab915f8513532cb3bb8"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/d3a901e8d9f021f3e67d6cfbc12e768129862726"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28388"
        },
        {
          "url": "https://openssl-library.org/news/secadv/20260407.txt"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8155-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8155-2"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28388"
        },
        {
          "url": "https://www.openwall.com/lists/oss-security/2026/04/07/11"
        }
      ],
      "published": "2026-04-07T22:16:20+00:00",
      "updated": "2026-05-12T13:17:33+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1",
          "versions": [
            {
              "version": "1:1.1.1k-15.el8_6",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1",
          "versions": [
            {
              "version": "1:1.1.1k-15.el8_6",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-28389",
      "ratings": [
        {
          "source": {
            "name": "amazon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "julia"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 5.9,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "low"
        }
      ],
      "cwes": [
        476
      ],
      "description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyAgreeRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is\nprocessed, the optional parameters field of KeyEncryptionAlgorithmIdentifier\nis examined without checking for its presence. This results in a NULL\npointer dereference if the field is missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-28389"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-28389"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
        },
        {
          "url": "https://github.com/advisories/GHSA-7x88-9hgc-69gf"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/16cea4188e0ea567deb4f93f85902247e67384f5"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/785cbf7ea3b5a6f5adf0c1ccb92b79d89c35c616"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/7b5274e812400cacb6f3be4c2df5340923fa807f"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/c6725634e089eb2b634b10ede33944be7248172a"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/f80f83bc5fd036bc47d773e8b15a001e2b4ce686"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28389"
        },
        {
          "url": "https://openssl-library.org/news/secadv/20260407.txt"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8155-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8155-2"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28389"
        },
        {
          "url": "https://www.openwall.com/lists/oss-security/2026/04/07/11"
        }
      ],
      "published": "2026-04-07T22:16:21+00:00",
      "updated": "2026-05-12T13:17:33+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1",
          "versions": [
            {
              "version": "1:1.1.1k-15.el8_6",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1",
          "versions": [
            {
              "version": "1:1.1.1k-15.el8_6",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-28390",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "julia"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 7.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "low"
        }
      ],
      "cwes": [
        476
      ],
      "description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyTransportRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyTransportRecipientInfo with\nRSA-OAEP encryption is processed, the optional parameters field of\nRSA-OAEP SourceFunc algorithm identifier is examined without checking\nfor its presence. This results in a NULL pointer dereference if the field\nis missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-28390"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:22313"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-28390"
        },
        {
          "url": "https://bugzilla.redhat.com/2456314"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456314"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28390"
        },
        {
          "url": "https://errata.almalinux.org/9/ALSA-2026-22313.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2026:22314"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2026-28390.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2026-22315.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28390"
        },
        {
          "url": "https://openssl-library.org/news/secadv/20260407.txt"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8155-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8155-2"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28390"
        },
        {
          "url": "https://www.openwall.com/lists/oss-security/2026/04/07/11"
        }
      ],
      "published": "2026-04-07T22:16:21+00:00",
      "updated": "2026-05-12T13:17:33+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1",
          "versions": [
            {
              "version": "1:1.1.1k-15.el8_6",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1",
          "versions": [
            {
              "version": "1:1.1.1k-15.el8_6",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        }
      ],
      "analysis": {
        "state": "in_triage",
        "justification": "",
        "response": [],
        "detail": "This CVE is under investigation by Confluent."
      }
    },
    {
      "id": "CVE-2026-29111",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 7.8,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        269
      ],
      "description": "systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an assert, but stack overwriting, with the attacker controlled content. From version v250 and newer this is not possible as the safety check causes an assert instead. This IPC call was added in v239, so versions older than that are not affected. Versions 260-rc1, 259.2, 258.5, and 257.11 contain patches. No known workarounds are available.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-29111"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:19213"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-29111"
        },
        {
          "url": "https://bugzilla.redhat.com/2450505"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450505"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-29111"
        },
        {
          "url": "https://errata.almalinux.org/9/ALSA-2026-19213.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2026:19068"
        },
        {
          "url": "https://github.com/systemd/systemd/commit/1d22f706bd04f45f8422e17fbde3f56ece17758a"
        },
        {
          "url": "https://github.com/systemd/systemd/commit/20021e7686426052e3a7505425d7e12085feb2a6"
        },
        {
          "url": "https://github.com/systemd/systemd/commit/21167006574d6b83813c7596759b474f56562412"
        },
        {
          "url": "https://github.com/systemd/systemd/commit/3cee294fe8cf4fa0eff933ab21416d099942cabd"
        },
        {
          "url": "https://github.com/systemd/systemd/commit/42aee39107fbdd7db1ccd402a2151822b2805e9f"
        },
        {
          "url": "https://github.com/systemd/systemd/commit/54588d2dedff54bfb6036670820650e4ea74628f"
        },
        {
          "url": "https://github.com/systemd/systemd/commit/7ac3220213690e8a8d6d2a6e81e43bd1dce01d69"
        },
        {
          "url": "https://github.com/systemd/systemd/commit/80acea4ef80a4bb78560ed970c34952299b890d6"
        },
        {
          "url": "https://github.com/systemd/systemd/commit/b5fd14693057e5f2c9b4a49603be64ec3608ff6c"
        },
        {
          "url": "https://github.com/systemd/systemd/commit/efa6ba2ab625aaa160ac435a09e6482fc63bdbe8"
        },
        {
          "url": "https://github.com/systemd/systemd/security/advisories/GHSA-gx6q-6f99-m764"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2026-29111.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2026-13677.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29111"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8119-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8119-2"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-29111"
        }
      ],
      "published": "2026-03-23T22:16:26+00:00",
      "updated": "2026-04-15T16:44:38+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "239-82.el8_10.16",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "239-82.el8_10.16",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "239-82.el8_10.16",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "in_triage",
        "justification": "",
        "response": [],
        "detail": "This CVE is under investigation by Confluent."
      }
    },
    {
      "id": "CVE-2026-31789",
      "ratings": [
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 9.8,
          "severity": "critical",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "critical"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 5.8,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "low"
        }
      ],
      "cwes": [
        787
      ],
      "description": "Issue summary: Converting an excessively large OCTET STRING value to\na hexadecimal string leads to a heap buffer overflow on 32 bit platforms.\n\nImpact summary: A heap buffer overflow may lead to a crash or possibly\nan attacker controlled code execution or other undefined behavior.\n\nIf an attacker can supply a crafted X.509 certificate with an excessively\nlarge OCTET STRING value in extensions such as the Subject Key Identifier\n(SKID) or Authority Key Identifier (AKID) which are being converted to hex,\nthe size of the buffer needed for the result is calculated as multiplication\nof the input length by 3. On 32 bit platforms, this multiplication may overflow\nresulting in the allocation of a smaller buffer and a heap buffer overflow.\n\nApplications and services that print or log contents of untrusted X.509\ncertificates are vulnerable to this issue. As the certificates would have\nto have sizes of over 1 Gigabyte, printing or logging such certificates\nis a fairly unlikely operation and only 32 bit platforms are affected,\nthis issue was assigned Low severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-31789"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-31789"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
        },
        {
          "url": "https://github.com/advisories/GHSA-j79m-9jxq-788r"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/364f095b80601db632b0def6a33316967f863bde"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/7a9087efd769f362ad9c0e30c7baaa6bbfa65ecf"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/945b935ac66cc7f1a41f1b849c7c25adb5351f49"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/a24216018e1ede8ff01a4ff5afff7dfbd443e2f9"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/a91e537d16d74050dbde50bb0dfb1fe9930f0521"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31789"
        },
        {
          "url": "https://openssl-library.org/news/secadv/20260407.txt"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8155-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31789"
        },
        {
          "url": "https://www.openwall.com/lists/oss-security/2026/04/07/11"
        }
      ],
      "published": "2026-04-07T22:16:21+00:00",
      "updated": "2026-05-12T13:17:34+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1",
          "versions": [
            {
              "version": "1:1.1.1k-15.el8_6",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1",
          "versions": [
            {
              "version": "1:1.1.1k-15.el8_6",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/openssl@1.1.1k-15.el8_6?arch=x86_64&distro=redhat-8.10&epoch=1"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-3276",
      "ratings": [
        {
          "source": {
            "name": "redhat"
          },
          "score": 5.3,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
        }
      ],
      "cwes": [
        407
      ],
      "description": "unicodedata.normalize() can take excessive CPU time when processing\nspecially crafted Unicode input containing long runs of combining characters\nwith alternating Canonical Combining Class values.\nThis affects all normalization forms.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-3276"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2026/06/03/15"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-3276"
        },
        {
          "url": "https://github.com/python/cpython/commit/6b505d1f41f8f3ea0fe5a4786d3a8fff1875cfc0"
        },
        {
          "url": "https://github.com/python/cpython/commit/991224b1e8311c85f198f6dd8208bf8cff7fc26f"
        },
        {
          "url": "https://github.com/python/cpython/commit/ba785b88add96acbf403d65cb157fb2743a33a32"
        },
        {
          "url": "https://github.com/python/cpython/commit/c5512bd7c1dc28055660565275012766941d3066"
        },
        {
          "url": "https://github.com/python/cpython/issues/149079"
        },
        {
          "url": "https://github.com/python/cpython/pull/149080"
        },
        {
          "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/PP5HB4K7727OBBM76KA2ILID76K3OZGZ/"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3276"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-3276"
        }
      ],
      "published": "2026-06-03T16:16:29+00:00",
      "updated": "2026-06-04T18:16:30+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.6.8-76.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.6.8-76.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-32776",
      "ratings": [
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 5.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 6.2,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        }
      ],
      "cwes": [
        476
      ],
      "description": "libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-32776"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-32776"
        },
        {
          "url": "https://github.com/libexpat/libexpat/pull/1158"
        },
        {
          "url": "https://github.com/libexpat/libexpat/pull/1159"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32776"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-32776"
        }
      ],
      "published": "2026-03-16T14:19:44+00:00",
      "updated": "2026-03-17T15:52:09+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "2.5.0-1.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-32777",
      "ratings": [
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 5.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 4,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
        }
      ],
      "cwes": [
        835
      ],
      "description": "libexpat before 2.7.5 allows an infinite loop while parsing DTD content.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-32777"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-32777"
        },
        {
          "url": "https://github.com/libexpat/libexpat/issues/1161"
        },
        {
          "url": "https://github.com/libexpat/libexpat/pull/1159"
        },
        {
          "url": "https://github.com/libexpat/libexpat/pull/1162"
        },
        {
          "url": "https://issues.oss-fuzz.com/issues/486993411"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32777"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-32777"
        }
      ],
      "published": "2026-03-16T14:19:44+00:00",
      "updated": "2026-03-17T15:52:34+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "2.5.0-1.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-32778",
      "ratings": [
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 5.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 5.1,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
        }
      ],
      "cwes": [
        476
      ],
      "description": "libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-32778"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-32778"
        },
        {
          "url": "https://github.com/libexpat/libexpat/pull/1159"
        },
        {
          "url": "https://github.com/libexpat/libexpat/pull/1163"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32778"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-32778"
        }
      ],
      "published": "2026-03-16T14:19:44+00:00",
      "updated": "2026-03-17T15:52:53+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "2.5.0-1.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-32792",
      "ratings": [
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 5.3,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 5.9,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        125,
        166
      ],
      "description": "NLnet Labs Unbound 1.6.2 up to and including version 1.25.0 has a denial of service vulnerability when compiled with DNSCrypt support ('--enable-dnscrypt'). A bad DNSCrypt query could underflow Unbound's DNSCrypt packet reading procedure that may lead to heap overflow. A malicious actor can exploit the vulnerability with a single bad DNSCrypt query that its decrypted plaintext consists entirely of '0x00' bytes and does not contain the expected '0x80' marker. Unbound would then start reading more bytes than necessary until it finds a non-'0x00' byte. Based on the underlying memory allocator and the memory layout, it could lead to heap overflow while reading followed by a crash. Likelihood of a crash is low, since it relies heavily on the underlying memory allocator and the memory layout. If the heap overflow does not happen, Unbound's later packet checks will deny the packet. Unbound 1.25.1 contains a patch with a fix to bound reading in the given buffer space.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-32792"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-32792"
        },
        {
          "url": "https://nlnetlabs.nl/news/2026/May/20/unbound-1.25.1-released/"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32792"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8282-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-32792"
        },
        {
          "url": "https://www.nlnetlabs.nl/downloads/unbound/CVE-2026-32792.txt"
        }
      ],
      "published": "2026-05-20T10:16:26+00:00",
      "updated": "2026-05-20T22:44:09+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "1.16.2-5.9.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "1.16.2-5.9.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-33056",
      "ratings": [
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "ghsa"
          },
          "score": 6.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 6.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 4.4,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        61
      ],
      "description": "tar-rs is a tar archive reading/writing library for Rust. In versions 0.4.44 and below, when unpacking a tar archive, the tar crate's unpack_dir function uses fs::metadata() to check whether a path that already exists is a directory. Because fs::metadata() follows symbolic links, a crafted tarball containing a symlink entry followed by a directory entry with the same name causes the crate to treat the symlink target as a valid existing directory \u2014 and subsequently apply chmod to it. This allows an attacker to modify the permissions of arbitrary directories outside the extraction root. This issue has been fixed in version 0.4.45.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-33056"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-33056"
        },
        {
          "url": "https://github.com/alexcrichton/tar-rs"
        },
        {
          "url": "https://github.com/alexcrichton/tar-rs/commit/17b1fd84e632071cb8eef9d3709bf347bd266446"
        },
        {
          "url": "https://github.com/alexcrichton/tar-rs/security/advisories/GHSA-j4xf-2g29-59ph"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33056"
        },
        {
          "url": "https://rustsec.org/advisories/RUSTSEC-2026-0067.html"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8138-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8139-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8168-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33056"
        }
      ],
      "published": "2026-03-20T08:16:11+00:00",
      "updated": "2026-03-24T16:17:11+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2",
          "versions": [
            {
              "version": "2:1.30-11.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-33845",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 9.1,
          "severity": "critical",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "critical"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        191
      ],
      "description": "A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service.",
      "recommendation": "Upgrade gnutls to version 3.6.16-8.el8_10.6",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-33845"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:13274"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:20611"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:20612"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:20613"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-33845"
        },
        {
          "url": "https://bugzilla.redhat.com/2445763"
        },
        {
          "url": "https://bugzilla.redhat.com/2450624"
        },
        {
          "url": "https://bugzilla.redhat.com/2450625"
        },
        {
          "url": "https://bugzilla.redhat.com/2467279"
        },
        {
          "url": "https://bugzilla.redhat.com/2467289"
        },
        {
          "url": "https://bugzilla.redhat.com/2467437"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445762"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445763"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450624"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450625"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467279"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467289"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467437"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467441"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467448"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467450"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467451"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467678"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467686"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33845"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33846"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3832"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3833"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42009"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42010"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42011"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42012"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42013"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42014"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42015"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5260"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5419"
        },
        {
          "url": "https://errata.almalinux.org/8/ALSA-2026-20611.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2026:20613"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2026-33845.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2026-20611.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33845"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8284-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33845"
        },
        {
          "url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-3"
        }
      ],
      "published": "2026-04-30T18:16:28+00:00",
      "updated": "2026-06-02T16:16:36+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.6.16-8.el8_10.5",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "in_triage",
        "justification": "",
        "response": [],
        "detail": "This CVE is under investigation by Confluent."
      }
    },
    {
      "id": "CVE-2026-33846",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        130
      ],
      "description": "A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the message_length field remains consistent across all fragments of the same logical message. An attacker can exploit this by sending crafted DTLS fragments with conflicting message_length values, causing the implementation to allocate a buffer based on a smaller initial fragment and subsequently write beyond its bounds using larger, inconsistent fragments. Because the merge operation does not enforce proper bounds checking against the allocated buffer size, this results in an out-of-bounds write on the heap. The vulnerability is remotely exploitable without authentication via the DTLS handshake path and can lead to application crashes or potential memory corruption.",
      "recommendation": "Upgrade gnutls to version 3.6.16-8.el8_10.6",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-33846"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:13274"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:20611"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:20612"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:20613"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-33846"
        },
        {
          "url": "https://bugzilla.redhat.com/2445763"
        },
        {
          "url": "https://bugzilla.redhat.com/2450624"
        },
        {
          "url": "https://bugzilla.redhat.com/2450625"
        },
        {
          "url": "https://bugzilla.redhat.com/2467279"
        },
        {
          "url": "https://bugzilla.redhat.com/2467289"
        },
        {
          "url": "https://bugzilla.redhat.com/2467437"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445762"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445763"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450624"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450625"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467279"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467289"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467437"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467441"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467448"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467450"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467451"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467678"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467686"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33845"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33846"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3832"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3833"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42009"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42010"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42011"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42012"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42013"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42014"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42015"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5260"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5419"
        },
        {
          "url": "https://errata.almalinux.org/8/ALSA-2026-20611.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2026:20613"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2026-33846.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2026-20611.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33846"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8284-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33846"
        },
        {
          "url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-1"
        }
      ],
      "published": "2026-05-04T10:15:59+00:00",
      "updated": "2026-06-02T16:16:36+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.6.16-8.el8_10.5",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "in_triage",
        "justification": "",
        "response": [],
        "detail": "This CVE is under investigation by Confluent."
      }
    },
    {
      "id": "CVE-2026-34743",
      "ratings": [
        {
          "source": {
            "name": "azure"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 5.3,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 5.3,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "low"
        }
      ],
      "cwes": [
        122
      ],
      "description": "XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was used to decode an Index that contained no Records, the resulting lzma_index was left in a state where where a subsequent lzma_index_append() would allocate too little memory, and a buffer overflow would occur. This issue has been patched in version 5.8.3.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-34743"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2026/03/31/13"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-34743"
        },
        {
          "url": "https://github.com/tukaani-project/xz/commit/c8c22869e780ff57c96b46939c3d79ff99395f87"
        },
        {
          "url": "https://github.com/tukaani-project/xz/releases/tag/v5.8.3"
        },
        {
          "url": "https://github.com/tukaani-project/xz/security/advisories/GHSA-x872-m794-cxhv"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34743"
        },
        {
          "url": "https://tukaani.org/xz/index-append-overflow.html"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8362-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34743"
        }
      ],
      "published": "2026-04-02T19:21:33+00:00",
      "updated": "2026-04-15T17:33:17+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/xz-libs@5.2.4-4.el8_6?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "5.2.4-4.el8_6",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/xz-libs@5.2.4-4.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/xz-libs@5.2.4-4.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/xz-libs@5.2.4-4.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/xz-libs@5.2.4-4.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/xz-libs@5.2.4-4.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/xz-libs@5.2.4-4.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/xz-libs@5.2.4-4.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/xz-libs@5.2.4-4.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/xz-libs@5.2.4-4.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/xz-libs@5.2.4-4.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/xz-libs@5.2.4-4.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/xz-libs@5.2.4-4.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/xz-libs@5.2.4-4.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/xz-libs@5.2.4-4.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/xz-libs@5.2.4-4.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/xz-libs@5.2.4-4.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/xz-libs@5.2.4-4.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/xz-libs@5.2.4-4.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/xz-libs@5.2.4-4.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/xz-libs@5.2.4-4.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/xz-libs@5.2.4-4.el8_6?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-3479",
      "ratings": [
        {
          "source": {
            "name": "amazon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 3.3,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"
        }
      ],
      "cwes": [
        22
      ],
      "description": "DISPUTED: The project has clarified that the documentation was incorrect, and that pkgutil.get_data() has the same security model as open(). The documentation has been updated to clarify this point. There is no vulnerability in the function if following the intended security model.\n\npkgutil.get_data() did not validate the resource argument as documented, allowing path traversals.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-3479"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-3479"
        },
        {
          "url": "https://github.com/python/cpython/commit/5af6ce3e7b643a30a02d22245c1e3f4a8bc0a1fe"
        },
        {
          "url": "https://github.com/python/cpython/commit/bcdf231946b1da8bdfbab4c05539bb0cc964a1c7"
        },
        {
          "url": "https://github.com/python/cpython/commit/cf59bf76470f3d75ad47d80ffb8ce76b64b5e943"
        },
        {
          "url": "https://github.com/python/cpython/commit/d786d59a8f7196bb630100a869f28ad13436b59c"
        },
        {
          "url": "https://github.com/python/cpython/issues/146121"
        },
        {
          "url": "https://github.com/python/cpython/pull/146122"
        },
        {
          "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/WYLLVQOOCKGK73JM7Z7ZSNOJC4N7BAWY/"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3479"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-3479"
        }
      ],
      "published": "2026-03-18T19:16:06+00:00",
      "updated": "2026-04-07T18:16:46+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.6.8-76.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.6.8-76.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-3644",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 5.4,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "high"
        }
      ],
      "cwes": [
        20,
        116
      ],
      "description": "The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update(), |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.js_output() lacked the output validation applied to BaseCookie.output().",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-3644"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:19177"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-3644"
        },
        {
          "url": "https://bugzilla.redhat.com/2395108"
        },
        {
          "url": "https://bugzilla.redhat.com/2408891"
        },
        {
          "url": "https://bugzilla.redhat.com/2418084"
        },
        {
          "url": "https://bugzilla.redhat.com/2431366"
        },
        {
          "url": "https://bugzilla.redhat.com/2431374"
        },
        {
          "url": "https://bugzilla.redhat.com/2444691"
        },
        {
          "url": "https://bugzilla.redhat.com/2448168"
        },
        {
          "url": "https://bugzilla.redhat.com/2448181"
        },
        {
          "url": "https://bugzilla.redhat.com/2449649"
        },
        {
          "url": "https://bugzilla.redhat.com/2457409"
        },
        {
          "url": "https://bugzilla.redhat.com/2457932"
        },
        {
          "url": "https://bugzilla.redhat.com/2458049"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408891"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418084"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431366"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431374"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2444691"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448168"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448181"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449649"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457409"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457932"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458049"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13837"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15282"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59375"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6075"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0672"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1502"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2297"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3644"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4224"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4519"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4786"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6100"
        },
        {
          "url": "https://errata.almalinux.org/9/ALSA-2026-19177.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2026:19064"
        },
        {
          "url": "https://github.com/python/cpython/commit/57e88c1cf95e1481b94ae57abe1010469d47a6b4"
        },
        {
          "url": "https://github.com/python/cpython/commit/62ceb396fcbe69da1ded3702de586f4072b590dd"
        },
        {
          "url": "https://github.com/python/cpython/commit/d16ecc6c3626f0e2cc8f08c309c83934e8a979dd"
        },
        {
          "url": "https://github.com/python/cpython/issues/145599"
        },
        {
          "url": "https://github.com/python/cpython/pull/145600"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2026-3644.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2026-10950.html"
        },
        {
          "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/H6CADMBCDRFGWCMOXWUIHFJNV43GABJ7/"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3644"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-3644"
        }
      ],
      "published": "2026-03-16T18:16:09+00:00",
      "updated": "2026-06-04T19:30:28+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.6.8-76.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.6.8-76.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-3731",
      "ratings": [
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 5.3,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        119,
        125
      ],
      "description": "A weakness has been identified in libssh up to 0.11.3. The impacted element is the function sftp_extensions_get_name/sftp_extensions_get_data of the file src/sftp.c of the component SFTP Extension Name Handler. Executing a manipulation of the argument idx can lead to out-of-bounds read. The attack may be performed from remote. Upgrading to version 0.11.4 and 0.12.0 is sufficient to resolve this issue. This patch is called 855a0853ad3abd4a6cd85ce06fce6d8d4c7a0b60. You should upgrade the affected component.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-3731"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-3731"
        },
        {
          "url": "https://gitlab.com/libssh/libssh-mirror/-/commit/855a0853ad3abd4a6cd85ce06fce6d8d4c7a0b60"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3731"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8093-1"
        },
        {
          "url": "https://vuldb.com/?ctiid.349709"
        },
        {
          "url": "https://vuldb.com/?id.349709"
        },
        {
          "url": "https://vuldb.com/?submit.767120"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-3731"
        },
        {
          "url": "https://www.libssh.org/files/0.12/libssh-0.12.0.tar.xz"
        },
        {
          "url": "https://www.libssh.org/security/advisories/libssh-2026-sftp-extensions.txt"
        }
      ],
      "published": "2026-03-08T11:15:50+00:00",
      "updated": "2026-03-12T19:02:31+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10",
          "versions": [
            {
              "version": "0.9.6-16.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "0.9.6-16.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-3783",
      "ratings": [
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "julia"
          },
          "score": 5.3,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 5.7,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        522
      ],
      "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a redirect to a second URL, curl could leak that token to the second\nhostname under some circumstances.\n\nIf the hostname that the first request is redirected to has information in the\nused .netrc file, with either of the `machine` or `default` keywords, curl\nwould pass on the bearer token set for the first host also to the second one.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-3783"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2026/03/11/2"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-3783"
        },
        {
          "url": "https://curl.se/docs/CVE-2026-3783.html"
        },
        {
          "url": "https://curl.se/docs/CVE-2026-3783.json"
        },
        {
          "url": "https://github.com/advisories/GHSA-8whr-249c-vfjp"
        },
        {
          "url": "https://hackerone.com/reports/3583983"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3783"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8084-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8099-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-3783"
        }
      ],
      "published": "2026-03-11T11:16:00+00:00",
      "updated": "2026-03-12T14:10:37+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "7.61.1-34.el8_10.11",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "7.61.1-34.el8_10.11",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-3784",
      "ratings": [
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "julia"
          },
          "score": 6.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 6.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "low"
        }
      ],
      "cwes": [
        305
      ],
      "description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a\nserver, even if the new request uses different credentials for the HTTP proxy.\nThe proper behavior is to create or use a separate connection.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-3784"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2026/03/11/3"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-3784"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-253495.html"
        },
        {
          "url": "https://curl.se/docs/CVE-2026-3784.html"
        },
        {
          "url": "https://curl.se/docs/CVE-2026-3784.json"
        },
        {
          "url": "https://github.com/advisories/GHSA-5q3w-6p3j-mw6p"
        },
        {
          "url": "https://hackerone.com/reports/3584903"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3784"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8084-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8099-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-3784"
        }
      ],
      "published": "2026-03-11T11:16:00+00:00",
      "updated": "2026-06-02T14:16:52+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "7.61.1-34.el8_10.11",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "7.61.1-34.el8_10.11",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-3805",
      "ratings": [
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "julia"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 6.3,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        416
      ],
      "description": "When doing a second SMB request to the same host again, curl would wrongly use\na data pointer pointing into already freed memory.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-3805"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2026/03/11/4"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-3805"
        },
        {
          "url": "https://curl.se/docs/CVE-2026-3805.html"
        },
        {
          "url": "https://curl.se/docs/CVE-2026-3805.json"
        },
        {
          "url": "https://github.com/advisories/GHSA-2289-hhfc-p684"
        },
        {
          "url": "https://hackerone.com/reports/3591944"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3805"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8084-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-3805"
        }
      ],
      "published": "2026-03-11T11:16:00+00:00",
      "updated": "2026-03-12T14:08:56+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "7.61.1-34.el8_10.11",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "7.61.1-34.el8_10.11",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-3832",
      "ratings": [
        {
          "source": {
            "name": "azure"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 3.7,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        179
      ],
      "description": "A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol (OCSP) response during a TLS handshake. Due to a logic error in how gnutls processes multi-record OCSP responses, a client with OCSP verification enabled may incorrectly accept a revoked server certificate, potentially leading to a compromise of trust.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-3832"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:13274"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:20612"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:20613"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-3832"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445762"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445763"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450624"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450625"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467279"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467289"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467437"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467441"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467448"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467450"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467451"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467678"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467686"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33845"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33846"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3832"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3833"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42009"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42010"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42011"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42012"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42013"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42014"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42015"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5260"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5419"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2026:20613"
        },
        {
          "url": "https://gitlab.com/gnutls/gnutls/-/issues/1801"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3832"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8284-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-3832"
        },
        {
          "url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-12"
        }
      ],
      "published": "2026-04-30T18:16:30+00:00",
      "updated": "2026-06-02T17:16:28+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.6.16-8.el8_10.5",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-3833",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 7.4,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 6.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        178
      ],
      "description": "A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of `nameConstraints` labels, specifically for `dNSName` (DNS) or `rfc822Name` (email) constraints within `excludedSubtrees` or `permittedSubtrees`. A remote attacker can exploit this by crafting a leaf certificate with casing differences in the Subject Alternative Name (SAN), leading to a policy bypass where a certificate that should be rejected is instead accepted. This could result in unauthorized access or information disclosure.",
      "recommendation": "Upgrade gnutls to version 3.6.16-8.el8_10.6",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-3833"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:13274"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:20611"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:20612"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:20613"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-3833"
        },
        {
          "url": "https://bugzilla.redhat.com/2445763"
        },
        {
          "url": "https://bugzilla.redhat.com/2450624"
        },
        {
          "url": "https://bugzilla.redhat.com/2450625"
        },
        {
          "url": "https://bugzilla.redhat.com/2467279"
        },
        {
          "url": "https://bugzilla.redhat.com/2467289"
        },
        {
          "url": "https://bugzilla.redhat.com/2467437"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445762"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445763"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450624"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450625"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467279"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467289"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467437"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467441"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467448"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467450"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467451"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467678"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467686"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33845"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33846"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3832"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3833"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42009"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42010"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42011"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42012"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42013"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42014"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42015"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5260"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5419"
        },
        {
          "url": "https://errata.almalinux.org/8/ALSA-2026-20611.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2026:20613"
        },
        {
          "url": "https://gitlab.com/gnutls/gnutls/-/issues/1803"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2026-3833.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2026-20611.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3833"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8284-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-3833"
        },
        {
          "url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-5"
        }
      ],
      "published": "2026-04-30T18:16:30+00:00",
      "updated": "2026-06-02T16:16:38+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.6.16-8.el8_10.5",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-40355",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 5.9,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "high"
        }
      ],
      "cwes": [
        476
      ],
      "description": "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message.",
      "recommendation": "Upgrade krb5-libs to version 1.18.2-34.el8_10; Upgrade krb5-workstation to version 1.18.2-34.el8_10; Upgrade libkadm5 to version 1.18.2-34.el8_10",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-40355"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:19357"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-40355"
        },
        {
          "url": "https://bugzilla.redhat.com/2463368"
        },
        {
          "url": "https://bugzilla.redhat.com/2463370"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463368"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463370"
        },
        {
          "url": "https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40355"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40356"
        },
        {
          "url": "https://errata.almalinux.org/9/ALSA-2026-19357.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2026:19145"
        },
        {
          "url": "https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2026-40355.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2026-16799.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40355"
        },
        {
          "url": "https://web.mit.edu/kerberos/advisories/"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-40355"
        }
      ],
      "published": "2026-04-28T06:16:03+00:00",
      "updated": "2026-04-28T20:11:56+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/krb5-libs@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "1.18.2-33.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/krb5-workstation@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "1.18.2-33.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/libkadm5@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "1.18.2-33.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/krb5-libs@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/krb5-libs@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/krb5-libs@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/krb5-workstation@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libkadm5@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/krb5-libs@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/krb5-workstation@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libkadm5@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/krb5-libs@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/krb5-workstation@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libkadm5@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/krb5-libs@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/krb5-workstation@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libkadm5@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/krb5-libs@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/krb5-workstation@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libkadm5@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/krb5-libs@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/krb5-workstation@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libkadm5@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/krb5-libs@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/krb5-workstation@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libkadm5@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/krb5-libs@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/krb5-workstation@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libkadm5@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/krb5-libs@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/krb5-workstation@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libkadm5@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/krb5-libs@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/krb5-workstation@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libkadm5@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/krb5-libs@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/krb5-workstation@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libkadm5@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/krb5-libs@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/krb5-workstation@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libkadm5@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/krb5-libs@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/krb5-workstation@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libkadm5@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/krb5-libs@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/krb5-workstation@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libkadm5@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/krb5-libs@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/krb5-workstation@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libkadm5@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/krb5-libs@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/krb5-workstation@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libkadm5@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/krb5-libs@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/krb5-workstation@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libkadm5@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/krb5-libs@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/krb5-workstation@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libkadm5@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/krb5-libs@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/krb5-workstation@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libkadm5@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": "Exploitability analysis, additional details:\nTemurin JVM binary is linked only against glibc:\n$ ldd /usr/lib/jvm/temurin-17-jre/bin/java\n        linux-vdso.so.1 (0x0000ffff8cd00000)\n        libjli.so => /usr/lib/jvm/temurin-17-jre/bin/../lib/libjli.so (0x0000ffff8cc70000)\n        libpthread.so.0 => /lib64/libpthread.so.0 (0x0000ffff8cc3b000)\n        libdl.so.2 => /lib64/libdl.so.2 (0x0000ffff8cc1a000)\n        libc.so.6 => /lib64/libc.so.6 (0x0000ffff8caa4000)\n        /lib/ld-linux-aarch64.so.1 (0x0000ffff8ccc2000)"
      }
    },
    {
      "id": "CVE-2026-40356",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 5.9,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "high"
        }
      ],
      "cwes": [
        191
      ],
      "description": "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message.",
      "recommendation": "Upgrade krb5-libs to version 1.18.2-34.el8_10; Upgrade krb5-workstation to version 1.18.2-34.el8_10; Upgrade libkadm5 to version 1.18.2-34.el8_10",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-40356"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:19357"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-40356"
        },
        {
          "url": "https://bugzilla.redhat.com/2463368"
        },
        {
          "url": "https://bugzilla.redhat.com/2463370"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463368"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463370"
        },
        {
          "url": "https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40355"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40356"
        },
        {
          "url": "https://errata.almalinux.org/9/ALSA-2026-19357.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2026:19145"
        },
        {
          "url": "https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2026-40356.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2026-16799.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40356"
        },
        {
          "url": "https://web.mit.edu/kerberos/advisories/"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-40356"
        }
      ],
      "published": "2026-04-28T07:16:03+00:00",
      "updated": "2026-04-28T20:11:56+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/krb5-libs@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "1.18.2-33.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/krb5-workstation@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "1.18.2-33.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/libkadm5@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "1.18.2-33.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/krb5-libs@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/krb5-libs@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/krb5-libs@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/krb5-workstation@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libkadm5@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/krb5-libs@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/krb5-workstation@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libkadm5@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/krb5-libs@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/krb5-workstation@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libkadm5@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/krb5-libs@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/krb5-workstation@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libkadm5@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/krb5-libs@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/krb5-workstation@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libkadm5@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/krb5-libs@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/krb5-workstation@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libkadm5@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/krb5-libs@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/krb5-workstation@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libkadm5@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/krb5-libs@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/krb5-workstation@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libkadm5@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/krb5-libs@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/krb5-workstation@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libkadm5@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/krb5-libs@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/krb5-workstation@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libkadm5@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/krb5-libs@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/krb5-workstation@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libkadm5@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/krb5-libs@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/krb5-workstation@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libkadm5@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/krb5-libs@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/krb5-workstation@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libkadm5@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/krb5-libs@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/krb5-workstation@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libkadm5@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/krb5-libs@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/krb5-workstation@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libkadm5@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/krb5-libs@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/krb5-workstation@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libkadm5@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/krb5-libs@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/krb5-workstation@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libkadm5@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/krb5-libs@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/krb5-workstation@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libkadm5@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/krb5-libs@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/krb5-workstation@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libkadm5@1.18.2-33.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": "Exploitability analysis, additional details:\nTemurin JVM binary is linked only against glibc:\n$ ldd /usr/lib/jvm/temurin-17-jre/bin/java\n        linux-vdso.so.1 (0x0000ffff8cd00000)\n        libjli.so => /usr/lib/jvm/temurin-17-jre/bin/../lib/libjli.so (0x0000ffff8cc70000)\n        libpthread.so.0 => /lib64/libpthread.so.0 (0x0000ffff8cc3b000)\n        libdl.so.2 => /lib64/libdl.so.2 (0x0000ffff8cc1a000)\n        libc.so.6 => /lib64/libc.so.6 (0x0000ffff8caa4000)\n        /lib/ld-linux-aarch64.so.1 (0x0000ffff8ccc2000)"
      }
    },
    {
      "id": "CVE-2026-4046",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 5.3,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        617
      ],
      "description": "The iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399 character sets, which may be used to remotely crash an application.\n\n\n\nThis vulnerability can be trivially mitigated by removing the IBM1390 and IBM1399 character sets from systems that do not need them.",
      "recommendation": "Upgrade glibc to version 2.28-251.el8_10.37; Upgrade glibc-common to version 2.28-251.el8_10.37; Upgrade glibc-minimal-langpack to version 2.28-251.el8_10.37",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-4046"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:20587"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-4046"
        },
        {
          "url": "https://bugzilla.redhat.com/2453117"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453117"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4046"
        },
        {
          "url": "https://errata.almalinux.org/8/ALSA-2026-20587.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2026:20594"
        },
        {
          "url": "https://inbox.sourceware.org/libc-announce/76814edf-cf7f-47ec-979d-2dce0a2c76bf@gotplt.org/T/#u"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2026-4046.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2026-50291.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4046"
        },
        {
          "url": "https://packages.fedoraproject.org/pkgs/glibc/glibc-gconv-extra/"
        },
        {
          "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33980"
        },
        {
          "url": "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0007"
        },
        {
          "url": "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0007;hb=HEAD"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-4046"
        }
      ],
      "published": "2026-03-30T18:16:19+00:00",
      "updated": "2026-04-20T22:16:23+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "2.28-251.el8_10.34",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "2.28-251.el8_10.34",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "2.28-251.el8_10.34",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-4105",
      "ratings": [
        {
          "source": {
            "name": "redhat"
          },
          "score": 6.7,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"
        }
      ],
      "cwes": [
        284
      ],
      "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-4105"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:7299"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-4105"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447262"
        },
        {
          "url": "https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4105"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-4105"
        }
      ],
      "published": "2026-03-13T19:55:13+00:00",
      "updated": "2026-04-30T17:16:26+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "239-82.el8_10.16",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "239-82.el8_10.16",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "239-82.el8_10.16",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/systemd-pam@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/systemd@239-82.el8_10.16?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-41080",
      "ratings": [
        {
          "source": {
            "name": "amazon"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 3.7,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
        }
      ],
      "cwes": [
        331
      ],
      "description": "libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-41080"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2026/04/26/1"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-41080"
        },
        {
          "url": "https://blog.hartwork.org/posts/expat-2-8-0-released/"
        },
        {
          "url": "https://github.com/libexpat/libexpat/issues/47"
        },
        {
          "url": "https://github.com/libexpat/libexpat/pull/1183"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41080"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-41080"
        },
        {
          "url": "https://www.openwall.com/lists/oss-security/2026/04/26/1"
        }
      ],
      "published": "2026-04-16T17:16:54+00:00",
      "updated": "2026-04-27T07:16:03+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "2.5.0-1.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-41989",
      "ratings": [
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "julia"
          },
          "score": 6.7,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 7.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        787
      ],
      "description": "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-41989"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-41989"
        },
        {
          "url": "https://dev.gnupg.org/T8211"
        },
        {
          "url": "https://github.com/advisories/GHSA-wrv8-79m2-qg24"
        },
        {
          "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2026q2/000503.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41989"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8319-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-41989"
        },
        {
          "url": "https://www.openwall.com/lists/oss-security/2026/04/21/1"
        }
      ],
      "published": "2026-04-23T05:16:05+00:00",
      "updated": "2026-04-27T18:33:18+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "1.8.5-7.el8_6",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "in_triage",
        "justification": "",
        "response": [],
        "detail": "This CVE is under investigation by Confluent."
      }
    },
    {
      "id": "CVE-2026-41990",
      "ratings": [
        {
          "source": {
            "name": "julia"
          },
          "score": 4,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 3.3,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:L"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        787
      ],
      "description": "Libgcrypt before 1.12.2 mishandles Dilithium signing. Writes to a static array lack a bounds check but do not use attacker-controlled data.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-41990"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-41990"
        },
        {
          "url": "https://dev.gnupg.org/T8208"
        },
        {
          "url": "https://github.com/advisories/GHSA-78pv-qq8x-94px"
        },
        {
          "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2026q2/000503.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41990"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8319-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-41990"
        },
        {
          "url": "https://www.openwall.com/lists/oss-security/2026/04/21/1"
        }
      ],
      "published": "2026-04-23T05:16:05+00:00",
      "updated": "2026-04-27T18:33:27+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "1.8.5-7.el8_6",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-42009",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        475
      ],
      "description": "A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequence numbers. This could lead to unstable packet ordering or undefined behavior, resulting in a denial of service.",
      "recommendation": "Upgrade gnutls to version 3.6.16-8.el8_10.6",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-42009"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:13274"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:20611"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:20612"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:20613"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-42009"
        },
        {
          "url": "https://bugzilla.redhat.com/2445763"
        },
        {
          "url": "https://bugzilla.redhat.com/2450624"
        },
        {
          "url": "https://bugzilla.redhat.com/2450625"
        },
        {
          "url": "https://bugzilla.redhat.com/2467279"
        },
        {
          "url": "https://bugzilla.redhat.com/2467289"
        },
        {
          "url": "https://bugzilla.redhat.com/2467437"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445762"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445763"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450624"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450625"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467279"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467289"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467437"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467441"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467448"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467450"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467451"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467678"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467686"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33845"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33846"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3832"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3833"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42009"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42010"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42011"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42012"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42013"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42014"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42015"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5260"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5419"
        },
        {
          "url": "https://errata.almalinux.org/8/ALSA-2026-20611.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2026:20613"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2026-42009.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2026-20611.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42009"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8284-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42009"
        },
        {
          "url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-2"
        }
      ],
      "published": "2026-05-18T13:16:32+00:00",
      "updated": "2026-06-08T17:16:36+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.6.16-8.el8_10.5",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "in_triage",
        "justification": "",
        "response": [],
        "detail": "This CVE is under investigation by Confluent."
      }
    },
    {
      "id": "CVE-2026-42010",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 9.8,
          "severity": "critical",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "critical"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 7.1,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        626
      ],
      "description": "A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest\u2013Shamir\u2013Adleman \u2013 Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass. This vulnerability allows an attacker to gain unauthorized access by circumventing the authentication process.",
      "recommendation": "Upgrade gnutls to version 3.6.16-8.el8_10.6",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-42010"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:13274"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:20611"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:20612"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:20613"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-42010"
        },
        {
          "url": "https://bugzilla.redhat.com/2445763"
        },
        {
          "url": "https://bugzilla.redhat.com/2450624"
        },
        {
          "url": "https://bugzilla.redhat.com/2450625"
        },
        {
          "url": "https://bugzilla.redhat.com/2467279"
        },
        {
          "url": "https://bugzilla.redhat.com/2467289"
        },
        {
          "url": "https://bugzilla.redhat.com/2467437"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445762"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445763"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450624"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450625"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467279"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467289"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467437"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467441"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467448"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467450"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467451"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467678"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467686"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33845"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33846"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3832"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3833"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42009"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42010"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42011"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42012"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42013"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42014"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42015"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5260"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5419"
        },
        {
          "url": "https://errata.almalinux.org/8/ALSA-2026-20611.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2026:20613"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2026-42010.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2026-20611.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42010"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8284-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42010"
        },
        {
          "url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-4"
        }
      ],
      "published": "2026-05-07T12:16:17+00:00",
      "updated": "2026-06-02T16:16:39+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.6.16-8.el8_10.5",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-42011",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 7.4,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        295
      ],
      "description": "A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authorities (CAs) only had excluded name constraints. A remote attacker could exploit this to bypass critical name constraint checks during certificate validation. This bypass could lead to the acceptance of invalid certificates, potentially enabling spoofing or man-in-the-middle attacks against affected systems.",
      "recommendation": "Upgrade gnutls to version 3.6.16-8.el8_10.6",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-42011"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:13274"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:20611"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:20612"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:20613"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-42011"
        },
        {
          "url": "https://bugzilla.redhat.com/2445763"
        },
        {
          "url": "https://bugzilla.redhat.com/2450624"
        },
        {
          "url": "https://bugzilla.redhat.com/2450625"
        },
        {
          "url": "https://bugzilla.redhat.com/2467279"
        },
        {
          "url": "https://bugzilla.redhat.com/2467289"
        },
        {
          "url": "https://bugzilla.redhat.com/2467437"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445762"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445763"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450624"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450625"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467279"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467289"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467437"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467441"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467448"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467450"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467451"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467678"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467686"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33845"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33846"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3832"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3833"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42009"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42010"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42011"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42012"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42013"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42014"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42015"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5260"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5419"
        },
        {
          "url": "https://errata.almalinux.org/8/ALSA-2026-20611.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2026:20613"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2026-42011.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2026-20611.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42011"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8284-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42011"
        },
        {
          "url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-6"
        }
      ],
      "published": "2026-05-07T15:16:09+00:00",
      "updated": "2026-06-02T16:16:39+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.6.16-8.el8_10.5",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-42012",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 7.1,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        295
      ],
      "description": "A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier (URI) or Service (SRV) Subject Alternative Names (SANs). This could cause the certificate validation process to incorrectly fall back to checking DNS hostnames against the Common Name (CN), potentially allowing the attacker to spoof legitimate services or intercept sensitive information.",
      "recommendation": "Upgrade gnutls to version 3.6.16-8.el8_10.6",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-42012"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:20611"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:20612"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:20613"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-42012"
        },
        {
          "url": "https://bugzilla.redhat.com/2445763"
        },
        {
          "url": "https://bugzilla.redhat.com/2450624"
        },
        {
          "url": "https://bugzilla.redhat.com/2450625"
        },
        {
          "url": "https://bugzilla.redhat.com/2467279"
        },
        {
          "url": "https://bugzilla.redhat.com/2467289"
        },
        {
          "url": "https://bugzilla.redhat.com/2467437"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445762"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445763"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450624"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450625"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467279"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467289"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467437"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467441"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467448"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467450"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467451"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467678"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467686"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33845"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33846"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3832"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3833"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42009"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42010"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42011"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42012"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42013"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42014"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42015"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5260"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5419"
        },
        {
          "url": "https://errata.almalinux.org/8/ALSA-2026-20611.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2026:20613"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2026-42012.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2026-20611.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42012"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8284-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42012"
        },
        {
          "url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-7"
        }
      ],
      "published": "2026-05-26T22:16:41+00:00",
      "updated": "2026-06-02T16:16:39+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.6.16-8.el8_10.5",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "in_triage",
        "justification": "",
        "response": [],
        "detail": "This CVE is under investigation by Confluent."
      }
    },
    {
      "id": "CVE-2026-42013",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 8.2,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        1284
      ],
      "description": "A flaw was found in gnutls. When validating certificates, an oversized Subject Alternative Name (SAN) could cause the validation process to incorrectly fall back to checking the Common Name (CN) field. This could allow a remote attacker to bypass proper certificate validation, potentially leading to spoofing or man-in-the-middle attacks.",
      "recommendation": "Upgrade gnutls to version 3.6.16-8.el8_10.6",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-42013"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:20611"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:20612"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:20613"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-42013"
        },
        {
          "url": "https://bugzilla.redhat.com/2445763"
        },
        {
          "url": "https://bugzilla.redhat.com/2450624"
        },
        {
          "url": "https://bugzilla.redhat.com/2450625"
        },
        {
          "url": "https://bugzilla.redhat.com/2467279"
        },
        {
          "url": "https://bugzilla.redhat.com/2467289"
        },
        {
          "url": "https://bugzilla.redhat.com/2467437"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445762"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445763"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450624"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450625"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467279"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467289"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467437"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467441"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467448"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467450"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467451"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467678"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467686"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33845"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33846"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3832"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3833"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42009"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42010"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42011"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42012"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42013"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42014"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42015"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5260"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5419"
        },
        {
          "url": "https://errata.almalinux.org/8/ALSA-2026-20611.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2026:20613"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2026-42013.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2026-20611.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42013"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8284-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42013"
        },
        {
          "url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-8"
        }
      ],
      "published": "2026-05-26T22:16:42+00:00",
      "updated": "2026-06-02T16:16:40+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.6.16-8.el8_10.5",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "in_triage",
        "justification": "",
        "response": [],
        "detail": "This CVE is under investigation by Confluent."
      }
    },
    {
      "id": "CVE-2026-42014",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "redhat"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "description": "No description is available for this CVE.",
      "recommendation": "Upgrade gnutls to version 3.6.16-8.el8_10.6",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-42014"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:20611"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-42014"
        },
        {
          "url": "https://bugzilla.redhat.com/2445763"
        },
        {
          "url": "https://bugzilla.redhat.com/2450624"
        },
        {
          "url": "https://bugzilla.redhat.com/2450625"
        },
        {
          "url": "https://bugzilla.redhat.com/2467279"
        },
        {
          "url": "https://bugzilla.redhat.com/2467289"
        },
        {
          "url": "https://bugzilla.redhat.com/2467437"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445762"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445763"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450624"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450625"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467279"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467289"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467437"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467441"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467448"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467450"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467451"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467678"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467686"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33845"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33846"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3832"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3833"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42009"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42010"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42011"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42012"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42013"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42014"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42015"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5260"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5419"
        },
        {
          "url": "https://errata.almalinux.org/8/ALSA-2026-20611.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2026:20613"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2026-42014.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2026-20611.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42014"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8284-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42014"
        },
        {
          "url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-9"
        }
      ],
      "affects": [
        {
          "ref": "pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.6.16-8.el8_10.5",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-42015",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 5.3,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        193
      ],
      "description": "A flaw was found in gnutls. An off-by-one error exists in the PKCS#12 bag element bounds check. This vulnerability allows an remote attacker to write past the internal array of a PKCS#12 bag when appending to a bag that already contains 32 elements. This memory corruption could lead to a denial of service (DoS) or potentially other unspecified impacts.",
      "recommendation": "Upgrade gnutls to version 3.6.16-8.el8_10.6",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-42015"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:20611"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:20612"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:20613"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-42015"
        },
        {
          "url": "https://bugzilla.redhat.com/2445763"
        },
        {
          "url": "https://bugzilla.redhat.com/2450624"
        },
        {
          "url": "https://bugzilla.redhat.com/2450625"
        },
        {
          "url": "https://bugzilla.redhat.com/2467279"
        },
        {
          "url": "https://bugzilla.redhat.com/2467289"
        },
        {
          "url": "https://bugzilla.redhat.com/2467437"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445762"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445763"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450624"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450625"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467279"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467289"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467437"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467441"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467448"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467450"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467451"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467678"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467686"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33845"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33846"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3832"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3833"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42009"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42010"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42011"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42012"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42013"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42014"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42015"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5260"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5419"
        },
        {
          "url": "https://errata.almalinux.org/8/ALSA-2026-20611.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2026:20613"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2026-42015.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2026-20611.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42015"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8284-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42015"
        },
        {
          "url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-11"
        }
      ],
      "published": "2026-05-26T22:16:42+00:00",
      "updated": "2026-06-02T16:16:40+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.6.16-8.el8_10.5",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-4224",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 5.9,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "high"
        }
      ],
      "cwes": [
        674
      ],
      "description": "When an Expat parser with a registered ElementDeclHandler parses an inline\ndocument type definition containing a deeply nested content model a C stack\noverflow occurs.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-4224"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2026/03/16/4"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:19177"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-4224"
        },
        {
          "url": "https://bugzilla.redhat.com/2395108"
        },
        {
          "url": "https://bugzilla.redhat.com/2408891"
        },
        {
          "url": "https://bugzilla.redhat.com/2418084"
        },
        {
          "url": "https://bugzilla.redhat.com/2431366"
        },
        {
          "url": "https://bugzilla.redhat.com/2431374"
        },
        {
          "url": "https://bugzilla.redhat.com/2444691"
        },
        {
          "url": "https://bugzilla.redhat.com/2448168"
        },
        {
          "url": "https://bugzilla.redhat.com/2448181"
        },
        {
          "url": "https://bugzilla.redhat.com/2449649"
        },
        {
          "url": "https://bugzilla.redhat.com/2457409"
        },
        {
          "url": "https://bugzilla.redhat.com/2457932"
        },
        {
          "url": "https://bugzilla.redhat.com/2458049"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408891"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418084"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431366"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431374"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2444691"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448168"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448181"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449649"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457409"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457932"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458049"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13837"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15282"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59375"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6075"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0672"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1502"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2297"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3644"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4224"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4519"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4786"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6100"
        },
        {
          "url": "https://errata.almalinux.org/9/ALSA-2026-19177.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2026:19064"
        },
        {
          "url": "https://github.com/python/cpython/commit/196edfb06a7458377d4d0f4b3cd41724c1f3bd4a"
        },
        {
          "url": "https://github.com/python/cpython/commit/642865ddf4b232da1f3b1f7abcfa3254c4bfe785"
        },
        {
          "url": "https://github.com/python/cpython/commit/af856a7177326ac25d9f66cc6dd28b554d914fee"
        },
        {
          "url": "https://github.com/python/cpython/commit/e0a8a6da90597a924b300debe045cdb4628ee1f3"
        },
        {
          "url": "https://github.com/python/cpython/commit/eb0e8be3a7e11b87d198a2c3af1ed0eccf532768"
        },
        {
          "url": "https://github.com/python/cpython/issues/145986"
        },
        {
          "url": "https://github.com/python/cpython/pull/145987"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2026-4224.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2026-10950.html"
        },
        {
          "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/5M7CGUW3XBRY7II4DK43KF7NQQ3TPZ6R/"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4224"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-4224"
        }
      ],
      "published": "2026-03-16T18:16:10+00:00",
      "updated": "2026-06-04T19:33:19+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.6.8-76.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.6.8-76.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-42250",
      "ratings": [
        {
          "source": {
            "name": "redhat"
          },
          "score": 5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"
        }
      ],
      "cwes": [
        787
      ],
      "description": "bzip2 contains an off\u2011by\u2011one error in the bzip2recover utility. When processing a specially crafted file, the application performs an out\u2011of\u2011bounds write to a global buffer, resulting in memory corruption and a crash (denial of service).\n\nThis issue was fixed in bzip2 patch\u00a035d122a3df8b0cc4082a4d89fdc6ee99f375fe67",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-42250"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-42250"
        },
        {
          "url": "https://cert.pl/en/posts/2026/05/CVE-2026-42250/"
        },
        {
          "url": "https://inbox.sourceware.org/bzip2-devel/20260528145407.293768-1-mark@klomp.org/"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42250"
        },
        {
          "url": "https://sourceware.org/bzip2/"
        },
        {
          "url": "https://sourceware.org/cgit/bzip2/commit/?id=35d122a3df8b0cc4082a4d89fdc6ee99f375fe67"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42250"
        }
      ],
      "published": "2026-05-28T14:16:19+00:00",
      "updated": "2026-06-05T08:16:30+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/bzip2-libs@1.0.6-28.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "1.0.6-28.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/bzip2-libs@1.0.6-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/bzip2-libs@1.0.6-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/bzip2-libs@1.0.6-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/bzip2-libs@1.0.6-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/bzip2-libs@1.0.6-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/bzip2-libs@1.0.6-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/bzip2-libs@1.0.6-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/bzip2-libs@1.0.6-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/bzip2-libs@1.0.6-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/bzip2-libs@1.0.6-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/bzip2-libs@1.0.6-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/bzip2-libs@1.0.6-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/bzip2-libs@1.0.6-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/bzip2-libs@1.0.6-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/bzip2-libs@1.0.6-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/bzip2-libs@1.0.6-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/bzip2-libs@1.0.6-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/bzip2-libs@1.0.6-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/bzip2-libs@1.0.6-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/bzip2-libs@1.0.6-28.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/bzip2-libs@1.0.6-28.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ]
    },
    {
      "id": "CVE-2026-42308",
      "ratings": [
        {
          "source": {
            "name": "amazon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "ghsa"
          },
          "score": 5.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 5.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 6.2,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        190
      ],
      "description": "Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This issue has been patched in version 12.2.0.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-42308"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-42308"
        },
        {
          "url": "https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2026-165.yaml"
        },
        {
          "url": "https://github.com/python-pillow/Pillow"
        },
        {
          "url": "https://github.com/python-pillow/Pillow/pull/9518/changes"
        },
        {
          "url": "https://github.com/python-pillow/Pillow/releases/tag/12.2.0"
        },
        {
          "url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-wjx4-4jcj-g98j"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42308"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8399-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42308"
        }
      ],
      "published": "2026-05-09T06:16:09+00:00",
      "updated": "2026-05-12T17:57:20+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.6.8-76.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.6.8-76.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-42923",
      "ratings": [
        {
          "source": {
            "name": "amazon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 5.3,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 5.3,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        407
      ],
      "description": "NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the DNSSEC validator where the code path to consult the negative cache for DS records does not take into account the limit on NSEC3 hash calculations introduced in 1.19.1. This leads to degradation of service during the attack. An adversary that controls a DNSSEC signed zone can exploit this by signing NSEC3 records with acceptably high iterations for child delegations and querying a vulnerable Unbound. Unbound will keep performing the allowed hash calculations on the NSEC3 records and will not limit the work by the mitigation introduced in 1.19.1. As a side effect, a global lock for the negative cache will be held for the duration of the hashing, blocking other threads that need to consult the negative cache. Coordinated attacks could raise the vulnerability to denial of service. Unbound 1.25.1 contains a patch with a fix to bound the vulnerable code path with the existing limit for NSEC3 hash calculations.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-42923"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-42923"
        },
        {
          "url": "https://nlnetlabs.nl/news/2026/May/20/unbound-1.25.1-released/"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42923"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8282-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42923"
        },
        {
          "url": "https://www.nlnetlabs.nl/downloads/unbound/CVE-2026-42923.txt"
        }
      ],
      "published": "2026-05-20T10:16:27+00:00",
      "updated": "2026-05-20T22:50:35+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "1.16.2-5.9.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "1.16.2-5.9.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-42944",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        197,
        787
      ],
      "description": "NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a vulnerability that results in heap overflow when encoding multiple NSID and/or DNS Cookie EDNS and/or EDNS Padding options in the reply packet. The relevant options ('nsid', 'answer-cookie', 'pad-responses' (default)) need to be enabled for the vulnerability to be exploited. An adversary who can query Unbound can exploit the vulnerability by attaching multiple NSID and/or DNS Cookie EDNS and/or EDNS Padding options to the query. A flaw in the size calculation of the EDNS field truncates the correct value which allows the encoder to overflow the available space when writing. Those two combined lead to a heap overflow write of Unbound controlled data and eventually a crash. Unbound 1.25.1 contains a patch with a fix to de-duplicate the EDNS options and a fix to prevent truncation of the EDNS field size calculation.",
      "recommendation": "Upgrade python3-unbound to version 1.16.2-5.11.el8_10; Upgrade unbound-libs to version 1.16.2-5.11.el8_10",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-42944"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:24365"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-42944"
        },
        {
          "url": "https://bugzilla.redhat.com/2479774"
        },
        {
          "url": "https://bugzilla.redhat.com/2479806"
        },
        {
          "url": "https://errata.almalinux.org/8/ALSA-2026-24365.html"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2026-42944.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2026-24365.html"
        },
        {
          "url": "https://nlnetlabs.nl/news/2026/May/20/unbound-1.25.1-released/"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42944"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8282-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42944"
        },
        {
          "url": "https://www.nlnetlabs.nl/downloads/unbound/CVE-2026-42944.txt"
        }
      ],
      "published": "2026-05-20T10:16:27+00:00",
      "updated": "2026-05-20T22:50:49+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "1.16.2-5.9.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "1.16.2-5.9.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "in_triage",
        "justification": "",
        "response": [],
        "detail": "This CVE is under investigation by Confluent."
      }
    },
    {
      "id": "CVE-2026-42959",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        824
      ],
      "description": "NLnet Labs Unbound up to and including version 1.25.0 has a denial of service vulnerability in the DNSSEC validator that can lead to a crash given malicious upstream replies. When Unbound constructs chase-reply messages for validation, the code uses the wrong counter to calculate write offsets for ADDITIONAL section rrsets. DNAME duplication could increase the ANSWER section count and authority filtering could decrease the AUTHORITY section count and create an uninitialized array slot. Combining these two, the validator later dereferences this uninitialized pointer, causing an immediate process crash. An adversary controlling a DNSSEC-signed domain can trigger this bug with a single query by configuring a DNAME chain with unsigned CNAMEs and a response containing unsigned AUTHORITY records alongside signed ADDITIONAL glue records. Unbound 1.25.1 contains a patch with a fix to use the proper counters to calculate the write offsets.",
      "recommendation": "Upgrade python3-unbound to version 1.16.2-5.11.el8_10; Upgrade unbound-libs to version 1.16.2-5.11.el8_10",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-42959"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:24365"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-42959"
        },
        {
          "url": "https://bugzilla.redhat.com/2479774"
        },
        {
          "url": "https://bugzilla.redhat.com/2479806"
        },
        {
          "url": "https://errata.almalinux.org/8/ALSA-2026-24365.html"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2026-42959.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2026-24365.html"
        },
        {
          "url": "https://nlnetlabs.nl/news/2026/May/20/unbound-1.25.1-released/"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42959"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8282-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8282-2"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42959"
        },
        {
          "url": "https://www.nlnetlabs.nl/downloads/unbound/CVE-2026-42959.txt"
        }
      ],
      "published": "2026-05-20T10:16:27+00:00",
      "updated": "2026-05-20T22:51:00+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "1.16.2-5.9.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "1.16.2-5.9.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "in_triage",
        "justification": "",
        "response": [],
        "detail": "This CVE is under investigation by Confluent."
      }
    },
    {
      "id": "CVE-2026-42960",
      "ratings": [
        {
          "source": {
            "name": "amazon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 10,
          "severity": "critical",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "critical"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 5.9,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        349
      ],
      "description": "NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to poisoning via promiscuous records for the authority section. Promiscuous RRSets that complement DNS replies in the authority section can be used to trick Unbound to cache such records. If an adversary is able to attach such records in a reply (i.e., spoofed packet, fragmentation attack) he would be able to poison Unbound's cache. A malicious actor can exploit the possible poisonous effect by injecting RRSets other than NS that are also accompanied by address records in a reply, for example MX. This could be achieved by trying to spoof a reply packet or fragmentation attacks. Unbound would then accept the relative address records in the additional section and cache them if the authority RRSet has enough trust at this point, i.e., in-zone data for the delegation point. Unbound 1.25.1 contains a patch with a fix that disregards address records from the additional section if they are not explicitly relevant only to authority NS records, mitigating the possible poison effect. This is a complement fix to CVE-2025-11411.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-42960"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-42960"
        },
        {
          "url": "https://nlnetlabs.nl/news/2026/May/20/unbound-1.25.1-released/"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42960"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8282-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8282-2"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42960"
        },
        {
          "url": "https://www.nlnetlabs.nl/downloads/unbound/CVE-2026-42960.txt"
        }
      ],
      "published": "2026-05-20T10:16:28+00:00",
      "updated": "2026-05-20T22:51:43+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "1.16.2-5.9.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "1.16.2-5.9.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-4426",
      "ratings": [
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 6.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        1335
      ],
      "description": "A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field (`pz_log2_bs`) read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to incorrect memory allocation and potential application crashes, resulting in a denial-of-service (DoS) condition.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-4426"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:8944"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-4426"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449010"
        },
        {
          "url": "https://github.com/libarchive/libarchive/pull/2897"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4426"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8292-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-4426"
        }
      ],
      "published": "2026-03-19T15:16:28+00:00",
      "updated": "2026-05-03T21:16:11+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.3.3-7.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-4437",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 6.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        125
      ],
      "description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-4437"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:19061"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-4437"
        },
        {
          "url": "https://bugzilla.redhat.com/2449777"
        },
        {
          "url": "https://bugzilla.redhat.com/2449783"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449777"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449783"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4437"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4438"
        },
        {
          "url": "https://errata.almalinux.org/10/ALSA-2026-19061.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2026:19061"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4437"
        },
        {
          "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=34014"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-4437"
        },
        {
          "url": "https://www.openwall.com/lists/oss-security/2026/03/23/2"
        }
      ],
      "published": "2026-03-20T20:16:49+00:00",
      "updated": "2026-04-07T18:41:36+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "2.28-251.el8_10.34",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "2.28-251.el8_10.34",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "2.28-251.el8_10.34",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-4438",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 4,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        20,
        88
      ],
      "description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-4438"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:19061"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-4438"
        },
        {
          "url": "https://bugzilla.redhat.com/2449777"
        },
        {
          "url": "https://bugzilla.redhat.com/2449783"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449777"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449783"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4437"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4438"
        },
        {
          "url": "https://errata.almalinux.org/10/ALSA-2026-19061.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2026:19061"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4438"
        },
        {
          "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=34015"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-4438"
        },
        {
          "url": "https://www.openwall.com/lists/oss-security/2026/03/23/2"
        }
      ],
      "published": "2026-03-20T20:16:49+00:00",
      "updated": "2026-04-07T18:40:02+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "2.28-251.el8_10.34",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "2.28-251.el8_10.34",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "2.28-251.el8_10.34",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-44431",
      "source": {
        "name": "ghsa",
        "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
      },
      "ratings": [
        {
          "source": {
            "name": "azure"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "ghsa"
          },
          "score": 5.3,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 5.3,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 5.9,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        200
      ],
      "description": "urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward these sensitive headers. This vulnerability is fixed in 2.7.0.",
      "recommendation": "Upgrade urllib3 to version 2.7.0",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-44431"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-44431"
        },
        {
          "url": "https://github.com/urllib3/urllib3"
        },
        {
          "url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8379-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44431"
        }
      ],
      "published": "2026-05-13T16:16:57+00:00",
      "updated": "2026-05-14T13:56:27+00:00",
      "affects": [
        {
          "ref": "pkg:pypi/urllib3@2.6.3",
          "versions": [
            {
              "version": "2.6.3",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:pypi/urllib3@2.6.3"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:pypi/urllib3@2.6.3"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:pypi/urllib3@2.6.3"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:pypi/urllib3@2.6.3"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:pypi/urllib3@2.6.3"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:pypi/urllib3@2.6.3"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:pypi/urllib3@2.6.3"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:pypi/urllib3@2.6.3"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:pypi/urllib3@2.6.3"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:pypi/urllib3@2.6.3"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:pypi/urllib3@2.6.3"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:pypi/urllib3@2.6.3"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:pypi/urllib3@2.6.3"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:pypi/urllib3@2.6.3"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:pypi/urllib3@2.6.3"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:pypi/urllib3@2.6.3"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:pypi/urllib3@2.6.3"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:pypi/urllib3@2.6.3"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:pypi/urllib3@2.6.3"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-44432",
      "source": {
        "name": "ghsa",
        "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
      },
      "ratings": [
        {
          "source": {
            "name": "ghsa"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        409
      ],
      "description": "urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion (1) during the second HTTPResponse.read(amt=N) call when the response was decompressed using the official Brotli library or (2) when HTTPResponse.drain_conn() was called after the response had been read and decompressed partially (compression algorithm did not matter here). These issues could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This could result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data) on the client side. This vulnerability is fixed in 2.7.0.",
      "recommendation": "Upgrade urllib3 to version 2.7.0",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-44432"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-44432"
        },
        {
          "url": "https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2026-142.yaml"
        },
        {
          "url": "https://github.com/urllib3/urllib3"
        },
        {
          "url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8379-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44432"
        }
      ],
      "published": "2026-05-13T16:16:57+00:00",
      "updated": "2026-05-14T13:49:25+00:00",
      "affects": [
        {
          "ref": "pkg:pypi/urllib3@2.6.3",
          "versions": [
            {
              "version": "2.6.3",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:pypi/urllib3@2.6.3"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:pypi/urllib3@2.6.3"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:pypi/urllib3@2.6.3"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:pypi/urllib3@2.6.3"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:pypi/urllib3@2.6.3"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:pypi/urllib3@2.6.3"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:pypi/urllib3@2.6.3"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:pypi/urllib3@2.6.3"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:pypi/urllib3@2.6.3"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:pypi/urllib3@2.6.3"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:pypi/urllib3@2.6.3"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:pypi/urllib3@2.6.3"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:pypi/urllib3@2.6.3"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:pypi/urllib3@2.6.3"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:pypi/urllib3@2.6.3"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:pypi/urllib3@2.6.3"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:pypi/urllib3@2.6.3"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:pypi/urllib3@2.6.3"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:pypi/urllib3@2.6.3"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-44604",
      "ratings": [
        {
          "source": {
            "name": "redhat"
          },
          "score": 7,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"
        }
      ],
      "cwes": [
        78
      ],
      "description": "A command injection vulnerability was discovered in the `rpmuncompress` utility of RPM. When extracting certain archive formats (ZIP, 7z, GEM) to a specified destination directory, the tool inserts the archive's top-level folder name into a shell command without properly sanitizing it. A specially crafted archive containing shell metacharacters in its folder name can execute arbitrary commands as the user running the extraction.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-44604"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-44604"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460967"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44604"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44604"
        }
      ],
      "published": "2026-05-28T08:16:35+00:00",
      "updated": "2026-05-28T13:44:54+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/python3-rpm@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "4.14.3-32.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/rpm-build-libs@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "4.14.3-32.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "4.14.3-32.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/rpm@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "4.14.3-32.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/python3-rpm@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/rpm-build-libs@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/rpm@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/python3-rpm@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/rpm-build-libs@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/rpm@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/python3-rpm@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/rpm-build-libs@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/rpm@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/python3-rpm@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/rpm-build-libs@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/rpm@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/python3-rpm@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/rpm-build-libs@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/rpm@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/python3-rpm@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/rpm-build-libs@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/rpm@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/python3-rpm@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/rpm-build-libs@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/rpm@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/python3-rpm@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/rpm-build-libs@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/rpm@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/python3-rpm@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/rpm-build-libs@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/rpm@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/python3-rpm@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/rpm-build-libs@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/rpm@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/python3-rpm@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/rpm-build-libs@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/rpm@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/python3-rpm@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/rpm-build-libs@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/rpm@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/python3-rpm@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/rpm-build-libs@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/rpm@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/python3-rpm@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/rpm-build-libs@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/rpm@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/python3-rpm@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/rpm-build-libs@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/rpm@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/python3-rpm@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/rpm-build-libs@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/rpm@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/python3-rpm@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/rpm-build-libs@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/rpm@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/python3-rpm@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/rpm-build-libs@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/rpm@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/python3-rpm@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/rpm-build-libs@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/rpm@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/python3-rpm@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/rpm-build-libs@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/rpm@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/python3-rpm@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/rpm-build-libs@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/rpm@4.14.3-32.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "in_triage",
        "justification": "",
        "response": [],
        "detail": "This CVE is under investigation by Confluent."
      }
    },
    {
      "id": "CVE-2026-44608",
      "ratings": [
        {
          "source": {
            "name": "amazon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 5.9,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 5.9,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        413
      ],
      "description": "NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a locking inconsistency vulnerability that when certain conditions are met (multi-threaded, RPZ XFR reload, RPZ zone with 'rpz-nsip'/'rpz-nsdname' triggers) it could result in heap use-after-free and eventual crash. An adversary can exploit the vulnerability if conditions are first met on a vulnerable Unbound, i.e., multi-threaded, an RPZ zone with 'rpz-nsip'/'rpz-nsdname' triggers and an ongoing XFR for that RPZ zone. Local RPZ files do not trigger the vulnerability. If the timing is right and an XFR happens at the same time another thread needs to read that RPZ zone, the reader may not hold the lock long enough and the thread applying the XFR may free objects that the reader is about to walk causing the use-after-free. Unbound 1.25.1 contains a patch with a fix to the locking code.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-44608"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-44608"
        },
        {
          "url": "https://nlnetlabs.nl/news/2026/May/20/unbound-1.25.1-released/"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44608"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8282-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44608"
        },
        {
          "url": "https://www.nlnetlabs.nl/downloads/unbound/CVE-2026-44608.txt"
        }
      ],
      "published": "2026-05-20T10:16:28+00:00",
      "updated": "2026-05-20T22:52:48+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "1.16.2-5.9.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "1.16.2-5.9.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/python3-unbound@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/unbound-libs@1.16.2-5.9.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-45186",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "high"
        }
      ],
      "cwes": [
        407
      ],
      "description": "In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input.",
      "recommendation": "Upgrade expat to version 2.5.0-2.el8_10",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-45186"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2026/05/11/16"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:22721"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-45186"
        },
        {
          "url": "https://bugzilla.redhat.com/2468575"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2468575"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-45186"
        },
        {
          "url": "https://errata.almalinux.org/8/ALSA-2026-22721.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2026:22715"
        },
        {
          "url": "https://github.com/libexpat/libexpat/pull/1216"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2026-45186.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2026-22721.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45186"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45186"
        }
      ],
      "published": "2026-05-10T07:16:07+00:00",
      "updated": "2026-05-14T17:20:32+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "2.5.0-1.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-45409",
      "source": {
        "name": "ghsa",
        "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
      },
      "ratings": [],
      "cwes": [
        1333
      ],
      "description": "Internationalized Domain Names in Applications (IDNA) for Python provides support for Internationalized Domain Names in Applications (IDNA) and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as `\"\\u0660\" * N` or `\"\\u30fb\" * N + \"\\u6f22\"` utilize the `valid_contexto` function prior to length rejection, and for high values of `N` will take a long time to process. This is the same issue as CVE-2024-3651, however the original remediation in 2024 was not a complete fix. A specially crafted argument to the `idna.encode()` function could consume significant resources. This may lead to a denial-of-service. Starting in version 3.14, the function rejects long inputs as soon as practicable prior to any further processing to minimize resource consumption. In version 3.15, this approach was extended to lesser used alternate functions (i.e. per-label conversions and codec support). A workaround is available. Domain names cannot exceed 253 characters in length. If this length limit is enforced prior to passing the domain to the `idna.encode()` function, it should no longer consume significant resources. This is triggered by arbitrarily large inputs that would not occur in normal usage, but may be passed to the library assuming there is no preliminary input validation by the higher-level application.",
      "recommendation": "Upgrade idna to version 3.15",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-45409"
        },
        {
          "url": "https://github.com/kjd/idna"
        },
        {
          "url": "https://github.com/kjd/idna/security/advisories/GHSA-65pc-fj4g-8rjx"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45409"
        }
      ],
      "published": "2026-06-05T23:16:43+00:00",
      "updated": "2026-06-08T15:02:26+00:00",
      "affects": [
        {
          "ref": "pkg:pypi/idna@3.13",
          "versions": [
            {
              "version": "3.13",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:pypi/idna@3.13"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:pypi/idna@3.13"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:pypi/idna@3.13"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:pypi/idna@3.13"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:pypi/idna@3.13"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:pypi/idna@3.13"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:pypi/idna@3.13"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:pypi/idna@3.13"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:pypi/idna@3.13"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:pypi/idna@3.13"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:pypi/idna@3.13"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:pypi/idna@3.13"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:pypi/idna@3.13"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:pypi/idna@3.13"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:pypi/idna@3.13"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:pypi/idna@3.13"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:pypi/idna@3.13"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:pypi/idna@3.13"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:pypi/idna@3.13"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-4873",
      "ratings": [
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 5.3,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "low"
        }
      ],
      "cwes": [
        295,
        319
      ],
      "description": "A vulnerability exists where a connection requiring TLS incorrectly reuses an\nexisting unencrypted connection from the same connection pool. If an initial\ntransfer is made in clear-text (via IMAP, SMTP, or POP3), a subsequent request\nto that same host bypasses the TLS requirement and instead transmit data\nunencrypted.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-4873"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2026/04/29/7"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-4873"
        },
        {
          "url": "https://curl.se/docs/CVE-2026-4873.html"
        },
        {
          "url": "https://curl.se/docs/CVE-2026-4873.json"
        },
        {
          "url": "https://hackerone.com/reports/3621851"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4873"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8227-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-4873"
        }
      ],
      "published": "2026-05-13T13:01:55+00:00",
      "updated": "2026-05-14T13:45:11+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "7.61.1-34.el8_10.11",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "7.61.1-34.el8_10.11",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-48864",
      "ratings": [
        {
          "source": {
            "name": "amazon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 7.8,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
        }
      ],
      "cwes": [
        787
      ],
      "description": "A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within `.solv` files due to insufficient input validation. An attacker can provide a specially crafted `.solv` file, which, when processed by a vulnerable application, can lead to out-of-bounds memory access. This could result in information disclosure, alteration of program execution, or a denial of service.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-48864"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:21333"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-48864"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460425"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48864"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-48864"
        }
      ],
      "published": "2026-05-26T17:16:54+00:00",
      "updated": "2026-05-28T19:22:42+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/libsolv@0.7.20-6.el8?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "0.7.20-6.el8",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libsolv@0.7.20-6.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libsolv@0.7.20-6.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libsolv@0.7.20-6.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libsolv@0.7.20-6.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libsolv@0.7.20-6.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libsolv@0.7.20-6.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libsolv@0.7.20-6.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libsolv@0.7.20-6.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libsolv@0.7.20-6.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libsolv@0.7.20-6.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libsolv@0.7.20-6.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libsolv@0.7.20-6.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libsolv@0.7.20-6.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libsolv@0.7.20-6.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libsolv@0.7.20-6.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libsolv@0.7.20-6.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libsolv@0.7.20-6.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libsolv@0.7.20-6.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libsolv@0.7.20-6.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libsolv@0.7.20-6.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libsolv@0.7.20-6.el8?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "in_triage",
        "justification": "",
        "response": [],
        "detail": "This CVE is under investigation by Confluent."
      }
    },
    {
      "id": "CVE-2026-50219",
      "ratings": [
        {
          "source": {
            "name": "nvd"
          },
          "score": 5.9,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 4.9,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
        }
      ],
      "cwes": [
        416
      ],
      "description": "libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_GetBuffer, XML_Parse, XML_ParseBuffer, XML_ParserFree, or XML_ParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur,",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-50219"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-50219"
        },
        {
          "url": "https://github.com/libexpat/libexpat/pull/1246"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50219"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-50219"
        }
      ],
      "published": "2026-06-04T06:16:25+00:00",
      "updated": "2026-06-04T18:39:29+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "2.5.0-1.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-5260",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "oracle-oval"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 8.2,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        1284
      ],
      "description": "A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS#11 token, could trigger a short heap overread. This memory corruption vulnerability could lead to information disclosure.",
      "recommendation": "Upgrade gnutls to version 3.6.16-8.el8_10.6",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-5260"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:20611"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:20612"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:20613"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-5260"
        },
        {
          "url": "https://bugzilla.redhat.com/2445763"
        },
        {
          "url": "https://bugzilla.redhat.com/2450624"
        },
        {
          "url": "https://bugzilla.redhat.com/2450625"
        },
        {
          "url": "https://bugzilla.redhat.com/2467279"
        },
        {
          "url": "https://bugzilla.redhat.com/2467289"
        },
        {
          "url": "https://bugzilla.redhat.com/2467437"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445762"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445763"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450624"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450625"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467279"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467289"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467437"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467441"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467448"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467450"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467451"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467678"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467686"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33845"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33846"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3832"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3833"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42009"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42010"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42011"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42012"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42013"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42014"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42015"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5260"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5419"
        },
        {
          "url": "https://errata.almalinux.org/8/ALSA-2026-20611.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2026:20613"
        },
        {
          "url": "https://linux.oracle.com/cve/CVE-2026-5260.html"
        },
        {
          "url": "https://linux.oracle.com/errata/ELSA-2026-20611.html"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5260"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8284-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-5260"
        },
        {
          "url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-10"
        }
      ],
      "published": "2026-05-26T22:16:44+00:00",
      "updated": "2026-06-02T16:16:45+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.6.16-8.el8_10.5",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "in_triage",
        "justification": "",
        "response": [],
        "detail": "This CVE is under investigation by Confluent."
      }
    },
    {
      "id": "CVE-2026-5419",
      "ratings": [
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 3.7,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        208
      ],
      "description": "A flaw was found in gnutls. The PKCS#7 padding check, performed during decryption, was not constant-time. This timing side-channel could allow a remote attacker to potentially leak sensitive information about the padding bytes through observable timing differences. This vulnerability is a form of information disclosure.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-5419"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:20612"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:20613"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-5419"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445762"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445763"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450624"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450625"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467279"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467289"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467437"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467441"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467448"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467450"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467451"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467678"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467686"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33845"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33846"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3832"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3833"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42009"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42010"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42011"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42012"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42013"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42014"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42015"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5260"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5419"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2026:20613"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5419"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8284-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-5419"
        },
        {
          "url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-13"
        }
      ],
      "published": "2026-06-01T21:16:47+00:00",
      "updated": "2026-06-02T17:16:37+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.6.16-8.el8_10.5",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-5435",
      "ratings": [
        {
          "source": {
            "name": "redhat"
          },
          "score": 5.9,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:H"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        787
      ],
      "description": "The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-5435"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-5435"
        },
        {
          "url": "https://inbox.sourceware.org/libc-alpha/cover.1777546194.git.fweimer@redhat.com/"
        },
        {
          "url": "https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5435"
        },
        {
          "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=34033"
        },
        {
          "url": "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0011"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-5435"
        }
      ],
      "published": "2026-04-28T13:19:22+00:00",
      "updated": "2026-05-05T17:38:37+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "2.28-251.el8_10.34",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "2.28-251.el8_10.34",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "2.28-251.el8_10.34",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-5450",
      "ratings": [
        {
          "source": {
            "name": "photon"
          },
          "severity": "critical"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H"
        }
      ],
      "cwes": [
        122,
        787
      ],
      "description": "Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-5450"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-5450"
        },
        {
          "url": "https://inbox.sourceware.org/libc-announce/b11f0003-6ec1-4bd6-b9de-9e38a4efeca3@redhat.com/T/#u"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5450"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5450#range-21286997"
        },
        {
          "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=CVE-2026-5450"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-5450"
        }
      ],
      "published": "2026-04-20T21:16:36+00:00",
      "updated": "2026-04-23T15:33:34+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "2.28-251.el8_10.34",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "2.28-251.el8_10.34",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "2.28-251.el8_10.34",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-5545",
      "ratings": [
        {
          "source": {
            "name": "nvd"
          },
          "score": 6.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 6.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        613
      ],
      "description": "libcurl might in some circumstances reuse the wrong connection when asked to\ndo an authenticated HTTP(S) request after a Negotiate-authenticated one, when\nboth use the same host.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criteria must be met. Due to a logical\nerror in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials.\n\nAn application that first uses Negotiate authentication to a server with\n`user1:password1` and then does another operation to the same server asking\nfor any authentication method but for `user2:password2` (while the previous\nconnection is still alive) - the second request gets confused and wrongly\nreuses the same connection and sends the new request over that connection\nthinking it uses a mix of user1's and user2's credentials when it is in fact\nstill using the connection authenticated for user1...",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-5545"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-5545"
        },
        {
          "url": "https://curl.se/docs/CVE-2026-5545.html"
        },
        {
          "url": "https://curl.se/docs/CVE-2026-5545.json"
        },
        {
          "url": "https://hackerone.com/reports/3642555"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5545"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8227-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-5545"
        }
      ],
      "published": "2026-05-13T13:01:56+00:00",
      "updated": "2026-05-13T19:31:07+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "7.61.1-34.el8_10.11",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "7.61.1-34.el8_10.11",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-5704",
      "ratings": [
        {
          "source": {
            "name": "nvd"
          },
          "score": 5.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        434
      ],
      "description": "A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files onto a system without detection.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-5704"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2026/04/11/10"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2026/04/11/11"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2026/04/12/2"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-5704"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455360"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5704"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-5704"
        }
      ],
      "published": "2026-04-06T16:16:42+00:00",
      "updated": "2026-04-22T20:08:59+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2",
          "versions": [
            {
              "version": "2:1.30-11.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=redhat-8.10&epoch=2"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-5713",
      "ratings": [
        {
          "source": {
            "name": "alma"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 6,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"
        },
        {
          "source": {
            "name": "rocky"
          },
          "severity": "high"
        }
      ],
      "cwes": [
        121,
        125
      ],
      "description": "The \"profiling.sampling\" module (Python 3.15+) and \"asyncio introspection capabilities\" (3.14+, \"python -m asyncio ps\" and \"python -m asyncio pstree\") features could be used to read and write addresses in a privileged process if that process connected to a malicious or \"infected\" Python process via the remote debugging feature. This vulnerability requires persistently and repeatedly connecting to the process to be exploited, even after the connecting process crashes with high likelihood due to ASLR.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-5713"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2026/04/15/6"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:19176"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-5713"
        },
        {
          "url": "https://bugzilla.redhat.com/2431367"
        },
        {
          "url": "https://bugzilla.redhat.com/2444691"
        },
        {
          "url": "https://bugzilla.redhat.com/2448168"
        },
        {
          "url": "https://bugzilla.redhat.com/2448181"
        },
        {
          "url": "https://bugzilla.redhat.com/2449649"
        },
        {
          "url": "https://bugzilla.redhat.com/2457409"
        },
        {
          "url": "https://bugzilla.redhat.com/2457932"
        },
        {
          "url": "https://bugzilla.redhat.com/2458049"
        },
        {
          "url": "https://bugzilla.redhat.com/2458239"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431367"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2444691"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448168"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448181"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449649"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457409"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457932"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458049"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458239"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0865"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1502"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2297"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3644"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4224"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4519"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4786"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5713"
        },
        {
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6100"
        },
        {
          "url": "https://errata.almalinux.org/9/ALSA-2026-19176.html"
        },
        {
          "url": "https://errata.rockylinux.org/RLSA-2026:19019"
        },
        {
          "url": "https://github.com/python/cpython/commit/289fd2c97a7e5aecb8b69f94f5e838ccfeee7e67"
        },
        {
          "url": "https://github.com/python/cpython/issues/148178"
        },
        {
          "url": "https://github.com/python/cpython/pull/148187"
        },
        {
          "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/OG4RHARYSNIE22GGOMVMCRH76L5HKPLM/"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5713"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-5713"
        }
      ],
      "published": "2026-04-14T16:16:48+00:00",
      "updated": "2026-04-17T15:11:35+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.6.8-76.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.6.8-76.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-5745",
      "ratings": [
        {
          "source": {
            "name": "redhat"
          },
          "score": 5.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        476
      ],
      "description": "A flaw was found in libarchive. A NULL pointer dereference vulnerability exists in the ACL parsing logic, specifically within the archive_acl_from_text_nl() function. When processing a malformed ACL string (such as a bare \"d\" or \"default\" tag without subsequent fields), the function fails to perform adequate validation before advancing the pointer. An attacker can exploit this by providing a maliciously crafted archive, causing an application utilizing the libarchive API (such as bsdtar) to crash, resulting in a Denial of Service (DoS).",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-5745"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:8944"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-5745"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455921"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5745"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-5745"
        }
      ],
      "published": "2026-04-07T16:16:32+00:00",
      "updated": "2026-05-03T15:15:58+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.3.3-7.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-5773",
      "ratings": [
        {
          "source": {
            "name": "nvd"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 6.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "low"
        }
      ],
      "cwes": [
        918
      ],
      "description": "libcurl might in some circumstances reuse the wrong connection for SMB(S)\ntransfers.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criteria must be met. Due to a logical\nerror in the code, a network transfer operation that was requested by an\napplication could wrongfully reuse an existing SMB connection to the same\nserver that was using a different 'share' than the new subsequent transfer\nshould.\n\nThis could in unlucky situations lead to the download of the wrong file or the\nupload of a file to the wrong place. When this happens, the same credentials\nare used and the server name is the same.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-5773"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2026/04/29/9"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-5773"
        },
        {
          "url": "https://curl.se/docs/CVE-2026-5773.html"
        },
        {
          "url": "https://curl.se/docs/CVE-2026-5773.json"
        },
        {
          "url": "https://hackerone.com/reports/3650689"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5773"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8227-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-5773"
        }
      ],
      "published": "2026-05-13T13:01:56+00:00",
      "updated": "2026-05-13T19:13:14+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "7.61.1-34.el8_10.11",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "7.61.1-34.el8_10.11",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-5928",
      "ratings": [
        {
          "source": {
            "name": "photon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:H"
        }
      ],
      "cwes": [
        127
      ],
      "description": "Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially resulting in unintentional disclosure of neighboring data in the heap, or a program crash.\n\nA bug in the wide character pushback implementation (_IO_wdefault_pbackfail in libio/wgenops.c) causes ungetwc() to operate on the regular character buffer (fp->_IO_read_ptr) instead of the actual wide-stream read pointer (fp->_wide_data->_IO_read_ptr). The program crash may happen in cases where fp->_IO_read_ptr is not initialized and hence points to NULL. The buffer under-read requires a special situation where the input character encoding is such that there are overlaps between single byte representations and multibyte representations in that encoding, resulting in spurious matches. The spurious match case is not possible in the standard Unicode character sets.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-5928"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-5928"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5928"
        },
        {
          "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33998"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-5928"
        }
      ],
      "published": "2026-04-20T21:16:36+00:00",
      "updated": "2026-04-23T15:33:43+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "2.28-251.el8_10.34",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "2.28-251.el8_10.34",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "2.28-251.el8_10.34",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-5958",
      "ratings": [
        {
          "source": {
            "name": "azure"
          },
          "severity": "low"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 6.3,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        367
      ],
      "description": "When sed is invoked with both -i (in-place edit) and --follow-symlinks, the function open_next_file() performs two separate, non-atomic filesystem operations on the same path: \n1. resolves symlink to its target and stores\u00a0the resolved path for determining when output is written,\n2. opens the original symlink path\u00a0(not the resolved one) to read the file. \nBetween these two calls there is a race window. If an attacker atomically replaces the symlink with a different target during that window, sed will: read content from the new (attacker-chosen) symlink target and write the processed result to the path recorded in step 1.\u00a0This can lead to arbitrary file overwrite with attacker-controlled content in the context of the sed process.\n\n\nThis issue was fixed in version 4.10.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-5958"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2026/05/13/1"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-5958"
        },
        {
          "url": "https://cert.pl/en/posts/2026/04/CVE-2026-5958"
        },
        {
          "url": "https://github.com/advisories/GHSA-9r7w-j29g-xqx8"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5958"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8229-1"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8229-2"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-5958"
        },
        {
          "url": "https://www.gnu.org/software/sed"
        },
        {
          "url": "https://www.gnu.org/software/sed/"
        }
      ],
      "published": "2026-04-20T12:16:08+00:00",
      "updated": "2026-05-19T15:17:37+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/sed@4.5-5.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "4.5-5.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/sed@4.5-5.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/sed@4.5-5.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/sed@4.5-5.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/sed@4.5-5.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/sed@4.5-5.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/sed@4.5-5.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/sed@4.5-5.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/sed@4.5-5.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/sed@4.5-5.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/sed@4.5-5.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/sed@4.5-5.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/sed@4.5-5.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/sed@4.5-5.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/sed@4.5-5.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/sed@4.5-5.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/sed@4.5-5.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/sed@4.5-5.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/sed@4.5-5.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/sed@4.5-5.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/sed@4.5-5.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/sed@4.5-5.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-6019",
      "ratings": [
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 6.1,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 6.8,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"
        }
      ],
      "cwes": [
        150,
        116
      ],
      "description": "http.cookies.Morsel.js_output() returns an inline <script> snippet and only escapes \" for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence </script> inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie value.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-6019"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-6019"
        },
        {
          "url": "https://github.com/python/cpython/commit/3c59b8b53fc75c7f9578d16fb8201ceb43e8f76c"
        },
        {
          "url": "https://github.com/python/cpython/commit/76b3923d688c0efc580658476c5f525ec8735104"
        },
        {
          "url": "https://github.com/python/cpython/commit/f795e042043dfe26c42e1971d4502c1cdc4c65b8"
        },
        {
          "url": "https://github.com/python/cpython/issues/90309"
        },
        {
          "url": "https://github.com/python/cpython/pull/148848"
        },
        {
          "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/IVNWGV2BBNC3RHQAFS22UP4DY56SAXX3/"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6019"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-6019"
        }
      ],
      "published": "2026-04-22T20:16:42+00:00",
      "updated": "2026-05-28T19:15:28+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.6.8-76.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.6.8-76.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-6253",
      "ratings": [
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 5.3,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        522
      ],
      "description": "curl might erroneously pass on credentials for a first proxy to a second\nproxy.\n\nThis can happen when the following conditions are true:\n\n1. curl is setup to use specific different proxies for different URL schemes\n2. the first proxy needs credentials\n3. the second proxy uses no credentials\n4. while using the first proxy (using say `http://`), curl is asked to follow\n   a redirect to a URL using another scheme (say `https://`), accessed using a\n   second, different, proxy",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-6253"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2026/04/29/11"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-6253"
        },
        {
          "url": "https://curl.se/docs/CVE-2026-6253.html"
        },
        {
          "url": "https://curl.se/docs/CVE-2026-6253.json"
        },
        {
          "url": "https://hackerone.com/reports/3669637"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6253"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8227-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-6253"
        }
      ],
      "published": "2026-05-13T13:01:56+00:00",
      "updated": "2026-05-14T13:40:53+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "7.61.1-34.el8_10.11",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "7.61.1-34.el8_10.11",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-6276",
      "ratings": [
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 3.7,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "low"
        }
      ],
      "cwes": [
        319
      ],
      "description": "Using libcurl, when a custom `Host:` header is first set for an HTTP request\nand a second request is subsequently done using the same *easy handle* but\nwithout the custom `Host:` header set, the second request would use stale\ninformation and pass on cookies meant for the first host in the second\nrequest. Leak them.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-6276"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2026/04/29/13"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-6276"
        },
        {
          "url": "https://curl.se/docs/CVE-2026-6276.html"
        },
        {
          "url": "https://curl.se/docs/CVE-2026-6276.json"
        },
        {
          "url": "https://hackerone.com/reports/3671818"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6276"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8227-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-6276"
        }
      ],
      "published": "2026-05-13T13:01:56+00:00",
      "updated": "2026-05-14T14:21:06+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "7.61.1-34.el8_10.11",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "7.61.1-34.el8_10.11",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-6429",
      "ratings": [
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 6.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, libcurl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-6429"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-6429"
        },
        {
          "url": "https://curl.se/docs/CVE-2026-6429.html"
        },
        {
          "url": "https://curl.se/docs/CVE-2026-6429.json"
        },
        {
          "url": "https://hackerone.com/reports/3677759"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6429"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8227-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-6429"
        }
      ],
      "published": "2026-05-13T13:01:56+00:00",
      "updated": "2026-05-14T14:18:02+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "7.61.1-34.el8_10.11",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "7.61.1-34.el8_10.11",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-6732",
      "ratings": [
        {
          "source": {
            "name": "nvd"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 6.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        }
      ],
      "cwes": [
        843
      ],
      "description": "A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that includes an internal entity reference. An attacker could exploit this by providing a malicious document, leading to a type confusion error that causes the application to crash. This results in a denial of service (DoS), making the affected system or application unavailable.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-6732"
        },
        {
          "url": "https://access.redhat.com/errata/RHSA-2026:11503"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-6732"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461300"
        },
        {
          "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/1097"
        },
        {
          "url": "https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/411"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6732"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-6732"
        }
      ],
      "published": "2026-04-23T23:16:16+00:00",
      "updated": "2026-05-15T14:36:35+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "2.9.7-21.el8_10.4",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.4?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-7168",
      "ratings": [
        {
          "source": {
            "name": "azure"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 5.3,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
        },
        {
          "source": {
            "name": "photon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 5.3,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        294
      ],
      "description": "Successfully using libcurl to do a transfer over a specific HTTP proxy\n(`proxyA`) with **Digest** authentication and then changing the proxy host to\na second one (`proxyB`) for a second transfer, reusing the same handle, makes\nlibcurl wrongly pass on the `Proxy-Authorization:` header field meant for\n`proxyA`, to `proxyB`.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-7168"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2026/04/29/14"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-7168"
        },
        {
          "url": "https://curl.se/docs/CVE-2026-7168.html"
        },
        {
          "url": "https://curl.se/docs/CVE-2026-7168.json"
        },
        {
          "url": "https://hackerone.com/reports/3697719"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7168"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8227-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-7168"
        }
      ],
      "published": "2026-05-13T13:01:57+00:00",
      "updated": "2026-05-14T14:12:48+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "7.61.1-34.el8_10.11",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "7.61.1-34.el8_10.11",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-7210",
      "ratings": [
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 9.8,
          "severity": "critical",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 5.3,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
        }
      ],
      "cwes": [
        331
      ],
      "description": "`xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\\r\\n\\r\\nFully mitigating this vulnerability requires both updating libexpat to 2.8.0 or later and applying this patch.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-7210"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2026/05/11/13"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2026/05/11/8"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-7210"
        },
        {
          "url": "https://github.com/python/cpython/issues/149018"
        },
        {
          "url": "https://github.com/python/cpython/pull/149023"
        },
        {
          "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/PNY5OMBDPM2FRUZTWFFPJ6LISWKV627K/"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7210"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-7210"
        }
      ],
      "published": "2026-05-11T18:16:42+00:00",
      "updated": "2026-06-01T14:32:20+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.6.8-76.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "3.6.8-76.el8_10",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/platform-python@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-9149",
      "ratings": [
        {
          "source": {
            "name": "amazon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 6.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 6.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
        }
      ],
      "cwes": [
        122
      ],
      "description": "A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file containing negative size values in the `repo_add_solv` function. This leads to an undersized memory allocation and a subsequent out-of-bounds write. An attacker could exploit this to cause a denial of service (DoS).",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-9149"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-9149"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460380"
        },
        {
          "url": "https://github.com/openSUSE/libsolv/pull/617"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9149"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9149"
        }
      ],
      "published": "2026-05-21T00:16:35+00:00",
      "updated": "2026-06-02T01:21:26+00:00",
      "affects": [
        {
          "ref": "pkg:rpm/redhat/libsolv@0.7.20-6.el8?arch=x86_64&distro=redhat-8.10",
          "versions": [
            {
              "version": "0.7.20-6.el8",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:rpm/redhat/libsolv@0.7.20-6.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:rpm/redhat/libsolv@0.7.20-6.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:rpm/redhat/libsolv@0.7.20-6.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:rpm/redhat/libsolv@0.7.20-6.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:rpm/redhat/libsolv@0.7.20-6.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:rpm/redhat/libsolv@0.7.20-6.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:rpm/redhat/libsolv@0.7.20-6.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:rpm/redhat/libsolv@0.7.20-6.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:rpm/redhat/libsolv@0.7.20-6.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:rpm/redhat/libsolv@0.7.20-6.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:rpm/redhat/libsolv@0.7.20-6.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:rpm/redhat/libsolv@0.7.20-6.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:rpm/redhat/libsolv@0.7.20-6.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:rpm/redhat/libsolv@0.7.20-6.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:rpm/redhat/libsolv@0.7.20-6.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:rpm/redhat/libsolv@0.7.20-6.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:rpm/redhat/libsolv@0.7.20-6.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:rpm/redhat/libsolv@0.7.20-6.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:rpm/redhat/libsolv@0.7.20-6.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:rpm/redhat/libsolv@0.7.20-6.el8?arch=x86_64&distro=redhat-8.10"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:rpm/redhat/libsolv@0.7.20-6.el8?arch=x86_64&distro=redhat-8.10"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "GHSA-72hv-8253-57qq",
      "source": {
        "name": "ghsa",
        "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven"
      },
      "ratings": [],
      "description": "### Summary\nThe non-blocking (async) JSON parser in `jackson-core` bypasses the `maxNumberLength` constraint (default: 1000 characters) defined in `StreamReadConstraints`. This allows an attacker to send JSON with arbitrarily long numbers through the async parser API, leading to excessive memory allocation and potential CPU exhaustion, resulting in a Denial of Service (DoS).\n\nThe standard synchronous parser correctly enforces this limit, but the async parser fails to do so, creating an inconsistent enforcement policy.\n\n### Details\nThe root cause is that the async parsing path in `NonBlockingUtf8JsonParserBase` (and related classes) does not call the methods responsible for number length validation.\n\n- The number parsing methods (e.g., `_finishNumberIntegralPart`) accumulate digits into the `TextBuffer` without any length checks.\n- After parsing, they call `_valueComplete()`, which finalizes the token but does **not** call `resetInt()` or `resetFloat()`.\n- The `resetInt()`/`resetFloat()` methods in `ParserBase` are where the `validateIntegerLength()` and `validateFPLength()` checks are performed.\n- Because this validation step is skipped, the `maxNumberLength` constraint is never enforced in the async code path.\n\n### PoC\nThe following JUnit 5 test demonstrates the vulnerability. It shows that the async parser accepts a 5,000-digit number, whereas the limit should be 1,000.\n\n```java\npackage tools.jackson.core.unittest.dos;\n\nimport java.nio.charset.StandardCharsets;\n\nimport org.junit.jupiter.api.Test;\n\nimport tools.jackson.core.*;\nimport tools.jackson.core.exc.StreamConstraintsException;\nimport tools.jackson.core.json.JsonFactory;\nimport tools.jackson.core.json.async.NonBlockingByteArrayJsonParser;\n\nimport static org.junit.jupiter.api.Assertions.*;\n\n/**\n * POC: Number Length Constraint Bypass in Non-Blocking (Async) JSON Parsers\n *\n * Authors: sprabhav7, rohan-repos\n * \n * maxNumberLength default = 1000 characters (digits).\n * A number with more than 1000 digits should be rejected by any parser.\n *\n * BUG: The async parser never calls resetInt()/resetFloat() which is where\n * validateIntegerLength()/validateFPLength() lives. Instead it calls\n * _valueComplete() which skips all number length validation.\n *\n * CWE-770: Allocation of Resources Without Limits or Throttling\n */\nclass AsyncParserNumberLengthBypassTest {\n\n    private static final int MAX_NUMBER_LENGTH = 1000;\n    private static final int TEST_NUMBER_LENGTH = 5000;\n\n    private final JsonFactory factory = new JsonFactory();\n\n    // CONTROL: Sync parser correctly rejects a number exceeding maxNumberLength\n    @Test\n    void syncParserRejectsLongNumber() throws Exception {\n        byte[] payload = buildPayloadWithLongInteger(TEST_NUMBER_LENGTH);\n\t\t\n\t\t// Output to console\n        System.out.println(\"[SYNC] Parsing \" + TEST_NUMBER_LENGTH + \"-digit number (limit: \" + MAX_NUMBER_LENGTH + \")\");\n        try {\n            try (JsonParser p = factory.createParser(ObjectReadContext.empty(), payload)) {\n                while (p.nextToken() != null) {\n                    if (p.currentToken() == JsonToken.VALUE_NUMBER_INT) {\n                        System.out.println(\"[SYNC] Accepted number with \" + p.getText().length() + \" digits \u2014 UNEXPECTED\");\n                    }\n                }\n            }\n            fail(\"Sync parser must reject a \" + TEST_NUMBER_LENGTH + \"-digit number\");\n        } catch (StreamConstraintsException e) {\n            System.out.println(\"[SYNC] Rejected with StreamConstraintsException: \" + e.getMessage());\n        }\n    }\n\n    // VULNERABILITY: Async parser accepts the SAME number that sync rejects\n    @Test\n    void asyncParserAcceptsLongNumber() throws Exception {\n        byte[] payload = buildPayloadWithLongInteger(TEST_NUMBER_LENGTH);\n\n        NonBlockingByteArrayJsonParser p =\n            (NonBlockingByteArrayJsonParser) factory.createNonBlockingByteArrayParser(ObjectReadContext.empty());\n        p.feedInput(payload, 0, payload.length);\n        p.endOfInput();\n\n        boolean foundNumber = false;\n        try {\n            while (p.nextToken() != null) {\n                if (p.currentToken() == JsonToken.VALUE_NUMBER_INT) {\n                    foundNumber = true;\n                    String numberText = p.getText();\n                    assertEquals(TEST_NUMBER_LENGTH, numberText.length(),\n                        \"Async parser silently accepted all \" + TEST_NUMBER_LENGTH + \" digits\");\n                }\n            }\n            // Output to console\n            System.out.println(\"[ASYNC INT] Accepted number with \" + TEST_NUMBER_LENGTH + \" digits \u2014 BUG CONFIRMED\");\n            assertTrue(foundNumber, \"Parser should have produced a VALUE_NUMBER_INT token\");\n        } catch (StreamConstraintsException e) {\n            fail(\"Bug is fixed \u2014 async parser now correctly rejects long numbers: \" + e.getMessage());\n        }\n        p.close();\n    }\n\n    private byte[] buildPayloadWithLongInteger(int numDigits) {\n        StringBuilder sb = new StringBuilder(numDigits + 10);\n        sb.append(\"{\\\"v\\\":\");\n        for (int i = 0; i < numDigits; i++) {\n            sb.append((char) ('1' + (i % 9)));\n        }\n        sb.append('}');\n        return sb.toString().getBytes(StandardCharsets.UTF_8);\n    }\n}\n\n```\n\n\n### Impact\nA malicious actor can send a JSON document with an arbitrarily long number to an application using the async parser (e.g., in a Spring WebFlux or other reactive application). This can cause:\n1.  **Memory Exhaustion:** Unbounded allocation of memory in the `TextBuffer` to store the number's digits, leading to an `OutOfMemoryError`.\n2.  **CPU Exhaustion:** If the application subsequently calls `getBigIntegerValue()` or `getDecimalValue()`, the JVM can be tied up in O(n^2) `BigInteger` parsing operations, leading to a CPU-based DoS.\n\n### Suggested Remediation\n\nThe async parsing path should be updated to respect the `maxNumberLength` constraint. The simplest fix appears to ensure that `_valueComplete()` or a similar method in the async path calls the appropriate validation methods (`resetInt()` or `resetFloat()`) already present in `ParserBase`, mirroring the behavior of the synchronous parsers.\n\n**NOTE:** This research was performed in collaboration with [rohan-repos](https://github.com/rohan-repos)",
      "recommendation": "Upgrade com.fasterxml.jackson.core:jackson-core to version 2.21.1, 2.18.6",
      "advisories": [
        {
          "url": "https://github.com/advisories/GHSA-72hv-8253-57qq"
        },
        {
          "url": "https://github.com/FasterXML/jackson-core"
        },
        {
          "url": "https://github.com/FasterXML/jackson-core/commit/b0c428e6f993e1b5ece5c1c3cb2523e887cd52cf"
        },
        {
          "url": "https://github.com/FasterXML/jackson-core/pull/1555"
        },
        {
          "url": "https://github.com/FasterXML/jackson-core/security/advisories/GHSA-72hv-8253-57qq"
        }
      ],
      "published": "2026-02-28T02:01:05+00:00",
      "updated": "2026-04-07T16:30:17+00:00",
      "affects": [
        {
          "ref": "pkg:maven/com.fasterxml.jackson.core/jackson-core@2.16.0",
          "versions": [
            {
              "version": "2.16.0",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#16639bcb-4ece-42f4-9fa2-5bb94e0e5507"
        },
        {
          "ref": "urn:cdx:1e0f3387-30a4-4592-94af-04ef480a8a27/1#pkg:maven/com.fasterxml.jackson.core/jackson-core@2.16.0"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#pkg:maven/com.fasterxml.jackson.core/jackson-core@2.16.0"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#210d5861-3246-47cd-9aa4-782aede770ab"
        },
        {
          "ref": "urn:cdx:da989cc3-20db-4ed6-ac93-b31bd87c7ff3/1#pkg:maven/com.fasterxml.jackson.core/jackson-core@2.16.0"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#7f6f6a54-e43c-4961-857d-543381653668"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/com.fasterxml.jackson.core/jackson-core@2.16.0"
        },
        {
          "ref": "urn:cdx:b3144944-978b-40c4-b130-dfbb479d3bd2/1#pkg:maven/com.fasterxml.jackson.core/jackson-core@2.16.0"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#pkg:maven/com.fasterxml.jackson.core/jackson-core@2.16.0"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#pkg:maven/com.fasterxml.jackson.core/jackson-core@2.16.0"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/com.fasterxml.jackson.core/jackson-core@2.16.0"
        },
        {
          "ref": "urn:cdx:4054bf22-6d54-48d8-bc9f-84b7b1397c4c/1#pkg:maven/com.fasterxml.jackson.core/jackson-core@2.16.0"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#5a8b53d7-a395-4dbe-957f-cab1c8674953"
        },
        {
          "ref": "urn:cdx:6ccc51ad-c268-4ad9-bf5a-2f2fec44b91c/1#pkg:maven/com.fasterxml.jackson.core/jackson-core@2.16.0"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/com.fasterxml.jackson.core/jackson-core@2.16.0"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#3d0bf201-5c16-4cf5-b11b-2f93e038e5e2"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#pkg:maven/com.fasterxml.jackson.core/jackson-core@2.16.0"
        },
        {
          "ref": "urn:cdx:81487979-8292-4128-b1be-19c3deaa68ea/1#pkg:maven/com.fasterxml.jackson.core/jackson-core@2.16.0"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#a43d2c5e-dc19-43f1-9725-5d426d7fe374"
        },
        {
          "ref": "urn:cdx:3379af7c-56f4-4d2e-97b8-0ff40c0dd8fb/1#pkg:maven/com.fasterxml.jackson.core/jackson-core@2.16.0"
        },
        {
          "ref": "urn:cdx:483c326c-ed2b-43a3-b20e-b6a5f256b1b4/1#pkg:maven/com.fasterxml.jackson.core/jackson-core@2.16.0"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#0a3b372c-0d9f-43ff-9a84-1328b895a5e9"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#2acf046f-8ade-44c0-a615-0cc85679cc65"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#104aa961-a54f-45b3-887f-5312ccfb75e6"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#0a18d438-57e3-4ff6-b517-658772aa7153"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:maven/com.fasterxml.jackson.core/jackson-core@2.16.0"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#0ddb040c-d3bc-46a7-8241-5ed5d7eefbfb"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#26504a08-abf9-4375-9134-8a8d6ccffdf9"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#dc48f22e-ae65-4586-a77c-57572f0b7903"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#107d8461-2881-4785-9743-717599606efd"
        },
        {
          "ref": "urn:cdx:c1766b22-2b49-4554-aaaa-631269266d7d/1#pkg:maven/com.fasterxml.jackson.core/jackson-core@2.16.0"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#2388425f-135f-4e18-bb5c-7d5edb0e778b"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#01c33c0d-1ec7-44a3-ac0e-8b3ccd4f3469"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#09224466-b344-450e-bd35-464eecfd8353"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#22abe139-1b19-406a-a729-3fa38b81bbb9"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#0a1374be-c271-4794-9890-fb936434d59f"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#0083ff31-0fef-4dd3-a928-bba95d695508"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:maven/com.fasterxml.jackson.core/jackson-core@2.16.0"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#0e949467-3175-4846-97c6-76793f09e226"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": "This issue is not exploitable in the context of Confluent Platform. The async parser is not used in Confluent Platform components. "
      }
    },
    {
      "id": "CVE-2024-6763",
      "source": {
        "name": "ghsa",
        "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven"
      },
      "ratings": [
        {
          "source": {
            "name": "ghsa"
          },
          "score": 3.7,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 5.3,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 3.7,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        1286
      ],
      "description": "Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing.\n\nThe HttpURI class does insufficient validation on the authority segment of a URI.  However the behaviour of HttpURI\n differs from the common browsers in how it handles a URI that would be \nconsidered invalid if fully validated against the RRC.  Specifically HttpURI\n and the browser may differ on the value of the host extracted from an \ninvalid URI and thus a combination of Jetty and a vulnerable browser may\n be vulnerable to a open redirect attack or to a SSRF attack if the URI \nis used after passing validation checks.",
      "recommendation": "Upgrade org.eclipse.jetty:jetty-http to version 12.0.12",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2024-6763"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2024-6763"
        },
        {
          "url": "https://github.com/jetty/jetty.project"
        },
        {
          "url": "https://github.com/jetty/jetty.project/pull/12012"
        },
        {
          "url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-qh8g-58pp-2wxh"
        },
        {
          "url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/25"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6763"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20250306-0005"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20250306-0005/"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-6763"
        }
      ],
      "published": "2024-10-14T16:15:04+00:00",
      "updated": "2025-07-10T15:04:04+00:00",
      "affects": [
        {
          "ref": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.59",
          "versions": [
            {
              "version": "9.4.59",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.59",
          "versions": [
            {
              "version": "9.4.59",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.60",
          "versions": [
            {
              "version": "9.4.60",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#804d0a74-4abc-449f-8e42-d9fce0200791"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#804d0a74-4abc-449f-8e42-d9fce0200791"
        },
        {
          "ref": "urn:cdx:1e0f3387-30a4-4592-94af-04ef480a8a27/1#pkg:maven/org.eclipse.jetty/jetty-http@9.4.59"
        },
        {
          "ref": "urn:cdx:1e0f3387-30a4-4592-94af-04ef480a8a27/1#pkg:maven/org.eclipse.jetty/jetty-http@9.4.59"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#pkg:maven/org.eclipse.jetty/jetty-http@9.4.59"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#pkg:maven/org.eclipse.jetty/jetty-http@9.4.59"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#pkg:maven/org.eclipse.jetty/jetty-http@9.4.60"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#pkg:maven/org.eclipse.jetty/jetty-http@9.4.59"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#pkg:maven/org.eclipse.jetty/jetty-http@9.4.59"
        },
        {
          "ref": "urn:cdx:79822606-80bb-4b4a-b189-2083c09a8497/1#pkg:maven/org.eclipse.jetty/jetty-http@9.4.60"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#4505d5fd-5091-40f5-bc0b-c5c0a5f7ba39"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#4505d5fd-5091-40f5-bc0b-c5c0a5f7ba39"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/org.eclipse.jetty/jetty-http@9.4.59"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/org.eclipse.jetty/jetty-http@9.4.59"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#pkg:maven/org.eclipse.jetty/jetty-http@9.4.59"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#pkg:maven/org.eclipse.jetty/jetty-http@9.4.59"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/org.eclipse.jetty/jetty-http@9.4.59"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/org.eclipse.jetty/jetty-http@9.4.59"
        },
        {
          "ref": "urn:cdx:4054bf22-6d54-48d8-bc9f-84b7b1397c4c/1#pkg:maven/org.eclipse.jetty/jetty-http@9.4.59"
        },
        {
          "ref": "urn:cdx:4054bf22-6d54-48d8-bc9f-84b7b1397c4c/1#pkg:maven/org.eclipse.jetty/jetty-http@9.4.59"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/org.eclipse.jetty/jetty-http@9.4.59"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/org.eclipse.jetty/jetty-http@9.4.59"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#1519b4fb-f2a4-460b-a028-791a57b6c480"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#1519b4fb-f2a4-460b-a028-791a57b6c480"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#pkg:maven/org.eclipse.jetty/jetty-http@9.4.59"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#pkg:maven/org.eclipse.jetty/jetty-http@9.4.59"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:maven/org.eclipse.jetty/jetty-http@9.4.59"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:maven/org.eclipse.jetty/jetty-http@9.4.59"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:maven/org.eclipse.jetty/jetty-http@9.4.60"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#54c8c814-a8ea-4c59-b364-2f5d10dd70a7"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#54c8c814-a8ea-4c59-b364-2f5d10dd70a7"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:maven/org.eclipse.jetty/jetty-http@9.4.59"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:maven/org.eclipse.jetty/jetty-http@9.4.59"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:maven/org.eclipse.jetty/jetty-http@9.4.60"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#0f1c42ce-7899-40b2-9159-0036b87a2c8d"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#0f1c42ce-7899-40b2-9159-0036b87a2c8d"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#259c4ca6-2ec2-4b75-bb6a-cc285acbfbe8"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#259c4ca6-2ec2-4b75-bb6a-cc285acbfbe8"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:maven/org.eclipse.jetty/jetty-http@9.4.60"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#1254ddac-7013-4225-914f-532d47abcca5"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#1254ddac-7013-4225-914f-532d47abcca5"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:maven/org.eclipse.jetty/jetty-http@9.4.60"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#aff99d82-3727-441a-9935-73d56a75281a"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#aff99d82-3727-441a-9935-73d56a75281a"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:maven/org.eclipse.jetty/jetty-http@9.4.60"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:maven/org.eclipse.jetty/jetty-http@9.4.59"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:maven/org.eclipse.jetty/jetty-http@9.4.59"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#15992307-0d00-49fe-bc19-7b518d7cb3c7"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#15992307-0d00-49fe-bc19-7b518d7cb3c7"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:maven/org.eclipse.jetty/jetty-http@9.4.59"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:maven/org.eclipse.jetty/jetty-http@9.4.59"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#0075a360-43ce-4bde-b963-c0aeea9ee473"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#0075a360-43ce-4bde-b963-c0aeea9ee473"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#01b85791-353a-430d-ba9b-8ca366b6439f"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#01b85791-353a-430d-ba9b-8ca366b6439f"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#01c39187-7edb-49d2-8109-907428cea87d"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#01c39187-7edb-49d2-8109-907428cea87d"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#174e81fd-d5a8-4210-837b-64ec7e5df54d"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#174e81fd-d5a8-4210-837b-64ec7e5df54d"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#172ac75b-fb5e-4d1e-9197-31a5a6bec05d"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#172ac75b-fb5e-4d1e-9197-31a5a6bec05d"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:maven/org.eclipse.jetty/jetty-http@9.4.60"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#29bb3dcf-2e86-42ba-aab4-e67a6a81b06e"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#29bb3dcf-2e86-42ba-aab4-e67a6a81b06e"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": "This vulnerability is not exploitable in the context of Confluent Platform as URIs are not used to pass sensitive information. "
      }
    },
    {
      "id": "CVE-2025-67030",
      "source": {
        "name": "ghsa",
        "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven"
      },
      "ratings": [
        {
          "source": {
            "name": "amazon"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "azure"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "cbl-mariner"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "ghsa"
          },
          "severity": "high"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 8.8,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 8.3,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L"
        }
      ],
      "cwes": [
        22
      ],
      "description": "Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbitrary code",
      "recommendation": "Upgrade org.codehaus.plexus:plexus-utils to version 4.0.3, 3.6.1",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2025-67030"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2025-67030"
        },
        {
          "url": "https://gist.github.com/weaver4VD/3216dac645220f8c9b488362f61241ec"
        },
        {
          "url": "https://github.com/codehaus-plexus/plexus-utils"
        },
        {
          "url": "https://github.com/codehaus-plexus/plexus-utils/commit/6d780b3378829318ba5c2d29547e0012d5b29642"
        },
        {
          "url": "https://github.com/codehaus-plexus/plexus-utils/issues/294"
        },
        {
          "url": "https://github.com/codehaus-plexus/plexus-utils/pull/295"
        },
        {
          "url": "https://github.com/codehaus-plexus/plexus-utils/pull/296"
        },
        {
          "url": "https://github.com/codehaus-plexus/plexus-utils/releases/tag/plexus-utils-4.0.3"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67030"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-67030"
        }
      ],
      "published": "2026-03-25T18:16:25+00:00",
      "updated": "2026-05-01T17:12:22+00:00",
      "affects": [
        {
          "ref": "pkg:maven/org.codehaus.plexus/plexus-utils@3.3.1",
          "versions": [
            {
              "version": "3.3.1",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/org.codehaus.plexus/plexus-utils@3.3.1",
          "versions": [
            {
              "version": "3.3.1",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#14d3460c-3187-4754-8896-39d6c34a167b"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#14d3460c-3187-4754-8896-39d6c34a167b"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.3.1"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.3.1"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#574eb941-8486-4d48-83bf-aed1dbc9627c"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#574eb941-8486-4d48-83bf-aed1dbc9627c"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#c85f20ea-0833-4c76-aa1f-98f3369ec850"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#c85f20ea-0833-4c76-aa1f-98f3369ec850"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.3.1"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.3.1"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#0b67c4cb-ef7a-48cc-80fe-e8294fb3eb70"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#0b67c4cb-ef7a-48cc-80fe-e8294fb3eb70"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.3.1"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.3.1"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#db5f42c7-bb68-4186-9213-6cb9c8ac8c8d"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#db5f42c7-bb68-4186-9213-6cb9c8ac8c8d"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#11d97aa2-b06a-47a0-8fe6-7530c414a016"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#11d97aa2-b06a-47a0-8fe6-7530c414a016"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#0391d91d-ba83-42c4-b537-9a9bb6bd8287"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#0391d91d-ba83-42c4-b537-9a9bb6bd8287"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#e2300910-9a6c-4107-a2e6-57aac6afd0e4"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#e2300910-9a6c-4107-a2e6-57aac6afd0e4"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#13f8f63b-b256-4737-98cb-80efd0880a25"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#13f8f63b-b256-4737-98cb-80efd0880a25"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#29bdb618-c433-4f39-97bf-acd6e5eae301"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#29bdb618-c433-4f39-97bf-acd6e5eae301"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.3.1"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.3.1"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#00c4f52d-e573-43ef-a179-b49c8b1146a3"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#00c4f52d-e573-43ef-a179-b49c8b1146a3"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#5c9d1d02-ada8-42b4-9ea6-aaf7c239f5e6"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#5c9d1d02-ada8-42b4-9ea6-aaf7c239f5e6"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#10111072-d322-4fd1-9e83-5c21336749b7"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#10111072-d322-4fd1-9e83-5c21336749b7"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#40888869-5657-4c5b-bf56-71ddf5148186"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#40888869-5657-4c5b-bf56-71ddf5148186"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#0705d660-5845-42b5-8ce2-3fd142d0497a"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#0705d660-5845-42b5-8ce2-3fd142d0497a"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#37f35176-ac78-4505-818d-5ac8aa5849ff"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#37f35176-ac78-4505-818d-5ac8aa5849ff"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-2332",
      "source": {
        "name": "ghsa",
        "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven"
      },
      "ratings": [
        {
          "source": {
            "name": "ghsa"
          },
          "score": 7.4,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 9.1,
          "severity": "critical",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 7.4,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
        }
      ],
      "cwes": [
        444
      ],
      "description": "In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the \"funky chunks\" techniques outlined here:\n  *  https://w4ke.info/2025/06/18/funky-chunks.html\n\n  *  https://w4ke.info/2025/10/29/funky-chunks-2.html\n\n\nJetty terminates chunk extension parsing at\u00a0\\r\\n\u00a0inside quoted strings instead of treating this as an error.\n\n\nPOST / HTTP/1.1\nHost: localhost\nTransfer-Encoding: chunked\n\n1;ext=\"val\nX\n0\n\nGET /smuggled HTTP/1.1\n...\n\n\n\n\n\nNote how the chunk extension does not close the double quotes, and it is able to inject a smuggled request.",
      "recommendation": "Upgrade org.eclipse.jetty:jetty-http to version 12.1.7, 12.0.33",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-2332"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-2332"
        },
        {
          "url": "https://github.com/jetty/jetty.project"
        },
        {
          "url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-355h-qmc2-wpwf"
        },
        {
          "url": "https://gitlab.eclipse.org/security/cve-assignment/-/issues/89"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2332"
        },
        {
          "url": "https://w4ke.info/2025/06/18/funky-chunks.html"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-2332"
        }
      ],
      "published": "2026-04-14T12:16:21+00:00",
      "updated": "2026-05-01T13:31:00+00:00",
      "affects": [
        {
          "ref": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.59",
          "versions": [
            {
              "version": "9.4.59",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.59",
          "versions": [
            {
              "version": "9.4.59",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#804d0a74-4abc-449f-8e42-d9fce0200791"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#804d0a74-4abc-449f-8e42-d9fce0200791"
        },
        {
          "ref": "urn:cdx:1e0f3387-30a4-4592-94af-04ef480a8a27/1#pkg:maven/org.eclipse.jetty/jetty-http@9.4.59"
        },
        {
          "ref": "urn:cdx:1e0f3387-30a4-4592-94af-04ef480a8a27/1#pkg:maven/org.eclipse.jetty/jetty-http@9.4.59"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#pkg:maven/org.eclipse.jetty/jetty-http@9.4.59"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#pkg:maven/org.eclipse.jetty/jetty-http@9.4.59"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#pkg:maven/org.eclipse.jetty/jetty-http@9.4.59"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#pkg:maven/org.eclipse.jetty/jetty-http@9.4.59"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#4505d5fd-5091-40f5-bc0b-c5c0a5f7ba39"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#4505d5fd-5091-40f5-bc0b-c5c0a5f7ba39"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/org.eclipse.jetty/jetty-http@9.4.59"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/org.eclipse.jetty/jetty-http@9.4.59"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#pkg:maven/org.eclipse.jetty/jetty-http@9.4.59"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#pkg:maven/org.eclipse.jetty/jetty-http@9.4.59"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/org.eclipse.jetty/jetty-http@9.4.59"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/org.eclipse.jetty/jetty-http@9.4.59"
        },
        {
          "ref": "urn:cdx:4054bf22-6d54-48d8-bc9f-84b7b1397c4c/1#pkg:maven/org.eclipse.jetty/jetty-http@9.4.59"
        },
        {
          "ref": "urn:cdx:4054bf22-6d54-48d8-bc9f-84b7b1397c4c/1#pkg:maven/org.eclipse.jetty/jetty-http@9.4.59"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/org.eclipse.jetty/jetty-http@9.4.59"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/org.eclipse.jetty/jetty-http@9.4.59"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#1519b4fb-f2a4-460b-a028-791a57b6c480"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#1519b4fb-f2a4-460b-a028-791a57b6c480"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#pkg:maven/org.eclipse.jetty/jetty-http@9.4.59"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#pkg:maven/org.eclipse.jetty/jetty-http@9.4.59"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:maven/org.eclipse.jetty/jetty-http@9.4.59"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:maven/org.eclipse.jetty/jetty-http@9.4.59"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#54c8c814-a8ea-4c59-b364-2f5d10dd70a7"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#54c8c814-a8ea-4c59-b364-2f5d10dd70a7"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:maven/org.eclipse.jetty/jetty-http@9.4.59"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:maven/org.eclipse.jetty/jetty-http@9.4.59"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#0f1c42ce-7899-40b2-9159-0036b87a2c8d"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#0f1c42ce-7899-40b2-9159-0036b87a2c8d"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#259c4ca6-2ec2-4b75-bb6a-cc285acbfbe8"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#259c4ca6-2ec2-4b75-bb6a-cc285acbfbe8"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#1254ddac-7013-4225-914f-532d47abcca5"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#1254ddac-7013-4225-914f-532d47abcca5"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#aff99d82-3727-441a-9935-73d56a75281a"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#aff99d82-3727-441a-9935-73d56a75281a"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:maven/org.eclipse.jetty/jetty-http@9.4.59"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:maven/org.eclipse.jetty/jetty-http@9.4.59"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#15992307-0d00-49fe-bc19-7b518d7cb3c7"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#15992307-0d00-49fe-bc19-7b518d7cb3c7"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:maven/org.eclipse.jetty/jetty-http@9.4.59"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:maven/org.eclipse.jetty/jetty-http@9.4.59"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#0075a360-43ce-4bde-b963-c0aeea9ee473"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#0075a360-43ce-4bde-b963-c0aeea9ee473"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#01b85791-353a-430d-ba9b-8ca366b6439f"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#01b85791-353a-430d-ba9b-8ca366b6439f"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#01c39187-7edb-49d2-8109-907428cea87d"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#01c39187-7edb-49d2-8109-907428cea87d"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#174e81fd-d5a8-4210-837b-64ec7e5df54d"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#174e81fd-d5a8-4210-837b-64ec7e5df54d"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#172ac75b-fb5e-4d1e-9197-31a5a6bec05d"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#172ac75b-fb5e-4d1e-9197-31a5a6bec05d"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#29bb3dcf-2e86-42ba-aab4-e67a6a81b06e"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#29bb3dcf-2e86-42ba-aab4-e67a6a81b06e"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "protected_at_runtime",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-33870",
      "source": {
        "name": "ghsa",
        "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven"
      },
      "ratings": [
        {
          "source": {
            "name": "ghsa"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
        }
      ],
      "cwes": [
        444
      ],
      "description": "Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling attacks. Versions 4.1.132.Final and 4.2.10.Final fix the issue.",
      "recommendation": "Upgrade io.netty:netty-codec-http to version 4.1.132.Final, 4.2.10.Final",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-33870"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-33870"
        },
        {
          "url": "https://github.com/netty/netty"
        },
        {
          "url": "https://github.com/netty/netty/security/advisories/GHSA-pwqr-wmgm-9rr8"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33870"
        },
        {
          "url": "https://w4ke.info/2025/06/18/funky-chunks.html"
        },
        {
          "url": "https://w4ke.info/2025/10/29/funky-chunks-2.html"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33870"
        },
        {
          "url": "https://www.rfc-editor.org/rfc/rfc9110"
        }
      ],
      "published": "2026-03-27T20:16:34+00:00",
      "updated": "2026-03-30T20:12:16+00:00",
      "affects": [
        {
          "ref": "pkg:maven/io.netty/netty-codec-http@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/io.netty/netty-codec-http@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/io.netty/netty-codec-http@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/io.netty/netty-codec-http@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#07fb334d-8d42-4e2e-8551-d7eedc2b1a5f"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#07fb334d-8d42-4e2e-8551-d7eedc2b1a5f"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#07fb334d-8d42-4e2e-8551-d7eedc2b1a5f"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#07fb334d-8d42-4e2e-8551-d7eedc2b1a5f"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#015a204e-09f7-4a9a-ba31-f2f4f96995c5"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#015a204e-09f7-4a9a-ba31-f2f4f96995c5"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#015a204e-09f7-4a9a-ba31-f2f4f96995c5"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#015a204e-09f7-4a9a-ba31-f2f4f96995c5"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#85f9a56f-17a3-46e2-83ea-3c10345cd474"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#85f9a56f-17a3-46e2-83ea-3c10345cd474"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#85f9a56f-17a3-46e2-83ea-3c10345cd474"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#85f9a56f-17a3-46e2-83ea-3c10345cd474"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#06675169-7b62-4db0-a1bf-6d8001bb55b0"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#06675169-7b62-4db0-a1bf-6d8001bb55b0"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#06675169-7b62-4db0-a1bf-6d8001bb55b0"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#06675169-7b62-4db0-a1bf-6d8001bb55b0"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#14352f67-e4d3-485a-ac71-9c27d310fee7"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#14352f67-e4d3-485a-ac71-9c27d310fee7"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#14352f67-e4d3-485a-ac71-9c27d310fee7"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#14352f67-e4d3-485a-ac71-9c27d310fee7"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#3f0e56f3-6fc9-411c-9230-668be07ab2b9"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#3f0e56f3-6fc9-411c-9230-668be07ab2b9"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#3f0e56f3-6fc9-411c-9230-668be07ab2b9"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#3f0e56f3-6fc9-411c-9230-668be07ab2b9"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#86695446-aa37-423b-8017-b6982c44c9e8"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#86695446-aa37-423b-8017-b6982c44c9e8"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#86695446-aa37-423b-8017-b6982c44c9e8"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#86695446-aa37-423b-8017-b6982c44c9e8"
        },
        {
          "ref": "urn:cdx:81487979-8292-4128-b1be-19c3deaa68ea/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:81487979-8292-4128-b1be-19c3deaa68ea/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:81487979-8292-4128-b1be-19c3deaa68ea/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:81487979-8292-4128-b1be-19c3deaa68ea/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#013bdf41-15f8-4f1e-aa06-1db5125f9108"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#013bdf41-15f8-4f1e-aa06-1db5125f9108"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#013bdf41-15f8-4f1e-aa06-1db5125f9108"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#013bdf41-15f8-4f1e-aa06-1db5125f9108"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#3f7583db-9dbb-4ed8-85b1-b4e161be5bb9"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#3f7583db-9dbb-4ed8-85b1-b4e161be5bb9"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#3f7583db-9dbb-4ed8-85b1-b4e161be5bb9"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#3f7583db-9dbb-4ed8-85b1-b4e161be5bb9"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#0216dbe4-5296-47cf-b676-233a32632e4b"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#0216dbe4-5296-47cf-b676-233a32632e4b"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#0216dbe4-5296-47cf-b676-233a32632e4b"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#0216dbe4-5296-47cf-b676-233a32632e4b"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#07a48415-52c4-49a5-878c-5c6d1546a0fc"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#07a48415-52c4-49a5-878c-5c6d1546a0fc"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#07a48415-52c4-49a5-878c-5c6d1546a0fc"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#07a48415-52c4-49a5-878c-5c6d1546a0fc"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#11a19200-2523-4fc5-a1b0-054cfa6a319a"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#11a19200-2523-4fc5-a1b0-054cfa6a319a"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#11a19200-2523-4fc5-a1b0-054cfa6a319a"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#11a19200-2523-4fc5-a1b0-054cfa6a319a"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#040e80d0-4c80-43f6-9a75-f023a4ba43c0"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#040e80d0-4c80-43f6-9a75-f023a4ba43c0"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#040e80d0-4c80-43f6-9a75-f023a4ba43c0"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#040e80d0-4c80-43f6-9a75-f023a4ba43c0"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#343818bc-518c-4992-9866-987e117f238e"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#343818bc-518c-4992-9866-987e117f238e"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#343818bc-518c-4992-9866-987e117f238e"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#343818bc-518c-4992-9866-987e117f238e"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#2a4f4228-1ba6-493d-9432-5ad99288e4c2"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#2a4f4228-1ba6-493d-9432-5ad99288e4c2"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#2a4f4228-1ba6-493d-9432-5ad99288e4c2"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#2a4f4228-1ba6-493d-9432-5ad99288e4c2"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#019615f8-71c9-48a5-8867-5e30ec424502"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#019615f8-71c9-48a5-8867-5e30ec424502"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#019615f8-71c9-48a5-8867-5e30ec424502"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#019615f8-71c9-48a5-8867-5e30ec424502"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#33f73744-5e1c-4679-8c47-d9b0b1ce5ea6"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#33f73744-5e1c-4679-8c47-d9b0b1ce5ea6"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#33f73744-5e1c-4679-8c47-d9b0b1ce5ea6"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#33f73744-5e1c-4679-8c47-d9b0b1ce5ea6"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#05526441-bc12-4bf2-b028-43e31b6ede98"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#05526441-bc12-4bf2-b028-43e31b6ede98"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#05526441-bc12-4bf2-b028-43e31b6ede98"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#05526441-bc12-4bf2-b028-43e31b6ede98"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#236cf401-7194-4015-9284-c9e8541a3c1f"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#236cf401-7194-4015-9284-c9e8541a3c1f"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#236cf401-7194-4015-9284-c9e8541a3c1f"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#236cf401-7194-4015-9284-c9e8541a3c1f"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#0a83600b-9ede-4fd2-8039-f7bf87316ae2"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#0a83600b-9ede-4fd2-8039-f7bf87316ae2"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#0a83600b-9ede-4fd2-8039-f7bf87316ae2"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#0a83600b-9ede-4fd2-8039-f7bf87316ae2"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#128875d4-4aed-44a0-95ad-230ea738c0e8"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#128875d4-4aed-44a0-95ad-230ea738c0e8"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#128875d4-4aed-44a0-95ad-230ea738c0e8"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#128875d4-4aed-44a0-95ad-230ea738c0e8"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#059e35c4-67e8-492f-a20c-24dce3f85154"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#059e35c4-67e8-492f-a20c-24dce3f85154"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#059e35c4-67e8-492f-a20c-24dce3f85154"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#059e35c4-67e8-492f-a20c-24dce3f85154"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "protected_at_runtime",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-33871",
      "source": {
        "name": "ghsa",
        "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven"
      },
      "ratings": [
        {
          "source": {
            "name": "nvd"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        }
      ],
      "cwes": [
        770
      ],
      "description": "Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, a remote user can trigger a Denial of Service (DoS) against a Netty HTTP/2 server by sending a flood of `CONTINUATION` frames. The server's lack of a limit on the number of `CONTINUATION` frames, combined with a bypass of existing size-based mitigations using zero-byte frames, allows an user to cause excessive CPU consumption with minimal bandwidth, rendering the server unresponsive. Versions 4.1.132.Final and 4.2.10.Final fix the issue.",
      "recommendation": "Upgrade io.netty:netty-codec-http2 to version 4.1.132.Final, 4.2.11.Final",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-33871"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-33871"
        },
        {
          "url": "https://github.com/netty/netty"
        },
        {
          "url": "https://github.com/netty/netty/security/advisories/GHSA-w9fj-cfpg-grvv"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33871"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33871"
        }
      ],
      "published": "2026-03-27T20:16:34+00:00",
      "updated": "2026-03-30T20:10:17+00:00",
      "affects": [
        {
          "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#08eba2d0-aae6-47ba-836d-7955f93b19bf"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#08eba2d0-aae6-47ba-836d-7955f93b19bf"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#11be54c0-fc3a-4fdc-90e9-4f23af49b73e"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#11be54c0-fc3a-4fdc-90e9-4f23af49b73e"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#3574b7ee-6c84-48d3-8096-a3e4c1096384"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#3574b7ee-6c84-48d3-8096-a3e4c1096384"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#6198a049-3ef0-45cb-9527-93c725ffe2dd"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#6198a049-3ef0-45cb-9527-93c725ffe2dd"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#41831416-4600-4935-aee3-85dda742a4f6"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#41831416-4600-4935-aee3-85dda742a4f6"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#0175589c-f266-4c58-a669-b8b78b8e4d4d"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#0175589c-f266-4c58-a669-b8b78b8e4d4d"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#2217680e-2dbb-40be-9aa7-b00d252b762d"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#2217680e-2dbb-40be-9aa7-b00d252b762d"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#09ef7d54-1c35-422e-9a41-07084d7a94d1"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#09ef7d54-1c35-422e-9a41-07084d7a94d1"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#38e8fef7-95e9-4a8f-b600-a2358c0f945d"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#38e8fef7-95e9-4a8f-b600-a2358c0f945d"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#4df4d70b-85a8-49a2-9ce6-bcda9a7cd517"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#4df4d70b-85a8-49a2-9ce6-bcda9a7cd517"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#076d908a-559a-49ac-a6cc-562452bc7f24"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#076d908a-559a-49ac-a6cc-562452bc7f24"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#1f3c2294-3455-410a-81bb-f01a20cf3a00"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#1f3c2294-3455-410a-81bb-f01a20cf3a00"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#1b86bdf3-cf10-44eb-93c7-ebc49f5a1638"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#1b86bdf3-cf10-44eb-93c7-ebc49f5a1638"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#047b063c-8542-41ef-96d7-8c44a48f3048"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#047b063c-8542-41ef-96d7-8c44a48f3048"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#460774ee-0233-4bd2-b70e-104fe72b8cb4"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#460774ee-0233-4bd2-b70e-104fe72b8cb4"
        }
      ],
      "analysis": {
        "state": "in_triage",
        "justification": "",
        "response": [],
        "detail": "This CVE is under investigation by Confluent."
      }
    },
    {
      "id": "CVE-2026-40490",
      "source": {
        "name": "ghsa",
        "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven"
      },
      "ratings": [
        {
          "source": {
            "name": "ghsa"
          },
          "score": 6.8,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 6.8,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"
        }
      ],
      "cwes": [
        200
      ],
      "description": "The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When redirect following is enabled (followRedirect(true)), versions of AsyncHttpClient prior to 3.0.9 and 2.14.5 forward Authorization and Proxy-Authorization headers along with Realm credentials to arbitrary redirect targets regardless of domain, scheme, or port changes. This leaks credentials on cross-domain redirects and HTTPS-to-HTTP downgrades. Additionally, even when stripAuthorizationOnRedirect is set to true, the Realm object containing plaintext credentials is still propagated to the redirect request, causing credential re-generation for Basic and Digest authentication schemes via NettyRequestFactory. An attacker who controls a redirect target (via open redirect, DNS rebinding, or MITM on HTTP) can capture Bearer tokens, Basic auth credentials, or any other Authorization header value. The fix in versions 3.0.9 and 2.14.5 automatically strips Authorization and Proxy-Authorization headers and clears Realm credentials whenever a redirect crosses origin boundaries (different scheme, host, or port) or downgrades from HTTPS to HTTP. For users unable to upgrade, set `(stripAuthorizationOnRedirect(true))` in the client config and avoid using Realm-based authentication with redirect following enabled. Note that `(stripAuthorizationOnRedirect(true))` alone is insufficient on versions prior to 3.0.9 and 2.14.5 because the Realm bypass still re-generates credentials. Alternatively, disable redirect following (`followRedirect(false)`) and handle redirects manually with origin validation.",
      "recommendation": "Upgrade org.asynchttpclient:async-http-client to version 3.0.9, 2.14.5",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-40490"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-40490"
        },
        {
          "url": "https://github.com/AsyncHttpClient/async-http-client"
        },
        {
          "url": "https://github.com/AsyncHttpClient/async-http-client/commit/6b2fbb7f8"
        },
        {
          "url": "https://github.com/AsyncHttpClient/async-http-client/commit/ae557ad35246721c09dafb2976609cd0004e78ae"
        },
        {
          "url": "https://github.com/AsyncHttpClient/async-http-client/releases/tag/async-http-client-project-2.14.5"
        },
        {
          "url": "https://github.com/AsyncHttpClient/async-http-client/releases/tag/async-http-client-project-3.0.9"
        },
        {
          "url": "https://github.com/AsyncHttpClient/async-http-client/security/advisories/GHSA-cmxv-58fp-fm3g"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40490"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-40490"
        }
      ],
      "published": "2026-04-18T02:16:11+00:00",
      "updated": "2026-04-20T18:59:16+00:00",
      "affects": [
        {
          "ref": "pkg:maven/org.asynchttpclient/async-http-client@2.12.4",
          "versions": [
            {
              "version": "2.12.4",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/org.asynchttpclient/async-http-client@2.12.4",
          "versions": [
            {
              "version": "2.12.4",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/org.asynchttpclient/async-http-client@2.12.4",
          "versions": [
            {
              "version": "2.12.4",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#3851ee3b-134a-4505-b19a-674de674bf81"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#3851ee3b-134a-4505-b19a-674de674bf81"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#3851ee3b-134a-4505-b19a-674de674bf81"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#pkg:maven/org.asynchttpclient/async-http-client@2.12.4"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#pkg:maven/org.asynchttpclient/async-http-client@2.12.4"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#pkg:maven/org.asynchttpclient/async-http-client@2.12.4"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#92d697d6-4906-4665-abe0-bda1413d3556"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#92d697d6-4906-4665-abe0-bda1413d3556"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#92d697d6-4906-4665-abe0-bda1413d3556"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#75416367-6040-4e5b-aa99-97f12c98844a"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#75416367-6040-4e5b-aa99-97f12c98844a"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#75416367-6040-4e5b-aa99-97f12c98844a"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#pkg:maven/org.asynchttpclient/async-http-client@2.12.4"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#pkg:maven/org.asynchttpclient/async-http-client@2.12.4"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#pkg:maven/org.asynchttpclient/async-http-client@2.12.4"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#pkg:maven/org.asynchttpclient/async-http-client@2.12.4"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#pkg:maven/org.asynchttpclient/async-http-client@2.12.4"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#pkg:maven/org.asynchttpclient/async-http-client@2.12.4"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#44f7f14b-4f97-4b34-8c55-1e87e77ca8d8"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#44f7f14b-4f97-4b34-8c55-1e87e77ca8d8"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#44f7f14b-4f97-4b34-8c55-1e87e77ca8d8"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#pkg:maven/org.asynchttpclient/async-http-client@2.12.4"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#pkg:maven/org.asynchttpclient/async-http-client@2.12.4"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#pkg:maven/org.asynchttpclient/async-http-client@2.12.4"
        },
        {
          "ref": "urn:cdx:81487979-8292-4128-b1be-19c3deaa68ea/1#pkg:maven/org.asynchttpclient/async-http-client@2.12.4"
        },
        {
          "ref": "urn:cdx:81487979-8292-4128-b1be-19c3deaa68ea/1#pkg:maven/org.asynchttpclient/async-http-client@2.12.4"
        },
        {
          "ref": "urn:cdx:81487979-8292-4128-b1be-19c3deaa68ea/1#pkg:maven/org.asynchttpclient/async-http-client@2.12.4"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#166bf410-3dc4-44cc-8c29-97e75343bf5f"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#166bf410-3dc4-44cc-8c29-97e75343bf5f"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#166bf410-3dc4-44cc-8c29-97e75343bf5f"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:maven/org.asynchttpclient/async-http-client@2.12.4"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:maven/org.asynchttpclient/async-http-client@2.12.4"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:maven/org.asynchttpclient/async-http-client@2.12.4"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#305c543b-4db6-4373-a2b4-d4cf6d243615"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#305c543b-4db6-4373-a2b4-d4cf6d243615"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#305c543b-4db6-4373-a2b4-d4cf6d243615"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#02decb48-03a6-4729-9851-ffa342246d06"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#02decb48-03a6-4729-9851-ffa342246d06"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#02decb48-03a6-4729-9851-ffa342246d06"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#0167f350-d938-4425-8a09-70441e5560b2"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#0167f350-d938-4425-8a09-70441e5560b2"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#0167f350-d938-4425-8a09-70441e5560b2"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#2d8f2aa7-22f6-4211-b089-da029c63c6cd"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#2d8f2aa7-22f6-4211-b089-da029c63c6cd"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#2d8f2aa7-22f6-4211-b089-da029c63c6cd"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:maven/org.asynchttpclient/async-http-client@2.12.4"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:maven/org.asynchttpclient/async-http-client@2.12.4"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:maven/org.asynchttpclient/async-http-client@2.12.4"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#1d016937-bd7d-448a-9dab-ff89579bd5e7"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#1d016937-bd7d-448a-9dab-ff89579bd5e7"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#1d016937-bd7d-448a-9dab-ff89579bd5e7"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:maven/org.asynchttpclient/async-http-client@2.12.4"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:maven/org.asynchttpclient/async-http-client@2.12.4"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:maven/org.asynchttpclient/async-http-client@2.12.4"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#0271e612-2b13-4535-8725-737e2a2d1936"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#0271e612-2b13-4535-8725-737e2a2d1936"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#0271e612-2b13-4535-8725-737e2a2d1936"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#11932c33-f160-466d-bbd6-4db5a57d80a8"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#11932c33-f160-466d-bbd6-4db5a57d80a8"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#11932c33-f160-466d-bbd6-4db5a57d80a8"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#155ead15-8434-49a8-bb6a-faced234300b"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#155ead15-8434-49a8-bb6a-faced234300b"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#155ead15-8434-49a8-bb6a-faced234300b"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#5d242a3a-75c1-4b36-af04-caa64f67a977"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#5d242a3a-75c1-4b36-af04-caa64f67a977"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#5d242a3a-75c1-4b36-af04-caa64f67a977"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#00ad9a78-91bb-48c7-9fbf-bb23e31b2c7c"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#00ad9a78-91bb-48c7-9fbf-bb23e31b2c7c"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#00ad9a78-91bb-48c7-9fbf-bb23e31b2c7c"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#14d6f8ca-60ed-4b12-8723-1d0ff0d6f7f6"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#14d6f8ca-60ed-4b12-8723-1d0ff0d6f7f6"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#14d6f8ca-60ed-4b12-8723-1d0ff0d6f7f6"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-41409",
      "source": {
        "name": "ghsa",
        "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven"
      },
      "ratings": [
        {
          "source": {
            "name": "ghsa"
          },
          "score": 9.8,
          "severity": "critical",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 9.8,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "cwes": [
        502
      ],
      "description": "The fix for CVE-2024-52046 in Apache MINA AbstractIoBuffer.getObject() was incomplete. The classname allowlist of classes allowed to be deserialized was applied too late after a static initializer in a class to be read might already have been executed.\n\n\n\n\nAffected versions are Apache MINA 2.0.0 <= 2.0.27, 2.1.0 <= 2.1.10, and 2.2.0 <= 2.2.5.\n\n\n\n\nThe problem is resolved in Apache MINA 2.0.28, 2.1.11, and 2.2.6 by \napplying the classname allowlist earlier.\n\n\n\n\nAffected are applications using Apache MINA that call IoBuffer.getObject().\n\n\n\n\nApplications using Apache MINA are advised to upgrade",
      "recommendation": "Upgrade org.apache.mina:mina-core to version 2.0.28, 2.1.11, 2.2.6",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-41409"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-41409"
        },
        {
          "url": "https://github.com/advisories/GHSA-76h9-2vwh-w278"
        },
        {
          "url": "https://github.com/apache/mina"
        },
        {
          "url": "https://lists.apache.org/thread/9ddvsq6c4l5bhwq8l14sob4f8qjvx5c9"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41409"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-41409"
        }
      ],
      "published": "2026-04-27T10:16:09+00:00",
      "updated": "2026-04-29T19:08:07+00:00",
      "affects": [
        {
          "ref": "pkg:maven/org.apache.mina/mina-core@2.2.4",
          "versions": [
            {
              "version": "2.2.4",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/org.apache.mina/mina-core@2.2.4",
          "versions": [
            {
              "version": "2.2.4",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/org.apache.mina/mina-core@2.0.27",
          "versions": [
            {
              "version": "2.0.27",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#cab07822-2af8-4c7d-a354-5f1cdd8941c0"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#cab07822-2af8-4c7d-a354-5f1cdd8941c0"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#pkg:maven/org.apache.mina/mina-core@2.0.27"
        },
        {
          "ref": "urn:cdx:1e0f3387-30a4-4592-94af-04ef480a8a27/1#pkg:maven/org.apache.mina/mina-core@2.2.4"
        },
        {
          "ref": "urn:cdx:1e0f3387-30a4-4592-94af-04ef480a8a27/1#pkg:maven/org.apache.mina/mina-core@2.2.4"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#pkg:maven/org.apache.mina/mina-core@2.2.4"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#pkg:maven/org.apache.mina/mina-core@2.2.4"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#pkg:maven/org.apache.mina/mina-core@2.2.4"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#pkg:maven/org.apache.mina/mina-core@2.2.4"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#355c8d39-261f-41c4-b4ec-51cf71103a0a"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#355c8d39-261f-41c4-b4ec-51cf71103a0a"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#pkg:maven/org.apache.mina/mina-core@2.2.4"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#pkg:maven/org.apache.mina/mina-core@2.2.4"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#pkg:maven/org.apache.mina/mina-core@2.0.27"
        },
        {
          "ref": "urn:cdx:4054bf22-6d54-48d8-bc9f-84b7b1397c4c/1#pkg:maven/org.apache.mina/mina-core@2.2.4"
        },
        {
          "ref": "urn:cdx:4054bf22-6d54-48d8-bc9f-84b7b1397c4c/1#pkg:maven/org.apache.mina/mina-core@2.2.4"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/org.apache.mina/mina-core@2.2.4"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/org.apache.mina/mina-core@2.2.4"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#17d8bd62-7f5f-49a1-b38a-df69aa8c2a71"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#17d8bd62-7f5f-49a1-b38a-df69aa8c2a71"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:maven/org.apache.mina/mina-core@2.2.4"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:maven/org.apache.mina/mina-core@2.2.4"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#5bcbb3ee-bd3e-4e80-be6f-27de11e0c797"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#5bcbb3ee-bd3e-4e80-be6f-27de11e0c797"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#5ad0136f-502c-41bb-af4a-e96fa536f3ca"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#5ad0136f-502c-41bb-af4a-e96fa536f3ca"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:maven/org.apache.mina/mina-core@2.0.27"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#002ea9ff-91a3-42f0-a5dc-65bd7f8a588b"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#002ea9ff-91a3-42f0-a5dc-65bd7f8a588b"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:maven/org.apache.mina/mina-core@2.0.27"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#00c4fda8-c10b-4298-aa26-1ffa9a6f3856"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#00c4fda8-c10b-4298-aa26-1ffa9a6f3856"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#55de3ce8-b994-41a4-8324-a1e20f62f176"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#55de3ce8-b994-41a4-8324-a1e20f62f176"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#41a45fe0-c3bb-49e2-9bd7-7541f0f9e9e3"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#41a45fe0-c3bb-49e2-9bd7-7541f0f9e9e3"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:maven/org.apache.mina/mina-core@2.2.4"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:maven/org.apache.mina/mina-core@2.2.4"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#1eea5c3f-c2eb-4e13-813d-3c76bb5af3af"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#1eea5c3f-c2eb-4e13-813d-3c76bb5af3af"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#400e064d-209c-4336-a09b-da1fce2671d3"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#400e064d-209c-4336-a09b-da1fce2671d3"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#0151c791-ea8e-4043-8b35-773c4216a03b"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#0151c791-ea8e-4043-8b35-773c4216a03b"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:maven/org.apache.mina/mina-core@2.0.27"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#0c636908-87f5-4b4a-895a-d31103fee46b"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#0c636908-87f5-4b4a-895a-d31103fee46b"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:maven/org.apache.mina/mina-core@2.0.27"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#0a5728a2-9518-468e-bfb6-473564b72615"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#0a5728a2-9518-468e-bfb6-473564b72615"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:maven/org.apache.mina/mina-core@2.0.27"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#382629c8-c0cb-4731-bfc0-82ed00b109b9"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#382629c8-c0cb-4731-bfc0-82ed00b109b9"
        }
      ],
      "analysis": {
        "state": "in_triage",
        "justification": "",
        "response": [],
        "detail": "This CVE is under investigation by Confluent."
      }
    },
    {
      "id": "CVE-2026-41417",
      "source": {
        "name": "ghsa",
        "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven"
      },
      "ratings": [
        {
          "source": {
            "name": "ghsa"
          },
          "score": 5.3,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 6.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
        }
      ],
      "cwes": [
        93,
        444
      ],
      "description": "Netty allows request-line validation to be bypassed when a `DefaultHttpRequest` or `DefaultFullHttpRequest` is created first and its URI is later changed via `setUri()`. The constructors reject CRLF and whitespace characters that would break the start-line, but `setUri()` does not apply the same validation. `HttpRequestEncoder` and `RtspEncoder` then write the URI into the request line verbatim. If attacker-controlled input reaches `setUri()`, this enables CRLF injection and insertion of additional HTTP or RTSP requests, leading to HTTP request smuggling or desynchronization on the HTTP side and request injection on the RTSP side. This issue is fixed in versions 4.2.13.Final and 4.1.133.Final.",
      "recommendation": "Upgrade io.netty:netty-codec-http to version 4.1.133.Final, 4.2.13.Final",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-41417"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-41417"
        },
        {
          "url": "https://github.com/netty/netty"
        },
        {
          "url": "https://github.com/netty/netty/security/advisories/GHSA-v8h7-rr48-vmmv"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41417"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-41417"
        }
      ],
      "published": "2026-05-06T22:16:25+00:00",
      "updated": "2026-05-11T14:29:48+00:00",
      "affects": [
        {
          "ref": "pkg:maven/io.netty/netty-codec-http@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/io.netty/netty-codec-http@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/io.netty/netty-codec-http@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/io.netty/netty-codec-http@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#07fb334d-8d42-4e2e-8551-d7eedc2b1a5f"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#07fb334d-8d42-4e2e-8551-d7eedc2b1a5f"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#07fb334d-8d42-4e2e-8551-d7eedc2b1a5f"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#07fb334d-8d42-4e2e-8551-d7eedc2b1a5f"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#015a204e-09f7-4a9a-ba31-f2f4f96995c5"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#015a204e-09f7-4a9a-ba31-f2f4f96995c5"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#015a204e-09f7-4a9a-ba31-f2f4f96995c5"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#015a204e-09f7-4a9a-ba31-f2f4f96995c5"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#85f9a56f-17a3-46e2-83ea-3c10345cd474"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#85f9a56f-17a3-46e2-83ea-3c10345cd474"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#85f9a56f-17a3-46e2-83ea-3c10345cd474"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#85f9a56f-17a3-46e2-83ea-3c10345cd474"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#06675169-7b62-4db0-a1bf-6d8001bb55b0"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#06675169-7b62-4db0-a1bf-6d8001bb55b0"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#06675169-7b62-4db0-a1bf-6d8001bb55b0"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#06675169-7b62-4db0-a1bf-6d8001bb55b0"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#14352f67-e4d3-485a-ac71-9c27d310fee7"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#14352f67-e4d3-485a-ac71-9c27d310fee7"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#14352f67-e4d3-485a-ac71-9c27d310fee7"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#14352f67-e4d3-485a-ac71-9c27d310fee7"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#3f0e56f3-6fc9-411c-9230-668be07ab2b9"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#3f0e56f3-6fc9-411c-9230-668be07ab2b9"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#3f0e56f3-6fc9-411c-9230-668be07ab2b9"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#3f0e56f3-6fc9-411c-9230-668be07ab2b9"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#86695446-aa37-423b-8017-b6982c44c9e8"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#86695446-aa37-423b-8017-b6982c44c9e8"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#86695446-aa37-423b-8017-b6982c44c9e8"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#86695446-aa37-423b-8017-b6982c44c9e8"
        },
        {
          "ref": "urn:cdx:81487979-8292-4128-b1be-19c3deaa68ea/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:81487979-8292-4128-b1be-19c3deaa68ea/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:81487979-8292-4128-b1be-19c3deaa68ea/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:81487979-8292-4128-b1be-19c3deaa68ea/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#013bdf41-15f8-4f1e-aa06-1db5125f9108"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#013bdf41-15f8-4f1e-aa06-1db5125f9108"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#013bdf41-15f8-4f1e-aa06-1db5125f9108"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#013bdf41-15f8-4f1e-aa06-1db5125f9108"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#3f7583db-9dbb-4ed8-85b1-b4e161be5bb9"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#3f7583db-9dbb-4ed8-85b1-b4e161be5bb9"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#3f7583db-9dbb-4ed8-85b1-b4e161be5bb9"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#3f7583db-9dbb-4ed8-85b1-b4e161be5bb9"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#0216dbe4-5296-47cf-b676-233a32632e4b"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#0216dbe4-5296-47cf-b676-233a32632e4b"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#0216dbe4-5296-47cf-b676-233a32632e4b"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#0216dbe4-5296-47cf-b676-233a32632e4b"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#07a48415-52c4-49a5-878c-5c6d1546a0fc"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#07a48415-52c4-49a5-878c-5c6d1546a0fc"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#07a48415-52c4-49a5-878c-5c6d1546a0fc"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#07a48415-52c4-49a5-878c-5c6d1546a0fc"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#11a19200-2523-4fc5-a1b0-054cfa6a319a"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#11a19200-2523-4fc5-a1b0-054cfa6a319a"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#11a19200-2523-4fc5-a1b0-054cfa6a319a"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#11a19200-2523-4fc5-a1b0-054cfa6a319a"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#040e80d0-4c80-43f6-9a75-f023a4ba43c0"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#040e80d0-4c80-43f6-9a75-f023a4ba43c0"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#040e80d0-4c80-43f6-9a75-f023a4ba43c0"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#040e80d0-4c80-43f6-9a75-f023a4ba43c0"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#343818bc-518c-4992-9866-987e117f238e"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#343818bc-518c-4992-9866-987e117f238e"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#343818bc-518c-4992-9866-987e117f238e"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#343818bc-518c-4992-9866-987e117f238e"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#2a4f4228-1ba6-493d-9432-5ad99288e4c2"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#2a4f4228-1ba6-493d-9432-5ad99288e4c2"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#2a4f4228-1ba6-493d-9432-5ad99288e4c2"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#2a4f4228-1ba6-493d-9432-5ad99288e4c2"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#019615f8-71c9-48a5-8867-5e30ec424502"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#019615f8-71c9-48a5-8867-5e30ec424502"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#019615f8-71c9-48a5-8867-5e30ec424502"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#019615f8-71c9-48a5-8867-5e30ec424502"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#33f73744-5e1c-4679-8c47-d9b0b1ce5ea6"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#33f73744-5e1c-4679-8c47-d9b0b1ce5ea6"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#33f73744-5e1c-4679-8c47-d9b0b1ce5ea6"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#33f73744-5e1c-4679-8c47-d9b0b1ce5ea6"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#05526441-bc12-4bf2-b028-43e31b6ede98"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#05526441-bc12-4bf2-b028-43e31b6ede98"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#05526441-bc12-4bf2-b028-43e31b6ede98"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#05526441-bc12-4bf2-b028-43e31b6ede98"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#236cf401-7194-4015-9284-c9e8541a3c1f"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#236cf401-7194-4015-9284-c9e8541a3c1f"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#236cf401-7194-4015-9284-c9e8541a3c1f"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#236cf401-7194-4015-9284-c9e8541a3c1f"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#0a83600b-9ede-4fd2-8039-f7bf87316ae2"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#0a83600b-9ede-4fd2-8039-f7bf87316ae2"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#0a83600b-9ede-4fd2-8039-f7bf87316ae2"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#0a83600b-9ede-4fd2-8039-f7bf87316ae2"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#128875d4-4aed-44a0-95ad-230ea738c0e8"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#128875d4-4aed-44a0-95ad-230ea738c0e8"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#128875d4-4aed-44a0-95ad-230ea738c0e8"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#128875d4-4aed-44a0-95ad-230ea738c0e8"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#059e35c4-67e8-492f-a20c-24dce3f85154"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#059e35c4-67e8-492f-a20c-24dce3f85154"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#059e35c4-67e8-492f-a20c-24dce3f85154"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#059e35c4-67e8-492f-a20c-24dce3f85154"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-41635",
      "source": {
        "name": "ghsa",
        "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven"
      },
      "ratings": [
        {
          "source": {
            "name": "ghsa"
          },
          "score": 9.8,
          "severity": "critical",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 9.8,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "cwes": [
        502
      ],
      "description": "Apache MINA's AbstractIoBuffer.resolveClass() contains two branches, one of them (for static classes or primitive types) does not check the class at all, bypassing the classname allowlist and allowing arbitrary code to be executed.\n\n\n\n\nThe fix checks if the class is present in the accepted class filter\u00a0before calling\u00a0Class.forName().\u00a0\n\n\n\n\n\n\nAffected versions are Apache MINA 2.0.0 <= 2.0.27, 2.1.0 <= 2.1.10, and\n\n\n2.2.0 <= 2.2.5.\n\n\n\n\n\nThe problem is resolved in Apache MINA 2.0.28, 2.1.11, and 2.2.6 by \napplying the classname allowlist earlier.\n\n\n\n\n\nAffected are applications using Apache MINA that call\u00a0 IoBuffer.getObject().\n\n\n\n\n\nApplications using Apache MINA are advised to upgrade.",
      "recommendation": "Upgrade org.apache.mina:mina-core to version 2.0.28, 2.1.11, 2.2.6",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-41635"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2026/04/27/4"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-41635"
        },
        {
          "url": "https://github.com/apache/mina"
        },
        {
          "url": "https://lists.apache.org/thread/1l91w1mqsb3lwfd504fs045ylxntt2tm"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41635"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-41635"
        }
      ],
      "published": "2026-04-27T09:16:01+00:00",
      "updated": "2026-04-29T19:08:21+00:00",
      "affects": [
        {
          "ref": "pkg:maven/org.apache.mina/mina-core@2.2.4",
          "versions": [
            {
              "version": "2.2.4",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/org.apache.mina/mina-core@2.2.4",
          "versions": [
            {
              "version": "2.2.4",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/org.apache.mina/mina-core@2.0.27",
          "versions": [
            {
              "version": "2.0.27",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#cab07822-2af8-4c7d-a354-5f1cdd8941c0"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#cab07822-2af8-4c7d-a354-5f1cdd8941c0"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#pkg:maven/org.apache.mina/mina-core@2.0.27"
        },
        {
          "ref": "urn:cdx:1e0f3387-30a4-4592-94af-04ef480a8a27/1#pkg:maven/org.apache.mina/mina-core@2.2.4"
        },
        {
          "ref": "urn:cdx:1e0f3387-30a4-4592-94af-04ef480a8a27/1#pkg:maven/org.apache.mina/mina-core@2.2.4"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#pkg:maven/org.apache.mina/mina-core@2.2.4"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#pkg:maven/org.apache.mina/mina-core@2.2.4"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#pkg:maven/org.apache.mina/mina-core@2.2.4"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#pkg:maven/org.apache.mina/mina-core@2.2.4"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#355c8d39-261f-41c4-b4ec-51cf71103a0a"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#355c8d39-261f-41c4-b4ec-51cf71103a0a"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#pkg:maven/org.apache.mina/mina-core@2.2.4"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#pkg:maven/org.apache.mina/mina-core@2.2.4"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#pkg:maven/org.apache.mina/mina-core@2.0.27"
        },
        {
          "ref": "urn:cdx:4054bf22-6d54-48d8-bc9f-84b7b1397c4c/1#pkg:maven/org.apache.mina/mina-core@2.2.4"
        },
        {
          "ref": "urn:cdx:4054bf22-6d54-48d8-bc9f-84b7b1397c4c/1#pkg:maven/org.apache.mina/mina-core@2.2.4"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/org.apache.mina/mina-core@2.2.4"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/org.apache.mina/mina-core@2.2.4"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#17d8bd62-7f5f-49a1-b38a-df69aa8c2a71"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#17d8bd62-7f5f-49a1-b38a-df69aa8c2a71"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:maven/org.apache.mina/mina-core@2.2.4"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:maven/org.apache.mina/mina-core@2.2.4"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#5bcbb3ee-bd3e-4e80-be6f-27de11e0c797"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#5bcbb3ee-bd3e-4e80-be6f-27de11e0c797"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#5ad0136f-502c-41bb-af4a-e96fa536f3ca"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#5ad0136f-502c-41bb-af4a-e96fa536f3ca"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:maven/org.apache.mina/mina-core@2.0.27"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#002ea9ff-91a3-42f0-a5dc-65bd7f8a588b"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#002ea9ff-91a3-42f0-a5dc-65bd7f8a588b"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:maven/org.apache.mina/mina-core@2.0.27"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#00c4fda8-c10b-4298-aa26-1ffa9a6f3856"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#00c4fda8-c10b-4298-aa26-1ffa9a6f3856"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#55de3ce8-b994-41a4-8324-a1e20f62f176"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#55de3ce8-b994-41a4-8324-a1e20f62f176"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#41a45fe0-c3bb-49e2-9bd7-7541f0f9e9e3"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#41a45fe0-c3bb-49e2-9bd7-7541f0f9e9e3"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:maven/org.apache.mina/mina-core@2.2.4"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:maven/org.apache.mina/mina-core@2.2.4"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#1eea5c3f-c2eb-4e13-813d-3c76bb5af3af"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#1eea5c3f-c2eb-4e13-813d-3c76bb5af3af"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#400e064d-209c-4336-a09b-da1fce2671d3"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#400e064d-209c-4336-a09b-da1fce2671d3"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#0151c791-ea8e-4043-8b35-773c4216a03b"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#0151c791-ea8e-4043-8b35-773c4216a03b"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:maven/org.apache.mina/mina-core@2.0.27"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#0c636908-87f5-4b4a-895a-d31103fee46b"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#0c636908-87f5-4b4a-895a-d31103fee46b"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:maven/org.apache.mina/mina-core@2.0.27"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#0a5728a2-9518-468e-bfb6-473564b72615"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#0a5728a2-9518-468e-bfb6-473564b72615"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:maven/org.apache.mina/mina-core@2.0.27"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#382629c8-c0cb-4731-bfc0-82ed00b109b9"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#382629c8-c0cb-4731-bfc0-82ed00b109b9"
        }
      ],
      "analysis": {
        "state": "in_triage",
        "justification": "",
        "response": [],
        "detail": "This CVE is under investigation by Confluent."
      }
    },
    {
      "id": "CVE-2026-42578",
      "source": {
        "name": "ghsa",
        "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven"
      },
      "ratings": [
        {
          "source": {
            "name": "nvd"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        113
      ],
      "description": "Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's HttpProxyHandler constructs HTTP CONNECT requests with header validation explicitly disabled. The newInitialMessage() method creates headers using DefaultHttpHeadersFactory.headersFactory().withValidation(false), then adds user-provided outboundHeaders without any CRLF validation. This allows an attacker who can influence the outbound headers to inject arbitrary HTTP headers into the CONNECT request sent to the proxy server. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.",
      "recommendation": "Upgrade io.netty:netty-handler-proxy to version 4.1.133.Final, 4.2.13.Final",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-42578"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-42578"
        },
        {
          "url": "https://github.com/advisories/GHSA-84h7-rjj3-6jx4"
        },
        {
          "url": "https://github.com/netty/netty"
        },
        {
          "url": "https://github.com/netty/netty/security/advisories/GHSA-45q3-82m4-75jr"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42578"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8401-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42578"
        }
      ],
      "published": "2026-05-13T19:17:23+00:00",
      "updated": "2026-05-18T12:54:04+00:00",
      "affects": [
        {
          "ref": "pkg:maven/io.netty/netty-handler-proxy@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/io.netty/netty-handler-proxy@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/io.netty/netty-handler-proxy@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/io.netty/netty-handler-proxy@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#9428baea-4159-42a3-acdc-adb89864906b"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#9428baea-4159-42a3-acdc-adb89864906b"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#9428baea-4159-42a3-acdc-adb89864906b"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#9428baea-4159-42a3-acdc-adb89864906b"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#826fa0a9-26a5-4f72-a2e7-8a63f638a952"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#826fa0a9-26a5-4f72-a2e7-8a63f638a952"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#826fa0a9-26a5-4f72-a2e7-8a63f638a952"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#826fa0a9-26a5-4f72-a2e7-8a63f638a952"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#540839d0-b71f-48cb-8168-14b085e76c53"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#540839d0-b71f-48cb-8168-14b085e76c53"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#540839d0-b71f-48cb-8168-14b085e76c53"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#540839d0-b71f-48cb-8168-14b085e76c53"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#77b637c2-8923-4b4f-9542-ced517e26def"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#77b637c2-8923-4b4f-9542-ced517e26def"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#77b637c2-8923-4b4f-9542-ced517e26def"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#77b637c2-8923-4b4f-9542-ced517e26def"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-handler-proxy@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-handler-proxy@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-handler-proxy@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-handler-proxy@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#854f4244-b035-41c7-b238-c1e9c5b32656"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#854f4244-b035-41c7-b238-c1e9c5b32656"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#854f4244-b035-41c7-b238-c1e9c5b32656"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#854f4244-b035-41c7-b238-c1e9c5b32656"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#b9e35752-a874-4dc1-af81-877275a40a5d"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#b9e35752-a874-4dc1-af81-877275a40a5d"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#b9e35752-a874-4dc1-af81-877275a40a5d"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#b9e35752-a874-4dc1-af81-877275a40a5d"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-handler-proxy@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-handler-proxy@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-handler-proxy@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-handler-proxy@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/io.netty/netty-handler-proxy@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/io.netty/netty-handler-proxy@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/io.netty/netty-handler-proxy@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/io.netty/netty-handler-proxy@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-handler-proxy@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-handler-proxy@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-handler-proxy@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-handler-proxy@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#79795434-c0f0-4e9a-85c3-bc3b96cff4d4"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#79795434-c0f0-4e9a-85c3-bc3b96cff4d4"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#79795434-c0f0-4e9a-85c3-bc3b96cff4d4"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#79795434-c0f0-4e9a-85c3-bc3b96cff4d4"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#bd83a960-690d-4dcb-b71d-f5b353f1a8cb"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#bd83a960-690d-4dcb-b71d-f5b353f1a8cb"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#bd83a960-690d-4dcb-b71d-f5b353f1a8cb"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#bd83a960-690d-4dcb-b71d-f5b353f1a8cb"
        },
        {
          "ref": "urn:cdx:81487979-8292-4128-b1be-19c3deaa68ea/1#pkg:maven/io.netty/netty-handler-proxy@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:81487979-8292-4128-b1be-19c3deaa68ea/1#pkg:maven/io.netty/netty-handler-proxy@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:81487979-8292-4128-b1be-19c3deaa68ea/1#pkg:maven/io.netty/netty-handler-proxy@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:81487979-8292-4128-b1be-19c3deaa68ea/1#pkg:maven/io.netty/netty-handler-proxy@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#3322a5b8-7ae0-4413-b92d-f23c142f4070"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#3322a5b8-7ae0-4413-b92d-f23c142f4070"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#3322a5b8-7ae0-4413-b92d-f23c142f4070"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#3322a5b8-7ae0-4413-b92d-f23c142f4070"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#1937907c-5ec1-43b5-ad74-add8bd751f91"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#1937907c-5ec1-43b5-ad74-add8bd751f91"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#1937907c-5ec1-43b5-ad74-add8bd751f91"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#1937907c-5ec1-43b5-ad74-add8bd751f91"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#03e3b228-7892-4dfc-847e-2ec9806472f5"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#03e3b228-7892-4dfc-847e-2ec9806472f5"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#03e3b228-7892-4dfc-847e-2ec9806472f5"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#03e3b228-7892-4dfc-847e-2ec9806472f5"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#0170139d-9dc7-4e46-8d0e-bf1e17f04ea6"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#0170139d-9dc7-4e46-8d0e-bf1e17f04ea6"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#0170139d-9dc7-4e46-8d0e-bf1e17f04ea6"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#0170139d-9dc7-4e46-8d0e-bf1e17f04ea6"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#330a6163-7935-4267-b361-52c095d35a18"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#330a6163-7935-4267-b361-52c095d35a18"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#330a6163-7935-4267-b361-52c095d35a18"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#330a6163-7935-4267-b361-52c095d35a18"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#d17d5c7b-4ff9-4ca2-a53a-ebbfb6570961"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#d17d5c7b-4ff9-4ca2-a53a-ebbfb6570961"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#d17d5c7b-4ff9-4ca2-a53a-ebbfb6570961"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#d17d5c7b-4ff9-4ca2-a53a-ebbfb6570961"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#b7ae9385-ed55-47a2-b5a9-c45c3faf842c"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#b7ae9385-ed55-47a2-b5a9-c45c3faf842c"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#b7ae9385-ed55-47a2-b5a9-c45c3faf842c"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#b7ae9385-ed55-47a2-b5a9-c45c3faf842c"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#12a6db1a-f7b6-4791-b92e-978b0adb3148"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#12a6db1a-f7b6-4791-b92e-978b0adb3148"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#12a6db1a-f7b6-4791-b92e-978b0adb3148"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#12a6db1a-f7b6-4791-b92e-978b0adb3148"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#60ddb01f-802f-442c-adc0-f91eeb85efc1"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#60ddb01f-802f-442c-adc0-f91eeb85efc1"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#60ddb01f-802f-442c-adc0-f91eeb85efc1"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#60ddb01f-802f-442c-adc0-f91eeb85efc1"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#21908573-5bc2-49db-818e-d3925532b3ff"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#21908573-5bc2-49db-818e-d3925532b3ff"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#21908573-5bc2-49db-818e-d3925532b3ff"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#21908573-5bc2-49db-818e-d3925532b3ff"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#430647ab-f6bd-48f7-a750-b23399c3ecc0"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#430647ab-f6bd-48f7-a750-b23399c3ecc0"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#430647ab-f6bd-48f7-a750-b23399c3ecc0"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#430647ab-f6bd-48f7-a750-b23399c3ecc0"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#239667b8-8e37-4b42-9ab7-8c3e6875594c"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#239667b8-8e37-4b42-9ab7-8c3e6875594c"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#239667b8-8e37-4b42-9ab7-8c3e6875594c"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#239667b8-8e37-4b42-9ab7-8c3e6875594c"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#0adebdfc-2fe7-45c1-99d7-2919ee6e07d2"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#0adebdfc-2fe7-45c1-99d7-2919ee6e07d2"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#0adebdfc-2fe7-45c1-99d7-2919ee6e07d2"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#0adebdfc-2fe7-45c1-99d7-2919ee6e07d2"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#02ec4110-b28e-4edb-89a3-8fbe502d06f4"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#02ec4110-b28e-4edb-89a3-8fbe502d06f4"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#02ec4110-b28e-4edb-89a3-8fbe502d06f4"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#02ec4110-b28e-4edb-89a3-8fbe502d06f4"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#0352a03e-1292-46c8-b3d2-21630ccf133b"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#0352a03e-1292-46c8-b3d2-21630ccf133b"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#0352a03e-1292-46c8-b3d2-21630ccf133b"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#0352a03e-1292-46c8-b3d2-21630ccf133b"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-42579",
      "source": {
        "name": "ghsa",
        "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven"
      },
      "ratings": [
        {
          "source": {
            "name": "ghsa"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 9.1,
          "severity": "critical",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        20,
        400,
        626
      ],
      "description": "Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's DNS codec does not enforce RFC 1035 domain name constraints during either encoding or decoding. This creates a bidirectional attack surface: malicious DNS responses can exploit the decoder, and user-influenced hostnames can exploit the encoder. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.",
      "recommendation": "Upgrade io.netty:netty-codec-dns to version 4.2.13.Final, 4.1.133.Final",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-42579"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-42579"
        },
        {
          "url": "https://github.com/netty/netty"
        },
        {
          "url": "https://github.com/netty/netty/security/advisories/GHSA-cm33-6792-r9fm"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42579"
        },
        {
          "url": "https://tools.ietf.org/html/rfc1035#section-2.3.4"
        },
        {
          "url": "https://tools.ietf.org/html/rfc1035#section-4.1.4"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8401-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42579"
        }
      ],
      "published": "2026-05-13T19:17:23+00:00",
      "updated": "2026-05-18T17:16:32+00:00",
      "affects": [
        {
          "ref": "pkg:maven/io.netty/netty-codec-dns@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/io.netty/netty-codec-dns@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#10c71cc9-24b6-4ab9-b45d-8b0409725dea"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#10c71cc9-24b6-4ab9-b45d-8b0409725dea"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#pkg:maven/io.netty/netty-codec-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#pkg:maven/io.netty/netty-codec-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#5ff209ec-e9de-447b-be29-1f1eee9d2272"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#5ff209ec-e9de-447b-be29-1f1eee9d2272"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#023c3916-5314-4aab-b7f7-317415ce55b1"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#023c3916-5314-4aab-b7f7-317415ce55b1"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-codec-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-codec-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#pkg:maven/io.netty/netty-codec-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#pkg:maven/io.netty/netty-codec-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-codec-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-codec-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/io.netty/netty-codec-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/io.netty/netty-codec-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-codec-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-codec-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#pkg:maven/io.netty/netty-codec-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#pkg:maven/io.netty/netty-codec-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#pkg:maven/io.netty/netty-codec-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#pkg:maven/io.netty/netty-codec-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#2020188d-0055-419a-b49d-971a54ed8ad4"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#2020188d-0055-419a-b49d-971a54ed8ad4"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:maven/io.netty/netty-codec-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:maven/io.netty/netty-codec-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#191f8d2c-725d-4567-bed8-723ab8118339"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#191f8d2c-725d-4567-bed8-723ab8118339"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#0ef1fa53-8c87-4d63-8427-385a817aee41"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#0ef1fa53-8c87-4d63-8427-385a817aee41"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#8cf973cd-8f0d-474b-a4f6-1dbb57e05882"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#8cf973cd-8f0d-474b-a4f6-1dbb57e05882"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#68305dc2-7f4b-4283-be2a-2f3890ebd818"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#68305dc2-7f4b-4283-be2a-2f3890ebd818"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:maven/io.netty/netty-codec-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:maven/io.netty/netty-codec-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#1e4718af-ea1e-4748-809d-f1ff7b5c947d"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#1e4718af-ea1e-4748-809d-f1ff7b5c947d"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:maven/io.netty/netty-codec-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:maven/io.netty/netty-codec-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#0373b396-86d4-4de8-95ea-24c6b504afc7"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#0373b396-86d4-4de8-95ea-24c6b504afc7"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#134be472-3724-415b-80a1-246c2245f1b4"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#134be472-3724-415b-80a1-246c2245f1b4"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#219678d6-39ff-4b50-8055-b2ca27420ea0"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#219678d6-39ff-4b50-8055-b2ca27420ea0"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#17344faa-9d61-4861-a98a-8bf19ed404da"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#17344faa-9d61-4861-a98a-8bf19ed404da"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#354dd52d-cdcc-47b1-8174-8e7da2bb1969"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#354dd52d-cdcc-47b1-8174-8e7da2bb1969"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#2dd9e20c-b0ad-4ca4-95d1-fa9e09b62486"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#2dd9e20c-b0ad-4ca4-95d1-fa9e09b62486"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-42580",
      "source": {
        "name": "ghsa",
        "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven"
      },
      "ratings": [
        {
          "source": {
            "name": "ghsa"
          },
          "score": 6.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 6.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
        }
      ],
      "cwes": [
        190,
        444
      ],
      "description": "Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's chunk size parser silently overflows int, enabling request smuggling attacks. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.",
      "recommendation": "Upgrade io.netty:netty-codec-http to version 4.2.13.Final, 4.1.133.Final",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-42580"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-42580"
        },
        {
          "url": "https://github.com/netty/netty"
        },
        {
          "url": "https://github.com/netty/netty/security/advisories/GHSA-m4cv-j2px-7723"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42580"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42580"
        }
      ],
      "published": "2026-05-13T19:17:23+00:00",
      "updated": "2026-05-18T14:03:25+00:00",
      "affects": [
        {
          "ref": "pkg:maven/io.netty/netty-codec-http@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/io.netty/netty-codec-http@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/io.netty/netty-codec-http@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/io.netty/netty-codec-http@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#07fb334d-8d42-4e2e-8551-d7eedc2b1a5f"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#07fb334d-8d42-4e2e-8551-d7eedc2b1a5f"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#07fb334d-8d42-4e2e-8551-d7eedc2b1a5f"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#07fb334d-8d42-4e2e-8551-d7eedc2b1a5f"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#015a204e-09f7-4a9a-ba31-f2f4f96995c5"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#015a204e-09f7-4a9a-ba31-f2f4f96995c5"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#015a204e-09f7-4a9a-ba31-f2f4f96995c5"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#015a204e-09f7-4a9a-ba31-f2f4f96995c5"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#85f9a56f-17a3-46e2-83ea-3c10345cd474"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#85f9a56f-17a3-46e2-83ea-3c10345cd474"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#85f9a56f-17a3-46e2-83ea-3c10345cd474"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#85f9a56f-17a3-46e2-83ea-3c10345cd474"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#06675169-7b62-4db0-a1bf-6d8001bb55b0"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#06675169-7b62-4db0-a1bf-6d8001bb55b0"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#06675169-7b62-4db0-a1bf-6d8001bb55b0"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#06675169-7b62-4db0-a1bf-6d8001bb55b0"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#14352f67-e4d3-485a-ac71-9c27d310fee7"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#14352f67-e4d3-485a-ac71-9c27d310fee7"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#14352f67-e4d3-485a-ac71-9c27d310fee7"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#14352f67-e4d3-485a-ac71-9c27d310fee7"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#3f0e56f3-6fc9-411c-9230-668be07ab2b9"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#3f0e56f3-6fc9-411c-9230-668be07ab2b9"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#3f0e56f3-6fc9-411c-9230-668be07ab2b9"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#3f0e56f3-6fc9-411c-9230-668be07ab2b9"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#86695446-aa37-423b-8017-b6982c44c9e8"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#86695446-aa37-423b-8017-b6982c44c9e8"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#86695446-aa37-423b-8017-b6982c44c9e8"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#86695446-aa37-423b-8017-b6982c44c9e8"
        },
        {
          "ref": "urn:cdx:81487979-8292-4128-b1be-19c3deaa68ea/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:81487979-8292-4128-b1be-19c3deaa68ea/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:81487979-8292-4128-b1be-19c3deaa68ea/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:81487979-8292-4128-b1be-19c3deaa68ea/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#013bdf41-15f8-4f1e-aa06-1db5125f9108"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#013bdf41-15f8-4f1e-aa06-1db5125f9108"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#013bdf41-15f8-4f1e-aa06-1db5125f9108"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#013bdf41-15f8-4f1e-aa06-1db5125f9108"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#3f7583db-9dbb-4ed8-85b1-b4e161be5bb9"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#3f7583db-9dbb-4ed8-85b1-b4e161be5bb9"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#3f7583db-9dbb-4ed8-85b1-b4e161be5bb9"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#3f7583db-9dbb-4ed8-85b1-b4e161be5bb9"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#0216dbe4-5296-47cf-b676-233a32632e4b"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#0216dbe4-5296-47cf-b676-233a32632e4b"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#0216dbe4-5296-47cf-b676-233a32632e4b"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#0216dbe4-5296-47cf-b676-233a32632e4b"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#07a48415-52c4-49a5-878c-5c6d1546a0fc"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#07a48415-52c4-49a5-878c-5c6d1546a0fc"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#07a48415-52c4-49a5-878c-5c6d1546a0fc"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#07a48415-52c4-49a5-878c-5c6d1546a0fc"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#11a19200-2523-4fc5-a1b0-054cfa6a319a"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#11a19200-2523-4fc5-a1b0-054cfa6a319a"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#11a19200-2523-4fc5-a1b0-054cfa6a319a"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#11a19200-2523-4fc5-a1b0-054cfa6a319a"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#040e80d0-4c80-43f6-9a75-f023a4ba43c0"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#040e80d0-4c80-43f6-9a75-f023a4ba43c0"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#040e80d0-4c80-43f6-9a75-f023a4ba43c0"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#040e80d0-4c80-43f6-9a75-f023a4ba43c0"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#343818bc-518c-4992-9866-987e117f238e"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#343818bc-518c-4992-9866-987e117f238e"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#343818bc-518c-4992-9866-987e117f238e"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#343818bc-518c-4992-9866-987e117f238e"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#2a4f4228-1ba6-493d-9432-5ad99288e4c2"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#2a4f4228-1ba6-493d-9432-5ad99288e4c2"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#2a4f4228-1ba6-493d-9432-5ad99288e4c2"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#2a4f4228-1ba6-493d-9432-5ad99288e4c2"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#019615f8-71c9-48a5-8867-5e30ec424502"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#019615f8-71c9-48a5-8867-5e30ec424502"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#019615f8-71c9-48a5-8867-5e30ec424502"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#019615f8-71c9-48a5-8867-5e30ec424502"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#33f73744-5e1c-4679-8c47-d9b0b1ce5ea6"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#33f73744-5e1c-4679-8c47-d9b0b1ce5ea6"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#33f73744-5e1c-4679-8c47-d9b0b1ce5ea6"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#33f73744-5e1c-4679-8c47-d9b0b1ce5ea6"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#05526441-bc12-4bf2-b028-43e31b6ede98"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#05526441-bc12-4bf2-b028-43e31b6ede98"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#05526441-bc12-4bf2-b028-43e31b6ede98"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#05526441-bc12-4bf2-b028-43e31b6ede98"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#236cf401-7194-4015-9284-c9e8541a3c1f"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#236cf401-7194-4015-9284-c9e8541a3c1f"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#236cf401-7194-4015-9284-c9e8541a3c1f"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#236cf401-7194-4015-9284-c9e8541a3c1f"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#0a83600b-9ede-4fd2-8039-f7bf87316ae2"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#0a83600b-9ede-4fd2-8039-f7bf87316ae2"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#0a83600b-9ede-4fd2-8039-f7bf87316ae2"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#0a83600b-9ede-4fd2-8039-f7bf87316ae2"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#128875d4-4aed-44a0-95ad-230ea738c0e8"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#128875d4-4aed-44a0-95ad-230ea738c0e8"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#128875d4-4aed-44a0-95ad-230ea738c0e8"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#128875d4-4aed-44a0-95ad-230ea738c0e8"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#059e35c4-67e8-492f-a20c-24dce3f85154"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#059e35c4-67e8-492f-a20c-24dce3f85154"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#059e35c4-67e8-492f-a20c-24dce3f85154"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#059e35c4-67e8-492f-a20c-24dce3f85154"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-42581",
      "source": {
        "name": "ghsa",
        "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven"
      },
      "ratings": [
        {
          "source": {
            "name": "ghsa"
          },
          "score": 5.8,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 9.8,
          "severity": "critical",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 7.2,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        444
      ],
      "description": "Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpObjectDecoder strips a conflicting Content-Length header when a request carries both Transfer-Encoding: chunked and Content-Length, but only for HTTP/1.1 messages. The guard is absent for HTTP/1.0. An attacker that sends an HTTP/1.0 request with both headers causes Netty to decode the body as chunked while leaving Content-Length intact in the forwarded HttpMessage. Any downstream proxy or handler that trusts Content-Length over Transfer-Encoding will disagree on message boundaries, enabling request smuggling. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.",
      "recommendation": "Upgrade io.netty:netty-codec-http to version 4.2.13.Final, 4.1.133.Final",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-42581"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-42581"
        },
        {
          "url": "https://github.com/netty/netty"
        },
        {
          "url": "https://github.com/netty/netty/security/advisories/GHSA-xxqh-mfjm-7mv9"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42581"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8401-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42581"
        }
      ],
      "published": "2026-05-13T19:17:23+00:00",
      "updated": "2026-05-18T13:14:18+00:00",
      "affects": [
        {
          "ref": "pkg:maven/io.netty/netty-codec-http@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/io.netty/netty-codec-http@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/io.netty/netty-codec-http@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/io.netty/netty-codec-http@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#07fb334d-8d42-4e2e-8551-d7eedc2b1a5f"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#07fb334d-8d42-4e2e-8551-d7eedc2b1a5f"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#07fb334d-8d42-4e2e-8551-d7eedc2b1a5f"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#07fb334d-8d42-4e2e-8551-d7eedc2b1a5f"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#015a204e-09f7-4a9a-ba31-f2f4f96995c5"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#015a204e-09f7-4a9a-ba31-f2f4f96995c5"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#015a204e-09f7-4a9a-ba31-f2f4f96995c5"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#015a204e-09f7-4a9a-ba31-f2f4f96995c5"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#85f9a56f-17a3-46e2-83ea-3c10345cd474"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#85f9a56f-17a3-46e2-83ea-3c10345cd474"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#85f9a56f-17a3-46e2-83ea-3c10345cd474"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#85f9a56f-17a3-46e2-83ea-3c10345cd474"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#06675169-7b62-4db0-a1bf-6d8001bb55b0"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#06675169-7b62-4db0-a1bf-6d8001bb55b0"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#06675169-7b62-4db0-a1bf-6d8001bb55b0"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#06675169-7b62-4db0-a1bf-6d8001bb55b0"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#14352f67-e4d3-485a-ac71-9c27d310fee7"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#14352f67-e4d3-485a-ac71-9c27d310fee7"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#14352f67-e4d3-485a-ac71-9c27d310fee7"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#14352f67-e4d3-485a-ac71-9c27d310fee7"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#3f0e56f3-6fc9-411c-9230-668be07ab2b9"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#3f0e56f3-6fc9-411c-9230-668be07ab2b9"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#3f0e56f3-6fc9-411c-9230-668be07ab2b9"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#3f0e56f3-6fc9-411c-9230-668be07ab2b9"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#86695446-aa37-423b-8017-b6982c44c9e8"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#86695446-aa37-423b-8017-b6982c44c9e8"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#86695446-aa37-423b-8017-b6982c44c9e8"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#86695446-aa37-423b-8017-b6982c44c9e8"
        },
        {
          "ref": "urn:cdx:81487979-8292-4128-b1be-19c3deaa68ea/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:81487979-8292-4128-b1be-19c3deaa68ea/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:81487979-8292-4128-b1be-19c3deaa68ea/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:81487979-8292-4128-b1be-19c3deaa68ea/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#013bdf41-15f8-4f1e-aa06-1db5125f9108"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#013bdf41-15f8-4f1e-aa06-1db5125f9108"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#013bdf41-15f8-4f1e-aa06-1db5125f9108"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#013bdf41-15f8-4f1e-aa06-1db5125f9108"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#3f7583db-9dbb-4ed8-85b1-b4e161be5bb9"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#3f7583db-9dbb-4ed8-85b1-b4e161be5bb9"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#3f7583db-9dbb-4ed8-85b1-b4e161be5bb9"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#3f7583db-9dbb-4ed8-85b1-b4e161be5bb9"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#0216dbe4-5296-47cf-b676-233a32632e4b"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#0216dbe4-5296-47cf-b676-233a32632e4b"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#0216dbe4-5296-47cf-b676-233a32632e4b"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#0216dbe4-5296-47cf-b676-233a32632e4b"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#07a48415-52c4-49a5-878c-5c6d1546a0fc"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#07a48415-52c4-49a5-878c-5c6d1546a0fc"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#07a48415-52c4-49a5-878c-5c6d1546a0fc"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#07a48415-52c4-49a5-878c-5c6d1546a0fc"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#11a19200-2523-4fc5-a1b0-054cfa6a319a"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#11a19200-2523-4fc5-a1b0-054cfa6a319a"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#11a19200-2523-4fc5-a1b0-054cfa6a319a"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#11a19200-2523-4fc5-a1b0-054cfa6a319a"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#040e80d0-4c80-43f6-9a75-f023a4ba43c0"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#040e80d0-4c80-43f6-9a75-f023a4ba43c0"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#040e80d0-4c80-43f6-9a75-f023a4ba43c0"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#040e80d0-4c80-43f6-9a75-f023a4ba43c0"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#343818bc-518c-4992-9866-987e117f238e"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#343818bc-518c-4992-9866-987e117f238e"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#343818bc-518c-4992-9866-987e117f238e"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#343818bc-518c-4992-9866-987e117f238e"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#2a4f4228-1ba6-493d-9432-5ad99288e4c2"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#2a4f4228-1ba6-493d-9432-5ad99288e4c2"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#2a4f4228-1ba6-493d-9432-5ad99288e4c2"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#2a4f4228-1ba6-493d-9432-5ad99288e4c2"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#019615f8-71c9-48a5-8867-5e30ec424502"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#019615f8-71c9-48a5-8867-5e30ec424502"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#019615f8-71c9-48a5-8867-5e30ec424502"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#019615f8-71c9-48a5-8867-5e30ec424502"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#33f73744-5e1c-4679-8c47-d9b0b1ce5ea6"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#33f73744-5e1c-4679-8c47-d9b0b1ce5ea6"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#33f73744-5e1c-4679-8c47-d9b0b1ce5ea6"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#33f73744-5e1c-4679-8c47-d9b0b1ce5ea6"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#05526441-bc12-4bf2-b028-43e31b6ede98"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#05526441-bc12-4bf2-b028-43e31b6ede98"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#05526441-bc12-4bf2-b028-43e31b6ede98"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#05526441-bc12-4bf2-b028-43e31b6ede98"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#236cf401-7194-4015-9284-c9e8541a3c1f"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#236cf401-7194-4015-9284-c9e8541a3c1f"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#236cf401-7194-4015-9284-c9e8541a3c1f"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#236cf401-7194-4015-9284-c9e8541a3c1f"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#0a83600b-9ede-4fd2-8039-f7bf87316ae2"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#0a83600b-9ede-4fd2-8039-f7bf87316ae2"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#0a83600b-9ede-4fd2-8039-f7bf87316ae2"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#0a83600b-9ede-4fd2-8039-f7bf87316ae2"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#128875d4-4aed-44a0-95ad-230ea738c0e8"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#128875d4-4aed-44a0-95ad-230ea738c0e8"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#128875d4-4aed-44a0-95ad-230ea738c0e8"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#128875d4-4aed-44a0-95ad-230ea738c0e8"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#059e35c4-67e8-492f-a20c-24dce3f85154"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#059e35c4-67e8-492f-a20c-24dce3f85154"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#059e35c4-67e8-492f-a20c-24dce3f85154"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#059e35c4-67e8-492f-a20c-24dce3f85154"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-42583",
      "source": {
        "name": "ghsa",
        "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven"
      },
      "ratings": [
        {
          "source": {
            "name": "ghsa"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        }
      ],
      "cwes": [
        400,
        770
      ],
      "description": "Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Lz4FrameDecoder allocates a ByteBuf of size decompressedLength (up to 32 MB per block) before LZ4 runs. A peer only needs a 21-byte header plus compressedLength payload bytes - 22 bytes if compressedLength == 1 - to force that allocation. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.",
      "recommendation": "Upgrade io.netty:netty-codec to version 4.1.133.Final",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-42583"
        },
        {
          "url": "https://github.com/netty/netty"
        },
        {
          "url": "https://github.com/netty/netty/security/advisories/GHSA-mj4r-2hfc-f8p6"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42583"
        }
      ],
      "published": "2026-05-13T19:17:23+00:00",
      "updated": "2026-05-18T12:22:15+00:00",
      "affects": [
        {
          "ref": "pkg:maven/io.netty/netty-codec@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/io.netty/netty-codec@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/io.netty/netty-codec@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/io.netty/netty-codec@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/io.netty/netty-codec@4.1.132.Final",
          "versions": [
            {
              "version": "4.1.132.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#020e5108-7552-4475-b393-e5b342dd79f8"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#020e5108-7552-4475-b393-e5b342dd79f8"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#020e5108-7552-4475-b393-e5b342dd79f8"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#020e5108-7552-4475-b393-e5b342dd79f8"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#16b7410a-c86f-4f37-8a7b-d126a0963f5d"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#16b7410a-c86f-4f37-8a7b-d126a0963f5d"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#16b7410a-c86f-4f37-8a7b-d126a0963f5d"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#16b7410a-c86f-4f37-8a7b-d126a0963f5d"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#pkg:maven/io.netty/netty-codec@4.1.132.Final"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#76cdcf92-6516-4e8b-ae96-c97b3306cea6"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#76cdcf92-6516-4e8b-ae96-c97b3306cea6"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#76cdcf92-6516-4e8b-ae96-c97b3306cea6"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#76cdcf92-6516-4e8b-ae96-c97b3306cea6"
        },
        {
          "ref": "urn:cdx:79822606-80bb-4b4a-b189-2083c09a8497/1#pkg:maven/io.netty/netty-codec@4.1.132.Final"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#29e40de0-c4f1-4c34-b09e-2dec8109337b"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#29e40de0-c4f1-4c34-b09e-2dec8109337b"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#29e40de0-c4f1-4c34-b09e-2dec8109337b"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#29e40de0-c4f1-4c34-b09e-2dec8109337b"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-codec@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-codec@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-codec@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-codec@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:b3144944-978b-40c4-b130-dfbb479d3bd2/1#pkg:maven/io.netty/netty-codec@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:b3144944-978b-40c4-b130-dfbb479d3bd2/1#pkg:maven/io.netty/netty-codec@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:b3144944-978b-40c4-b130-dfbb479d3bd2/1#pkg:maven/io.netty/netty-codec@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:b3144944-978b-40c4-b130-dfbb479d3bd2/1#pkg:maven/io.netty/netty-codec@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#aac188e8-45ea-456d-9865-b436bcd80eb5"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#aac188e8-45ea-456d-9865-b436bcd80eb5"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#aac188e8-45ea-456d-9865-b436bcd80eb5"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#aac188e8-45ea-456d-9865-b436bcd80eb5"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#pkg:maven/io.netty/netty-codec@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#pkg:maven/io.netty/netty-codec@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#pkg:maven/io.netty/netty-codec@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#pkg:maven/io.netty/netty-codec@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-codec@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-codec@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-codec@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-codec@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#0b57fa9d-9ba3-4774-b144-983bb8caf695"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#0b57fa9d-9ba3-4774-b144-983bb8caf695"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#0b57fa9d-9ba3-4774-b144-983bb8caf695"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#0b57fa9d-9ba3-4774-b144-983bb8caf695"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-codec@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-codec@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-codec@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-codec@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#55f0f6c1-5225-4bad-89ef-c128b515a77a"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#55f0f6c1-5225-4bad-89ef-c128b515a77a"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#55f0f6c1-5225-4bad-89ef-c128b515a77a"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#55f0f6c1-5225-4bad-89ef-c128b515a77a"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#271a3bcb-fb11-4f11-9827-737a6e65f093"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#271a3bcb-fb11-4f11-9827-737a6e65f093"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#271a3bcb-fb11-4f11-9827-737a6e65f093"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#271a3bcb-fb11-4f11-9827-737a6e65f093"
        },
        {
          "ref": "urn:cdx:81487979-8292-4128-b1be-19c3deaa68ea/1#pkg:maven/io.netty/netty-codec@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:81487979-8292-4128-b1be-19c3deaa68ea/1#pkg:maven/io.netty/netty-codec@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:81487979-8292-4128-b1be-19c3deaa68ea/1#pkg:maven/io.netty/netty-codec@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:81487979-8292-4128-b1be-19c3deaa68ea/1#pkg:maven/io.netty/netty-codec@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:maven/io.netty/netty-codec@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:maven/io.netty/netty-codec@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:maven/io.netty/netty-codec@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:maven/io.netty/netty-codec@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:maven/io.netty/netty-codec@4.1.132.Final"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#5e52be71-e31b-4e84-9e65-7aac060adf15"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#5e52be71-e31b-4e84-9e65-7aac060adf15"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#5e52be71-e31b-4e84-9e65-7aac060adf15"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#5e52be71-e31b-4e84-9e65-7aac060adf15"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#53599282-a9ea-4fa2-8c2a-c587640afe67"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#53599282-a9ea-4fa2-8c2a-c587640afe67"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#53599282-a9ea-4fa2-8c2a-c587640afe67"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#53599282-a9ea-4fa2-8c2a-c587640afe67"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:maven/io.netty/netty-codec@4.1.132.Final"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#0e16317b-e42f-4fe7-b6fe-707884870664"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#0e16317b-e42f-4fe7-b6fe-707884870664"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#0e16317b-e42f-4fe7-b6fe-707884870664"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#0e16317b-e42f-4fe7-b6fe-707884870664"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#018181c5-d852-48e0-ac64-339c2b2c0145"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#018181c5-d852-48e0-ac64-339c2b2c0145"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#018181c5-d852-48e0-ac64-339c2b2c0145"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#018181c5-d852-48e0-ac64-339c2b2c0145"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:maven/io.netty/netty-codec@4.1.132.Final"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#88b95e2f-14eb-41be-b24f-be8a69382383"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#88b95e2f-14eb-41be-b24f-be8a69382383"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#88b95e2f-14eb-41be-b24f-be8a69382383"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#88b95e2f-14eb-41be-b24f-be8a69382383"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:maven/io.netty/netty-codec@4.1.132.Final"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#1a5f3671-836e-4d45-b891-65068faeb37d"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#1a5f3671-836e-4d45-b891-65068faeb37d"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#1a5f3671-836e-4d45-b891-65068faeb37d"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#1a5f3671-836e-4d45-b891-65068faeb37d"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:maven/io.netty/netty-codec@4.1.132.Final"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#4676d060-d178-4f36-991b-7bce796168e3"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#4676d060-d178-4f36-991b-7bce796168e3"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#4676d060-d178-4f36-991b-7bce796168e3"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#4676d060-d178-4f36-991b-7bce796168e3"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#00505d63-404e-4c8d-916a-21d62324af7f"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#00505d63-404e-4c8d-916a-21d62324af7f"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#00505d63-404e-4c8d-916a-21d62324af7f"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#00505d63-404e-4c8d-916a-21d62324af7f"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#481522ed-e931-4a5f-8b0f-8719bb2117c0"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#481522ed-e931-4a5f-8b0f-8719bb2117c0"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#481522ed-e931-4a5f-8b0f-8719bb2117c0"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#481522ed-e931-4a5f-8b0f-8719bb2117c0"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#3516a721-ef40-45f2-b373-04014b1edf21"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#3516a721-ef40-45f2-b373-04014b1edf21"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#3516a721-ef40-45f2-b373-04014b1edf21"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#3516a721-ef40-45f2-b373-04014b1edf21"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#1cfae8ea-ea18-47ea-a026-9aff593bd49c"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#1cfae8ea-ea18-47ea-a026-9aff593bd49c"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#1cfae8ea-ea18-47ea-a026-9aff593bd49c"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#1cfae8ea-ea18-47ea-a026-9aff593bd49c"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#28407922-40f9-462a-b405-be324368cccb"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#28407922-40f9-462a-b405-be324368cccb"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#28407922-40f9-462a-b405-be324368cccb"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#28407922-40f9-462a-b405-be324368cccb"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#04fd0050-1601-4aad-bdb3-3a5e57d18be2"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#04fd0050-1601-4aad-bdb3-3a5e57d18be2"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#04fd0050-1601-4aad-bdb3-3a5e57d18be2"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#04fd0050-1601-4aad-bdb3-3a5e57d18be2"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#22dab522-d166-4e95-a64c-fae73339c0dc"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#22dab522-d166-4e95-a64c-fae73339c0dc"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#22dab522-d166-4e95-a64c-fae73339c0dc"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#22dab522-d166-4e95-a64c-fae73339c0dc"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:maven/io.netty/netty-codec@4.1.132.Final"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#524a7131-876f-4eb2-b10b-5961fbe20fc6"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#524a7131-876f-4eb2-b10b-5961fbe20fc6"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#524a7131-876f-4eb2-b10b-5961fbe20fc6"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#524a7131-876f-4eb2-b10b-5961fbe20fc6"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-42584",
      "source": {
        "name": "ghsa",
        "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven"
      },
      "ratings": [
        {
          "source": {
            "name": "ghsa"
          },
          "score": 7.3,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 9.1,
          "severity": "critical",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 7.3,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        444
      ],
      "description": "Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpClientCodec pairs each inbound response with an outbound request by queue.poll() once per response, including for 1xx. If the client pipelines GET then HEAD and the server sends 103, then 200 with GET body, then 200 for HEAD, the queue pairs HEAD with the first 200. The HEAD rule then skips reading that message\u2019s body, so the GET entity bytes stay on the stream and the following 200 is parsed from the wrong offset. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.",
      "recommendation": "Upgrade io.netty:netty-codec-http to version 4.2.13.Final, 4.1.133.Final",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-42584"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-42584"
        },
        {
          "url": "https://github.com/netty/netty"
        },
        {
          "url": "https://github.com/netty/netty/security/advisories/GHSA-57rv-r2g8-2cj3"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42584"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8401-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42584"
        }
      ],
      "published": "2026-05-13T19:17:24+00:00",
      "updated": "2026-05-18T12:15:02+00:00",
      "affects": [
        {
          "ref": "pkg:maven/io.netty/netty-codec-http@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/io.netty/netty-codec-http@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/io.netty/netty-codec-http@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/io.netty/netty-codec-http@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#07fb334d-8d42-4e2e-8551-d7eedc2b1a5f"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#07fb334d-8d42-4e2e-8551-d7eedc2b1a5f"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#07fb334d-8d42-4e2e-8551-d7eedc2b1a5f"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#07fb334d-8d42-4e2e-8551-d7eedc2b1a5f"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#015a204e-09f7-4a9a-ba31-f2f4f96995c5"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#015a204e-09f7-4a9a-ba31-f2f4f96995c5"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#015a204e-09f7-4a9a-ba31-f2f4f96995c5"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#015a204e-09f7-4a9a-ba31-f2f4f96995c5"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#85f9a56f-17a3-46e2-83ea-3c10345cd474"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#85f9a56f-17a3-46e2-83ea-3c10345cd474"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#85f9a56f-17a3-46e2-83ea-3c10345cd474"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#85f9a56f-17a3-46e2-83ea-3c10345cd474"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#06675169-7b62-4db0-a1bf-6d8001bb55b0"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#06675169-7b62-4db0-a1bf-6d8001bb55b0"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#06675169-7b62-4db0-a1bf-6d8001bb55b0"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#06675169-7b62-4db0-a1bf-6d8001bb55b0"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#14352f67-e4d3-485a-ac71-9c27d310fee7"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#14352f67-e4d3-485a-ac71-9c27d310fee7"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#14352f67-e4d3-485a-ac71-9c27d310fee7"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#14352f67-e4d3-485a-ac71-9c27d310fee7"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#3f0e56f3-6fc9-411c-9230-668be07ab2b9"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#3f0e56f3-6fc9-411c-9230-668be07ab2b9"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#3f0e56f3-6fc9-411c-9230-668be07ab2b9"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#3f0e56f3-6fc9-411c-9230-668be07ab2b9"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#86695446-aa37-423b-8017-b6982c44c9e8"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#86695446-aa37-423b-8017-b6982c44c9e8"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#86695446-aa37-423b-8017-b6982c44c9e8"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#86695446-aa37-423b-8017-b6982c44c9e8"
        },
        {
          "ref": "urn:cdx:81487979-8292-4128-b1be-19c3deaa68ea/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:81487979-8292-4128-b1be-19c3deaa68ea/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:81487979-8292-4128-b1be-19c3deaa68ea/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:81487979-8292-4128-b1be-19c3deaa68ea/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#013bdf41-15f8-4f1e-aa06-1db5125f9108"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#013bdf41-15f8-4f1e-aa06-1db5125f9108"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#013bdf41-15f8-4f1e-aa06-1db5125f9108"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#013bdf41-15f8-4f1e-aa06-1db5125f9108"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#3f7583db-9dbb-4ed8-85b1-b4e161be5bb9"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#3f7583db-9dbb-4ed8-85b1-b4e161be5bb9"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#3f7583db-9dbb-4ed8-85b1-b4e161be5bb9"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#3f7583db-9dbb-4ed8-85b1-b4e161be5bb9"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#0216dbe4-5296-47cf-b676-233a32632e4b"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#0216dbe4-5296-47cf-b676-233a32632e4b"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#0216dbe4-5296-47cf-b676-233a32632e4b"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#0216dbe4-5296-47cf-b676-233a32632e4b"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#07a48415-52c4-49a5-878c-5c6d1546a0fc"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#07a48415-52c4-49a5-878c-5c6d1546a0fc"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#07a48415-52c4-49a5-878c-5c6d1546a0fc"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#07a48415-52c4-49a5-878c-5c6d1546a0fc"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#11a19200-2523-4fc5-a1b0-054cfa6a319a"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#11a19200-2523-4fc5-a1b0-054cfa6a319a"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#11a19200-2523-4fc5-a1b0-054cfa6a319a"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#11a19200-2523-4fc5-a1b0-054cfa6a319a"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#040e80d0-4c80-43f6-9a75-f023a4ba43c0"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#040e80d0-4c80-43f6-9a75-f023a4ba43c0"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#040e80d0-4c80-43f6-9a75-f023a4ba43c0"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#040e80d0-4c80-43f6-9a75-f023a4ba43c0"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#343818bc-518c-4992-9866-987e117f238e"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#343818bc-518c-4992-9866-987e117f238e"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#343818bc-518c-4992-9866-987e117f238e"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#343818bc-518c-4992-9866-987e117f238e"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#2a4f4228-1ba6-493d-9432-5ad99288e4c2"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#2a4f4228-1ba6-493d-9432-5ad99288e4c2"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#2a4f4228-1ba6-493d-9432-5ad99288e4c2"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#2a4f4228-1ba6-493d-9432-5ad99288e4c2"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#019615f8-71c9-48a5-8867-5e30ec424502"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#019615f8-71c9-48a5-8867-5e30ec424502"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#019615f8-71c9-48a5-8867-5e30ec424502"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#019615f8-71c9-48a5-8867-5e30ec424502"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#33f73744-5e1c-4679-8c47-d9b0b1ce5ea6"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#33f73744-5e1c-4679-8c47-d9b0b1ce5ea6"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#33f73744-5e1c-4679-8c47-d9b0b1ce5ea6"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#33f73744-5e1c-4679-8c47-d9b0b1ce5ea6"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#05526441-bc12-4bf2-b028-43e31b6ede98"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#05526441-bc12-4bf2-b028-43e31b6ede98"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#05526441-bc12-4bf2-b028-43e31b6ede98"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#05526441-bc12-4bf2-b028-43e31b6ede98"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#236cf401-7194-4015-9284-c9e8541a3c1f"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#236cf401-7194-4015-9284-c9e8541a3c1f"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#236cf401-7194-4015-9284-c9e8541a3c1f"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#236cf401-7194-4015-9284-c9e8541a3c1f"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#0a83600b-9ede-4fd2-8039-f7bf87316ae2"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#0a83600b-9ede-4fd2-8039-f7bf87316ae2"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#0a83600b-9ede-4fd2-8039-f7bf87316ae2"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#0a83600b-9ede-4fd2-8039-f7bf87316ae2"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#128875d4-4aed-44a0-95ad-230ea738c0e8"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#128875d4-4aed-44a0-95ad-230ea738c0e8"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#128875d4-4aed-44a0-95ad-230ea738c0e8"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#128875d4-4aed-44a0-95ad-230ea738c0e8"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#059e35c4-67e8-492f-a20c-24dce3f85154"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#059e35c4-67e8-492f-a20c-24dce3f85154"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#059e35c4-67e8-492f-a20c-24dce3f85154"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#059e35c4-67e8-492f-a20c-24dce3f85154"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-42585",
      "source": {
        "name": "ghsa",
        "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven"
      },
      "ratings": [
        {
          "source": {
            "name": "ghsa"
          },
          "score": 6.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 6.5,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        444
      ],
      "description": "Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty incorrectly parses malformed Transfer-Encoding, enabling request smuggling attacks. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.",
      "recommendation": "Upgrade io.netty:netty-codec-http to version 4.2.13.Final, 4.1.133.Final",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-42585"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-42585"
        },
        {
          "url": "https://datatracker.ietf.org/doc/html/rfc9112#name-message-body-length"
        },
        {
          "url": "https://github.com/netty/netty"
        },
        {
          "url": "https://github.com/netty/netty/security/advisories/GHSA-38f8-5428-x5cv"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42585"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8401-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42585"
        }
      ],
      "published": "2026-05-13T19:17:24+00:00",
      "updated": "2026-05-18T12:24:23+00:00",
      "affects": [
        {
          "ref": "pkg:maven/io.netty/netty-codec-http@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/io.netty/netty-codec-http@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/io.netty/netty-codec-http@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/io.netty/netty-codec-http@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#07fb334d-8d42-4e2e-8551-d7eedc2b1a5f"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#07fb334d-8d42-4e2e-8551-d7eedc2b1a5f"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#07fb334d-8d42-4e2e-8551-d7eedc2b1a5f"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#07fb334d-8d42-4e2e-8551-d7eedc2b1a5f"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#015a204e-09f7-4a9a-ba31-f2f4f96995c5"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#015a204e-09f7-4a9a-ba31-f2f4f96995c5"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#015a204e-09f7-4a9a-ba31-f2f4f96995c5"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#015a204e-09f7-4a9a-ba31-f2f4f96995c5"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#85f9a56f-17a3-46e2-83ea-3c10345cd474"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#85f9a56f-17a3-46e2-83ea-3c10345cd474"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#85f9a56f-17a3-46e2-83ea-3c10345cd474"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#85f9a56f-17a3-46e2-83ea-3c10345cd474"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#06675169-7b62-4db0-a1bf-6d8001bb55b0"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#06675169-7b62-4db0-a1bf-6d8001bb55b0"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#06675169-7b62-4db0-a1bf-6d8001bb55b0"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#06675169-7b62-4db0-a1bf-6d8001bb55b0"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#14352f67-e4d3-485a-ac71-9c27d310fee7"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#14352f67-e4d3-485a-ac71-9c27d310fee7"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#14352f67-e4d3-485a-ac71-9c27d310fee7"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#14352f67-e4d3-485a-ac71-9c27d310fee7"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#3f0e56f3-6fc9-411c-9230-668be07ab2b9"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#3f0e56f3-6fc9-411c-9230-668be07ab2b9"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#3f0e56f3-6fc9-411c-9230-668be07ab2b9"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#3f0e56f3-6fc9-411c-9230-668be07ab2b9"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#86695446-aa37-423b-8017-b6982c44c9e8"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#86695446-aa37-423b-8017-b6982c44c9e8"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#86695446-aa37-423b-8017-b6982c44c9e8"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#86695446-aa37-423b-8017-b6982c44c9e8"
        },
        {
          "ref": "urn:cdx:81487979-8292-4128-b1be-19c3deaa68ea/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:81487979-8292-4128-b1be-19c3deaa68ea/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:81487979-8292-4128-b1be-19c3deaa68ea/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:81487979-8292-4128-b1be-19c3deaa68ea/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#013bdf41-15f8-4f1e-aa06-1db5125f9108"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#013bdf41-15f8-4f1e-aa06-1db5125f9108"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#013bdf41-15f8-4f1e-aa06-1db5125f9108"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#013bdf41-15f8-4f1e-aa06-1db5125f9108"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#3f7583db-9dbb-4ed8-85b1-b4e161be5bb9"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#3f7583db-9dbb-4ed8-85b1-b4e161be5bb9"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#3f7583db-9dbb-4ed8-85b1-b4e161be5bb9"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#3f7583db-9dbb-4ed8-85b1-b4e161be5bb9"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#0216dbe4-5296-47cf-b676-233a32632e4b"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#0216dbe4-5296-47cf-b676-233a32632e4b"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#0216dbe4-5296-47cf-b676-233a32632e4b"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#0216dbe4-5296-47cf-b676-233a32632e4b"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#07a48415-52c4-49a5-878c-5c6d1546a0fc"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#07a48415-52c4-49a5-878c-5c6d1546a0fc"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#07a48415-52c4-49a5-878c-5c6d1546a0fc"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#07a48415-52c4-49a5-878c-5c6d1546a0fc"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#11a19200-2523-4fc5-a1b0-054cfa6a319a"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#11a19200-2523-4fc5-a1b0-054cfa6a319a"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#11a19200-2523-4fc5-a1b0-054cfa6a319a"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#11a19200-2523-4fc5-a1b0-054cfa6a319a"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#040e80d0-4c80-43f6-9a75-f023a4ba43c0"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#040e80d0-4c80-43f6-9a75-f023a4ba43c0"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#040e80d0-4c80-43f6-9a75-f023a4ba43c0"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#040e80d0-4c80-43f6-9a75-f023a4ba43c0"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#343818bc-518c-4992-9866-987e117f238e"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#343818bc-518c-4992-9866-987e117f238e"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#343818bc-518c-4992-9866-987e117f238e"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#343818bc-518c-4992-9866-987e117f238e"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#2a4f4228-1ba6-493d-9432-5ad99288e4c2"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#2a4f4228-1ba6-493d-9432-5ad99288e4c2"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#2a4f4228-1ba6-493d-9432-5ad99288e4c2"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#2a4f4228-1ba6-493d-9432-5ad99288e4c2"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#019615f8-71c9-48a5-8867-5e30ec424502"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#019615f8-71c9-48a5-8867-5e30ec424502"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#019615f8-71c9-48a5-8867-5e30ec424502"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#019615f8-71c9-48a5-8867-5e30ec424502"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#33f73744-5e1c-4679-8c47-d9b0b1ce5ea6"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#33f73744-5e1c-4679-8c47-d9b0b1ce5ea6"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#33f73744-5e1c-4679-8c47-d9b0b1ce5ea6"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#33f73744-5e1c-4679-8c47-d9b0b1ce5ea6"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#05526441-bc12-4bf2-b028-43e31b6ede98"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#05526441-bc12-4bf2-b028-43e31b6ede98"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#05526441-bc12-4bf2-b028-43e31b6ede98"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#05526441-bc12-4bf2-b028-43e31b6ede98"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#236cf401-7194-4015-9284-c9e8541a3c1f"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#236cf401-7194-4015-9284-c9e8541a3c1f"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#236cf401-7194-4015-9284-c9e8541a3c1f"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#236cf401-7194-4015-9284-c9e8541a3c1f"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#0a83600b-9ede-4fd2-8039-f7bf87316ae2"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#0a83600b-9ede-4fd2-8039-f7bf87316ae2"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#0a83600b-9ede-4fd2-8039-f7bf87316ae2"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#0a83600b-9ede-4fd2-8039-f7bf87316ae2"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#128875d4-4aed-44a0-95ad-230ea738c0e8"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#128875d4-4aed-44a0-95ad-230ea738c0e8"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#128875d4-4aed-44a0-95ad-230ea738c0e8"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#128875d4-4aed-44a0-95ad-230ea738c0e8"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#059e35c4-67e8-492f-a20c-24dce3f85154"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#059e35c4-67e8-492f-a20c-24dce3f85154"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#059e35c4-67e8-492f-a20c-24dce3f85154"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#059e35c4-67e8-492f-a20c-24dce3f85154"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-42586",
      "source": {
        "name": "ghsa",
        "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven"
      },
      "ratings": [
        {
          "source": {
            "name": "ghsa"
          },
          "score": 6.8,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 7.1,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 6.8,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N"
        },
        {
          "source": {
            "name": "ubuntu"
          },
          "severity": "medium"
        }
      ],
      "cwes": [
        93
      ],
      "description": "Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, the Netty Redis codec encoder (RedisEncoder) writes user-controlled string content directly to the network output buffer without validating or sanitizing CRLF (\\r\\n) characters. Since the Redis Serialization Protocol (RESP) uses CRLF as the command/response delimiter, an attacker who can control the content of a Redis message can inject arbitrary Redis commands or forge fake responses. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.",
      "recommendation": "Upgrade io.netty:netty-codec-redis to version 4.2.13.Final, 4.1.133.Final",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-42586"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-42586"
        },
        {
          "url": "https://github.com/netty/netty"
        },
        {
          "url": "https://github.com/netty/netty/security/advisories/GHSA-84h7-rjj3-6jx4"
        },
        {
          "url": "https://github.com/netty/netty/security/advisories/GHSA-jq43-27x9-3v86"
        },
        {
          "url": "https://github.com/netty/netty/security/advisories/GHSA-rgrr-p7gp-5xj7"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42586"
        },
        {
          "url": "https://redis.io/docs/reference/protocol-spec"
        },
        {
          "url": "https://ubuntu.com/security/notices/USN-8401-1"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42586"
        }
      ],
      "published": "2026-05-13T19:17:24+00:00",
      "updated": "2026-05-18T18:02:43+00:00",
      "affects": [
        {
          "ref": "pkg:maven/io.netty/netty-codec-redis@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/io.netty/netty-codec-redis@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#19e02f82-a33b-400a-a78f-7a42d39c7333"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#19e02f82-a33b-400a-a78f-7a42d39c7333"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#3954e0d1-a6be-4588-95ad-2b267e71a04c"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#3954e0d1-a6be-4588-95ad-2b267e71a04c"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#7179412b-3b12-47d1-8148-a14e6c483225"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#7179412b-3b12-47d1-8148-a14e6c483225"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-codec-redis@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-codec-redis@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-codec-redis@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-codec-redis@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-codec-redis@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-codec-redis@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#pkg:maven/io.netty/netty-codec-redis@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#pkg:maven/io.netty/netty-codec-redis@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#pkg:maven/io.netty/netty-codec-redis@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#pkg:maven/io.netty/netty-codec-redis@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#06b85f66-aad4-4f82-b7b8-39fa3403c7d1"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#06b85f66-aad4-4f82-b7b8-39fa3403c7d1"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:maven/io.netty/netty-codec-redis@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:maven/io.netty/netty-codec-redis@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#007951e5-9396-4839-b490-6b6e495895b4"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#007951e5-9396-4839-b490-6b6e495895b4"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#255a27f1-5c7b-4425-9a92-51f7f8defcf5"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#255a27f1-5c7b-4425-9a92-51f7f8defcf5"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#52d0ef1b-8479-4901-a80b-0c9c812a13a8"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#52d0ef1b-8479-4901-a80b-0c9c812a13a8"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#0ab543c9-23d1-4878-90cf-17c32e4c1aae"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#0ab543c9-23d1-4878-90cf-17c32e4c1aae"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:maven/io.netty/netty-codec-redis@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:maven/io.netty/netty-codec-redis@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#0b7049ec-5406-4518-b3ac-01368f81b20f"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#0b7049ec-5406-4518-b3ac-01368f81b20f"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#7acd6596-2603-4e4c-bd5e-bca08c2e7d54"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#7acd6596-2603-4e4c-bd5e-bca08c2e7d54"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#1bfb2e1a-bfaf-4b02-a33f-2d278b659de2"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#1bfb2e1a-bfaf-4b02-a33f-2d278b659de2"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#23b98e4d-8de0-49f4-b513-9cb5a9081b6e"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#23b98e4d-8de0-49f4-b513-9cb5a9081b6e"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#06b153fd-9692-48db-8624-5e2e661cdad7"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#06b153fd-9692-48db-8624-5e2e661cdad7"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#394d7b5d-beb8-4347-81d3-15ee67a80587"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#394d7b5d-beb8-4347-81d3-15ee67a80587"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#6501deda-791f-4f7d-811d-1a522ba6cba5"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#6501deda-791f-4f7d-811d-1a522ba6cba5"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-42587",
      "source": {
        "name": "ghsa",
        "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven"
      },
      "ratings": [
        {
          "source": {
            "name": "ghsa"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        }
      ],
      "cwes": [
        400
      ],
      "description": "Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpContentDecompressor accepts a maxAllocation parameter to limit decompression buffer size and prevent decompression bomb attacks. This limit is correctly enforced for gzip and deflate encodings via ZlibDecoder, but is silently ignored when the content encoding is br (Brotli), zstd, or snappy. An attacker can bypass the configured decompression limit by sending a compressed payload with Content-Encoding: br instead of Content-Encoding: gzip, causing unbounded memory allocation and out-of-memory denial of service. The same vulnerability exists in DelegatingDecompressorFrameListener for HTTP/2 connections. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.",
      "recommendation": "Upgrade io.netty:netty-codec-http to version 4.2.13.Final, 4.1.133.Final; Upgrade io.netty:netty-codec-http2 to version 4.2.13.Final, 4.1.133.Final",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-42587"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-42587"
        },
        {
          "url": "https://github.com/netty/netty"
        },
        {
          "url": "https://github.com/netty/netty/security/advisories/GHSA-f6hv-jmp6-3vwv"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42587"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42587"
        }
      ],
      "published": "2026-05-13T19:17:24+00:00",
      "updated": "2026-05-18T12:20:06+00:00",
      "affects": [
        {
          "ref": "pkg:maven/io.netty/netty-codec-http@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/io.netty/netty-codec-http@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/io.netty/netty-codec-http@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/io.netty/netty-codec-http@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#07fb334d-8d42-4e2e-8551-d7eedc2b1a5f"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#07fb334d-8d42-4e2e-8551-d7eedc2b1a5f"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#07fb334d-8d42-4e2e-8551-d7eedc2b1a5f"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#08eba2d0-aae6-47ba-836d-7955f93b19bf"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#08eba2d0-aae6-47ba-836d-7955f93b19bf"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#07fb334d-8d42-4e2e-8551-d7eedc2b1a5f"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#015a204e-09f7-4a9a-ba31-f2f4f96995c5"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#015a204e-09f7-4a9a-ba31-f2f4f96995c5"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#015a204e-09f7-4a9a-ba31-f2f4f96995c5"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#015a204e-09f7-4a9a-ba31-f2f4f96995c5"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#85f9a56f-17a3-46e2-83ea-3c10345cd474"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#85f9a56f-17a3-46e2-83ea-3c10345cd474"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#85f9a56f-17a3-46e2-83ea-3c10345cd474"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#11be54c0-fc3a-4fdc-90e9-4f23af49b73e"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#11be54c0-fc3a-4fdc-90e9-4f23af49b73e"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#85f9a56f-17a3-46e2-83ea-3c10345cd474"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#06675169-7b62-4db0-a1bf-6d8001bb55b0"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#06675169-7b62-4db0-a1bf-6d8001bb55b0"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#06675169-7b62-4db0-a1bf-6d8001bb55b0"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#3574b7ee-6c84-48d3-8096-a3e4c1096384"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#3574b7ee-6c84-48d3-8096-a3e4c1096384"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#06675169-7b62-4db0-a1bf-6d8001bb55b0"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#14352f67-e4d3-485a-ac71-9c27d310fee7"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#14352f67-e4d3-485a-ac71-9c27d310fee7"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#14352f67-e4d3-485a-ac71-9c27d310fee7"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#14352f67-e4d3-485a-ac71-9c27d310fee7"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#3f0e56f3-6fc9-411c-9230-668be07ab2b9"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#3f0e56f3-6fc9-411c-9230-668be07ab2b9"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#3f0e56f3-6fc9-411c-9230-668be07ab2b9"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#3f0e56f3-6fc9-411c-9230-668be07ab2b9"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#86695446-aa37-423b-8017-b6982c44c9e8"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#86695446-aa37-423b-8017-b6982c44c9e8"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#86695446-aa37-423b-8017-b6982c44c9e8"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#86695446-aa37-423b-8017-b6982c44c9e8"
        },
        {
          "ref": "urn:cdx:81487979-8292-4128-b1be-19c3deaa68ea/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:81487979-8292-4128-b1be-19c3deaa68ea/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:81487979-8292-4128-b1be-19c3deaa68ea/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:81487979-8292-4128-b1be-19c3deaa68ea/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#013bdf41-15f8-4f1e-aa06-1db5125f9108"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#013bdf41-15f8-4f1e-aa06-1db5125f9108"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#013bdf41-15f8-4f1e-aa06-1db5125f9108"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#6198a049-3ef0-45cb-9527-93c725ffe2dd"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#6198a049-3ef0-45cb-9527-93c725ffe2dd"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#013bdf41-15f8-4f1e-aa06-1db5125f9108"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#3f7583db-9dbb-4ed8-85b1-b4e161be5bb9"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#3f7583db-9dbb-4ed8-85b1-b4e161be5bb9"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#3f7583db-9dbb-4ed8-85b1-b4e161be5bb9"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#3f7583db-9dbb-4ed8-85b1-b4e161be5bb9"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#0216dbe4-5296-47cf-b676-233a32632e4b"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#0216dbe4-5296-47cf-b676-233a32632e4b"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#0216dbe4-5296-47cf-b676-233a32632e4b"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#41831416-4600-4935-aee3-85dda742a4f6"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#41831416-4600-4935-aee3-85dda742a4f6"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#0216dbe4-5296-47cf-b676-233a32632e4b"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#07a48415-52c4-49a5-878c-5c6d1546a0fc"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#07a48415-52c4-49a5-878c-5c6d1546a0fc"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#07a48415-52c4-49a5-878c-5c6d1546a0fc"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#0175589c-f266-4c58-a669-b8b78b8e4d4d"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#0175589c-f266-4c58-a669-b8b78b8e4d4d"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#07a48415-52c4-49a5-878c-5c6d1546a0fc"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#11a19200-2523-4fc5-a1b0-054cfa6a319a"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#11a19200-2523-4fc5-a1b0-054cfa6a319a"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#11a19200-2523-4fc5-a1b0-054cfa6a319a"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#2217680e-2dbb-40be-9aa7-b00d252b762d"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#2217680e-2dbb-40be-9aa7-b00d252b762d"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#11a19200-2523-4fc5-a1b0-054cfa6a319a"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#040e80d0-4c80-43f6-9a75-f023a4ba43c0"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#040e80d0-4c80-43f6-9a75-f023a4ba43c0"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#040e80d0-4c80-43f6-9a75-f023a4ba43c0"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#09ef7d54-1c35-422e-9a41-07084d7a94d1"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#09ef7d54-1c35-422e-9a41-07084d7a94d1"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#040e80d0-4c80-43f6-9a75-f023a4ba43c0"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#343818bc-518c-4992-9866-987e117f238e"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#343818bc-518c-4992-9866-987e117f238e"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#343818bc-518c-4992-9866-987e117f238e"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#343818bc-518c-4992-9866-987e117f238e"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#2a4f4228-1ba6-493d-9432-5ad99288e4c2"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#2a4f4228-1ba6-493d-9432-5ad99288e4c2"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#2a4f4228-1ba6-493d-9432-5ad99288e4c2"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#38e8fef7-95e9-4a8f-b600-a2358c0f945d"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#38e8fef7-95e9-4a8f-b600-a2358c0f945d"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#2a4f4228-1ba6-493d-9432-5ad99288e4c2"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#019615f8-71c9-48a5-8867-5e30ec424502"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#019615f8-71c9-48a5-8867-5e30ec424502"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#019615f8-71c9-48a5-8867-5e30ec424502"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#019615f8-71c9-48a5-8867-5e30ec424502"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#33f73744-5e1c-4679-8c47-d9b0b1ce5ea6"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#33f73744-5e1c-4679-8c47-d9b0b1ce5ea6"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#33f73744-5e1c-4679-8c47-d9b0b1ce5ea6"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#4df4d70b-85a8-49a2-9ce6-bcda9a7cd517"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#4df4d70b-85a8-49a2-9ce6-bcda9a7cd517"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#33f73744-5e1c-4679-8c47-d9b0b1ce5ea6"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#05526441-bc12-4bf2-b028-43e31b6ede98"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#05526441-bc12-4bf2-b028-43e31b6ede98"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#05526441-bc12-4bf2-b028-43e31b6ede98"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#076d908a-559a-49ac-a6cc-562452bc7f24"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#076d908a-559a-49ac-a6cc-562452bc7f24"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#05526441-bc12-4bf2-b028-43e31b6ede98"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#236cf401-7194-4015-9284-c9e8541a3c1f"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#236cf401-7194-4015-9284-c9e8541a3c1f"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#236cf401-7194-4015-9284-c9e8541a3c1f"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#1f3c2294-3455-410a-81bb-f01a20cf3a00"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#1f3c2294-3455-410a-81bb-f01a20cf3a00"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#236cf401-7194-4015-9284-c9e8541a3c1f"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#0a83600b-9ede-4fd2-8039-f7bf87316ae2"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#0a83600b-9ede-4fd2-8039-f7bf87316ae2"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#0a83600b-9ede-4fd2-8039-f7bf87316ae2"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#1b86bdf3-cf10-44eb-93c7-ebc49f5a1638"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#1b86bdf3-cf10-44eb-93c7-ebc49f5a1638"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#0a83600b-9ede-4fd2-8039-f7bf87316ae2"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#128875d4-4aed-44a0-95ad-230ea738c0e8"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#128875d4-4aed-44a0-95ad-230ea738c0e8"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#128875d4-4aed-44a0-95ad-230ea738c0e8"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#047b063c-8542-41ef-96d7-8c44a48f3048"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#047b063c-8542-41ef-96d7-8c44a48f3048"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#128875d4-4aed-44a0-95ad-230ea738c0e8"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#059e35c4-67e8-492f-a20c-24dce3f85154"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#059e35c4-67e8-492f-a20c-24dce3f85154"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#059e35c4-67e8-492f-a20c-24dce3f85154"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#460774ee-0233-4bd2-b70e-104fe72b8cb4"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#460774ee-0233-4bd2-b70e-104fe72b8cb4"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#059e35c4-67e8-492f-a20c-24dce3f85154"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-42778",
      "source": {
        "name": "ghsa",
        "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven"
      },
      "ratings": [
        {
          "source": {
            "name": "ghsa"
          },
          "score": 9.8,
          "severity": "critical",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 9.8,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "cwes": [
        502
      ],
      "description": "The fix for CVE-2026-41409 was not applied to the 2.1.X and 2.2.X branches. Here was the original issue description:\n\n\n\n\nThe fix for CVE-2024-52046 in Apache MINA AbstractIoBuffer.getObject() was incomplete. The classname allowlist of classes allowed to be deserialized was applied too late after a static initializer in a class to be read might already have been executed.\n\n\n\n\nAffected versions are Apache MINA 2.1.0 <= 2.1.11, and 2.2.0 <= 2.2.6.\n\n\n\n\nThe problem is resolved in Apache MINA 2.1.12, and 2.2.7 by \napplying the classname allowlist earlier.\n\n\n\n\nAffected are applications using Apache MINA that call IoBuffer.getObject().\n\n\n\n\nApplications using Apache MINA are advised to upgrade\n\n\n\n\n\n\nThe fix for CVE-2024-52046 in Apache MINA AbstractIoBuffer.getObject() was incomplete. The classname allowlist of classes allowed to be deserialized was applied too late after a static initializer in a class to be read might already have been executed.\n\n\n\n\nAffected versions are Apache MINA 2.1.0 <= 2.1.110, and 2.2.0 <= 2.2.6.\n\n\n\n\nThe problem is resolved in Apache MINA 2.1.12, and 2.2.7 by \napplying the classname allowlist earlier.\n\n\n\n\nAffected are applications using Apache MINA that call IoBuffer.getObject().\n\n\n\n\nApplications using Apache MINA are advised to upgrade",
      "recommendation": "Upgrade org.apache.mina:mina-core to version 2.1.12, 2.2.7",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-42778"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-42778"
        },
        {
          "url": "https://github.com/advisories/GHSA-76h9-2vwh-w278"
        },
        {
          "url": "https://github.com/advisories/GHSA-f2wh-grmh-r6jm"
        },
        {
          "url": "https://github.com/apache/mina"
        },
        {
          "url": "https://lists.apache.org/thread/fhlx5k91hrkgyzh7yk1nghrn3k27gxy0"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42778"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42778"
        }
      ],
      "published": "2026-05-01T11:16:19+00:00",
      "updated": "2026-05-01T17:55:49+00:00",
      "affects": [
        {
          "ref": "pkg:maven/org.apache.mina/mina-core@2.2.4",
          "versions": [
            {
              "version": "2.2.4",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/org.apache.mina/mina-core@2.2.4",
          "versions": [
            {
              "version": "2.2.4",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#cab07822-2af8-4c7d-a354-5f1cdd8941c0"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#cab07822-2af8-4c7d-a354-5f1cdd8941c0"
        },
        {
          "ref": "urn:cdx:1e0f3387-30a4-4592-94af-04ef480a8a27/1#pkg:maven/org.apache.mina/mina-core@2.2.4"
        },
        {
          "ref": "urn:cdx:1e0f3387-30a4-4592-94af-04ef480a8a27/1#pkg:maven/org.apache.mina/mina-core@2.2.4"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#pkg:maven/org.apache.mina/mina-core@2.2.4"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#pkg:maven/org.apache.mina/mina-core@2.2.4"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#pkg:maven/org.apache.mina/mina-core@2.2.4"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#pkg:maven/org.apache.mina/mina-core@2.2.4"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#355c8d39-261f-41c4-b4ec-51cf71103a0a"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#355c8d39-261f-41c4-b4ec-51cf71103a0a"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#pkg:maven/org.apache.mina/mina-core@2.2.4"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#pkg:maven/org.apache.mina/mina-core@2.2.4"
        },
        {
          "ref": "urn:cdx:4054bf22-6d54-48d8-bc9f-84b7b1397c4c/1#pkg:maven/org.apache.mina/mina-core@2.2.4"
        },
        {
          "ref": "urn:cdx:4054bf22-6d54-48d8-bc9f-84b7b1397c4c/1#pkg:maven/org.apache.mina/mina-core@2.2.4"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/org.apache.mina/mina-core@2.2.4"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/org.apache.mina/mina-core@2.2.4"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#17d8bd62-7f5f-49a1-b38a-df69aa8c2a71"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#17d8bd62-7f5f-49a1-b38a-df69aa8c2a71"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:maven/org.apache.mina/mina-core@2.2.4"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:maven/org.apache.mina/mina-core@2.2.4"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#5bcbb3ee-bd3e-4e80-be6f-27de11e0c797"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#5bcbb3ee-bd3e-4e80-be6f-27de11e0c797"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#5ad0136f-502c-41bb-af4a-e96fa536f3ca"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#5ad0136f-502c-41bb-af4a-e96fa536f3ca"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#002ea9ff-91a3-42f0-a5dc-65bd7f8a588b"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#002ea9ff-91a3-42f0-a5dc-65bd7f8a588b"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#00c4fda8-c10b-4298-aa26-1ffa9a6f3856"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#00c4fda8-c10b-4298-aa26-1ffa9a6f3856"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#55de3ce8-b994-41a4-8324-a1e20f62f176"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#55de3ce8-b994-41a4-8324-a1e20f62f176"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#41a45fe0-c3bb-49e2-9bd7-7541f0f9e9e3"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#41a45fe0-c3bb-49e2-9bd7-7541f0f9e9e3"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:maven/org.apache.mina/mina-core@2.2.4"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:maven/org.apache.mina/mina-core@2.2.4"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#1eea5c3f-c2eb-4e13-813d-3c76bb5af3af"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#1eea5c3f-c2eb-4e13-813d-3c76bb5af3af"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#400e064d-209c-4336-a09b-da1fce2671d3"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#400e064d-209c-4336-a09b-da1fce2671d3"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#0151c791-ea8e-4043-8b35-773c4216a03b"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#0151c791-ea8e-4043-8b35-773c4216a03b"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#0c636908-87f5-4b4a-895a-d31103fee46b"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#0c636908-87f5-4b4a-895a-d31103fee46b"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#0a5728a2-9518-468e-bfb6-473564b72615"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#0a5728a2-9518-468e-bfb6-473564b72615"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#382629c8-c0cb-4731-bfc0-82ed00b109b9"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#382629c8-c0cb-4731-bfc0-82ed00b109b9"
        }
      ],
      "analysis": {
        "state": "in_triage",
        "justification": "",
        "response": [],
        "detail": "This CVE is under investigation by Confluent."
      }
    },
    {
      "id": "CVE-2026-42779",
      "source": {
        "name": "ghsa",
        "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven"
      },
      "ratings": [
        {
          "source": {
            "name": "ghsa"
          },
          "score": 9.8,
          "severity": "critical",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 9.8,
          "severity": "low",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "cwes": [
        502
      ],
      "description": "The fix for CVE-2026-41635 was not applied to the 2.1.X and 2.2.X branches. Here was the original issue description:\n\n\n\n\n\n\n\n\n\n\n\nApache MINA's AbstractIoBuffer.resolveClass() contains two branches, one of them (for static classes or primitive types) does not check the class at all, bypassing the classname allowlist and allowing arbitrary code to be executed.\n\n\n\n\nThe fix checks if the class is present in the accepted class filter before calling Class.forName(). \n\n\n\n\n\n\nAffected versions are Apache MINA 2.1.0 <= 2.1.11, and 2.2.0 <= 2.2.6.\n\n\n\n\n\nThe problem is resolved in Apache MINA 2.1.12, and 2.2.7 by \napplying the classname allowlist earlier.\n\n\n\n\n\nAffected are applications using Apache MINA that call  IoBuffer.getObject().\n\n\n\n\n\nApplications using Apache MINA are advised to upgrade.",
      "recommendation": "Upgrade org.apache.mina:mina-core to version 2.1.12, 2.2.7",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-42779"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-42779"
        },
        {
          "url": "https://github.com/advisories/GHSA-8297-v2rf-2p32"
        },
        {
          "url": "https://github.com/apache/mina"
        },
        {
          "url": "https://lists.apache.org/thread/fhlx5k91hrkgyzh7yk1nghrn3k27gxy0"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42779"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42779"
        }
      ],
      "published": "2026-05-01T11:16:19+00:00",
      "updated": "2026-05-01T17:55:28+00:00",
      "affects": [
        {
          "ref": "pkg:maven/org.apache.mina/mina-core@2.2.4",
          "versions": [
            {
              "version": "2.2.4",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/org.apache.mina/mina-core@2.2.4",
          "versions": [
            {
              "version": "2.2.4",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#cab07822-2af8-4c7d-a354-5f1cdd8941c0"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#cab07822-2af8-4c7d-a354-5f1cdd8941c0"
        },
        {
          "ref": "urn:cdx:1e0f3387-30a4-4592-94af-04ef480a8a27/1#pkg:maven/org.apache.mina/mina-core@2.2.4"
        },
        {
          "ref": "urn:cdx:1e0f3387-30a4-4592-94af-04ef480a8a27/1#pkg:maven/org.apache.mina/mina-core@2.2.4"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#pkg:maven/org.apache.mina/mina-core@2.2.4"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#pkg:maven/org.apache.mina/mina-core@2.2.4"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#pkg:maven/org.apache.mina/mina-core@2.2.4"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#pkg:maven/org.apache.mina/mina-core@2.2.4"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#355c8d39-261f-41c4-b4ec-51cf71103a0a"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#355c8d39-261f-41c4-b4ec-51cf71103a0a"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#pkg:maven/org.apache.mina/mina-core@2.2.4"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#pkg:maven/org.apache.mina/mina-core@2.2.4"
        },
        {
          "ref": "urn:cdx:4054bf22-6d54-48d8-bc9f-84b7b1397c4c/1#pkg:maven/org.apache.mina/mina-core@2.2.4"
        },
        {
          "ref": "urn:cdx:4054bf22-6d54-48d8-bc9f-84b7b1397c4c/1#pkg:maven/org.apache.mina/mina-core@2.2.4"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/org.apache.mina/mina-core@2.2.4"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/org.apache.mina/mina-core@2.2.4"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#17d8bd62-7f5f-49a1-b38a-df69aa8c2a71"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#17d8bd62-7f5f-49a1-b38a-df69aa8c2a71"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:maven/org.apache.mina/mina-core@2.2.4"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:maven/org.apache.mina/mina-core@2.2.4"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#5bcbb3ee-bd3e-4e80-be6f-27de11e0c797"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#5bcbb3ee-bd3e-4e80-be6f-27de11e0c797"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#5ad0136f-502c-41bb-af4a-e96fa536f3ca"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#5ad0136f-502c-41bb-af4a-e96fa536f3ca"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#002ea9ff-91a3-42f0-a5dc-65bd7f8a588b"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#002ea9ff-91a3-42f0-a5dc-65bd7f8a588b"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#00c4fda8-c10b-4298-aa26-1ffa9a6f3856"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#00c4fda8-c10b-4298-aa26-1ffa9a6f3856"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#55de3ce8-b994-41a4-8324-a1e20f62f176"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#55de3ce8-b994-41a4-8324-a1e20f62f176"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#41a45fe0-c3bb-49e2-9bd7-7541f0f9e9e3"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#41a45fe0-c3bb-49e2-9bd7-7541f0f9e9e3"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:maven/org.apache.mina/mina-core@2.2.4"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:maven/org.apache.mina/mina-core@2.2.4"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#1eea5c3f-c2eb-4e13-813d-3c76bb5af3af"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#1eea5c3f-c2eb-4e13-813d-3c76bb5af3af"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#400e064d-209c-4336-a09b-da1fce2671d3"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#400e064d-209c-4336-a09b-da1fce2671d3"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#0151c791-ea8e-4043-8b35-773c4216a03b"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#0151c791-ea8e-4043-8b35-773c4216a03b"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#0c636908-87f5-4b4a-895a-d31103fee46b"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#0c636908-87f5-4b4a-895a-d31103fee46b"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#0a5728a2-9518-468e-bfb6-473564b72615"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#0a5728a2-9518-468e-bfb6-473564b72615"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#382629c8-c0cb-4731-bfc0-82ed00b109b9"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#382629c8-c0cb-4731-bfc0-82ed00b109b9"
        }
      ],
      "analysis": {
        "state": "in_triage",
        "justification": "",
        "response": [],
        "detail": "This CVE is under investigation by Confluent."
      }
    },
    {
      "id": "CVE-2026-44248",
      "source": {
        "name": "ghsa",
        "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven"
      },
      "ratings": [
        {
          "source": {
            "name": "ghsa"
          },
          "score": 5.3,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        }
      ],
      "cwes": [
        400
      ],
      "description": "Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, the MQTT 5 header Properties section is parsed and buffered before any message size limit is applied. Specifically, in MqttDecoder, the decodeVariableHeader() method is called before the bytesRemainingBeforeVariableHeader > maxBytesInMessage check. The decodeVariableHeader() can call other methods which will call decodeProperties(). Effectively, Netty does not apply any limits to the size of the properties being decoded. Additionally, because MqttDecoder extends ReplayingDecoder, Netty will repeatedly re-parse the enormous Properties sections and buffer the bytes in memory, until the entire thing parses to completion. This can cause high resource usage in both CPU and memory. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.",
      "recommendation": "Upgrade io.netty:netty-codec-mqtt to version 4.2.13.Final, 4.1.133.Final",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-44248"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-44248"
        },
        {
          "url": "https://docs.oasis-open.org/mqtt/mqtt/v5.0/os/mqtt-v5.0-os.html#_Toc3901027"
        },
        {
          "url": "https://github.com/netty/netty"
        },
        {
          "url": "https://github.com/netty/netty/security/advisories/GHSA-jfg9-48mv-9qgx"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44248"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44248"
        }
      ],
      "published": "2026-05-13T19:17:27+00:00",
      "updated": "2026-05-18T12:15:48+00:00",
      "affects": [
        {
          "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#02a34eb6-eaa0-4039-9d65-4ee5fdd634cc"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#02a34eb6-eaa0-4039-9d65-4ee5fdd634cc"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#6d248f4f-7be7-4785-a07a-cc7022195000"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#6d248f4f-7be7-4785-a07a-cc7022195000"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#18652b6d-a6d6-48a0-9682-1b9bdcf035fb"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#18652b6d-a6d6-48a0-9682-1b9bdcf035fb"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-codec-mqtt@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-codec-mqtt@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-codec-mqtt@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-codec-mqtt@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-codec-mqtt@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-codec-mqtt@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#pkg:maven/io.netty/netty-codec-mqtt@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#pkg:maven/io.netty/netty-codec-mqtt@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#pkg:maven/io.netty/netty-codec-mqtt@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#pkg:maven/io.netty/netty-codec-mqtt@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#4a0b75c5-85f2-4ef4-9381-46ab02f676dc"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#4a0b75c5-85f2-4ef4-9381-46ab02f676dc"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:maven/io.netty/netty-codec-mqtt@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:maven/io.netty/netty-codec-mqtt@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#042eb709-adb7-4562-8214-6cd55efe5d41"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#042eb709-adb7-4562-8214-6cd55efe5d41"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#0e744a98-2a59-41fa-ae20-001a56267eb5"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#0e744a98-2a59-41fa-ae20-001a56267eb5"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#2b25b1b2-f294-4d34-9f64-4bbd06383237"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#2b25b1b2-f294-4d34-9f64-4bbd06383237"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#00f3010c-bb58-48a7-9fe6-b72dbf8da531"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#00f3010c-bb58-48a7-9fe6-b72dbf8da531"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:maven/io.netty/netty-codec-mqtt@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:maven/io.netty/netty-codec-mqtt@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#48d6018a-04f1-4b50-b0e8-c5d19d427884"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#48d6018a-04f1-4b50-b0e8-c5d19d427884"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#0c13bec2-89e8-48ee-a231-ca8697f642d6"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#0c13bec2-89e8-48ee-a231-ca8697f642d6"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#0293a6b8-33a2-4d82-8f5b-213e8bb6a83b"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#0293a6b8-33a2-4d82-8f5b-213e8bb6a83b"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#06cdade1-638b-4a1a-8e0f-d2f9abda5408"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#06cdade1-638b-4a1a-8e0f-d2f9abda5408"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#28066477-cd24-4ded-a509-376c85d55a0d"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#28066477-cd24-4ded-a509-376c85d55a0d"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#0ee656e3-cc63-49c8-a6cd-3f12f42811c4"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#0ee656e3-cc63-49c8-a6cd-3f12f42811c4"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#a05df8f4-ea74-4ce9-a59b-91b08dbedd58"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#a05df8f4-ea74-4ce9-a59b-91b08dbedd58"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-44249",
      "source": {
        "name": "ghsa",
        "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven"
      },
      "ratings": [
        {
          "source": {
            "name": "ghsa"
          },
          "score": 8.1,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "description": "### Summary\nAn attacker can bypass IPv6 subnet rules due to an incorrect masking operation in IpSubnetFilterRule.compareTo(). Valid public IP addresses can bypass the restrictions.\n\n### Details\n`io.netty.handler.ipfilter.IpSubnetFilterRule#compareTo(java.net.InetSocketAddress)` method performs a bitwise AND between the incoming IP address and the configured networkAddress, instead of the subnetMask.\n\n### Impact\nAccess Control Bypass. Attacker can bypass IpSubnetFilter IPv6 access controls.",
      "recommendation": "Upgrade io.netty:netty-handler to version 4.2.15.Final, 4.1.135.Final",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-44249"
        },
        {
          "url": "https://github.com/netty/netty"
        },
        {
          "url": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final"
        },
        {
          "url": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final"
        },
        {
          "url": "https://github.com/netty/netty/security/advisories/GHSA-3qp7-7mw8-wx86"
        }
      ],
      "affects": [
        {
          "ref": "pkg:maven/io.netty/netty-handler@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/io.netty/netty-handler@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/io.netty/netty-handler@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/io.netty/netty-handler@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/io.netty/netty-handler@4.1.132.Final",
          "versions": [
            {
              "version": "4.1.132.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#030d2af2-1368-4eeb-85b4-4ab842fcd349"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#030d2af2-1368-4eeb-85b4-4ab842fcd349"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#030d2af2-1368-4eeb-85b4-4ab842fcd349"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#030d2af2-1368-4eeb-85b4-4ab842fcd349"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#f9c90576-3ca4-4eb8-b20b-de3476ecebde"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#f9c90576-3ca4-4eb8-b20b-de3476ecebde"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#f9c90576-3ca4-4eb8-b20b-de3476ecebde"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#f9c90576-3ca4-4eb8-b20b-de3476ecebde"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#pkg:maven/io.netty/netty-handler@4.1.132.Final"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#6310963f-6bc7-44f3-a944-2928f4a07e1e"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#6310963f-6bc7-44f3-a944-2928f4a07e1e"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#6310963f-6bc7-44f3-a944-2928f4a07e1e"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#6310963f-6bc7-44f3-a944-2928f4a07e1e"
        },
        {
          "ref": "urn:cdx:79822606-80bb-4b4a-b189-2083c09a8497/1#pkg:maven/io.netty/netty-handler@4.1.132.Final"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#280223c7-279e-44aa-bb69-e0603b7e0021"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#280223c7-279e-44aa-bb69-e0603b7e0021"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#280223c7-279e-44aa-bb69-e0603b7e0021"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#280223c7-279e-44aa-bb69-e0603b7e0021"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-handler@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-handler@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-handler@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-handler@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:b3144944-978b-40c4-b130-dfbb479d3bd2/1#pkg:maven/io.netty/netty-handler@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:b3144944-978b-40c4-b130-dfbb479d3bd2/1#pkg:maven/io.netty/netty-handler@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:b3144944-978b-40c4-b130-dfbb479d3bd2/1#pkg:maven/io.netty/netty-handler@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:b3144944-978b-40c4-b130-dfbb479d3bd2/1#pkg:maven/io.netty/netty-handler@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#08484693-60de-4e26-8142-d2f347ad3e83"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#08484693-60de-4e26-8142-d2f347ad3e83"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#08484693-60de-4e26-8142-d2f347ad3e83"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#08484693-60de-4e26-8142-d2f347ad3e83"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#pkg:maven/io.netty/netty-handler@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#pkg:maven/io.netty/netty-handler@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#pkg:maven/io.netty/netty-handler@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#pkg:maven/io.netty/netty-handler@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-handler@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-handler@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-handler@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-handler@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/io.netty/netty-handler@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/io.netty/netty-handler@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/io.netty/netty-handler@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/io.netty/netty-handler@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-handler@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-handler@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-handler@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-handler@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#38918ba2-33cd-414d-85f1-4b24226db3c3"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#38918ba2-33cd-414d-85f1-4b24226db3c3"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#38918ba2-33cd-414d-85f1-4b24226db3c3"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#38918ba2-33cd-414d-85f1-4b24226db3c3"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#a054f2cd-7adb-48b8-9249-5e02026b8af3"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#a054f2cd-7adb-48b8-9249-5e02026b8af3"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#a054f2cd-7adb-48b8-9249-5e02026b8af3"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#a054f2cd-7adb-48b8-9249-5e02026b8af3"
        },
        {
          "ref": "urn:cdx:81487979-8292-4128-b1be-19c3deaa68ea/1#pkg:maven/io.netty/netty-handler@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:81487979-8292-4128-b1be-19c3deaa68ea/1#pkg:maven/io.netty/netty-handler@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:81487979-8292-4128-b1be-19c3deaa68ea/1#pkg:maven/io.netty/netty-handler@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:81487979-8292-4128-b1be-19c3deaa68ea/1#pkg:maven/io.netty/netty-handler@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:maven/io.netty/netty-handler@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:maven/io.netty/netty-handler@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:maven/io.netty/netty-handler@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:maven/io.netty/netty-handler@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:maven/io.netty/netty-handler@4.1.132.Final"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#ab9384fe-119e-40bd-81c8-595eb754d970"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#ab9384fe-119e-40bd-81c8-595eb754d970"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#ab9384fe-119e-40bd-81c8-595eb754d970"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#ab9384fe-119e-40bd-81c8-595eb754d970"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#30e92104-7b5d-49e4-ae22-1ccbe6a183f9"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#30e92104-7b5d-49e4-ae22-1ccbe6a183f9"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#30e92104-7b5d-49e4-ae22-1ccbe6a183f9"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#30e92104-7b5d-49e4-ae22-1ccbe6a183f9"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:maven/io.netty/netty-handler@4.1.132.Final"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#1468354f-7a07-4213-88a8-2eb72ce5259c"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#1468354f-7a07-4213-88a8-2eb72ce5259c"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#1468354f-7a07-4213-88a8-2eb72ce5259c"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#1468354f-7a07-4213-88a8-2eb72ce5259c"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#1714e49e-3c31-40b9-9937-aec285e15663"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#1714e49e-3c31-40b9-9937-aec285e15663"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#1714e49e-3c31-40b9-9937-aec285e15663"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#1714e49e-3c31-40b9-9937-aec285e15663"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:maven/io.netty/netty-handler@4.1.132.Final"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#2384597a-fdd5-4aee-b965-0fa54d89b2ed"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#2384597a-fdd5-4aee-b965-0fa54d89b2ed"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#2384597a-fdd5-4aee-b965-0fa54d89b2ed"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#2384597a-fdd5-4aee-b965-0fa54d89b2ed"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:maven/io.netty/netty-handler@4.1.132.Final"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#0346d077-a9ba-46bb-b560-c3d1859aafd2"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#0346d077-a9ba-46bb-b560-c3d1859aafd2"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#0346d077-a9ba-46bb-b560-c3d1859aafd2"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#0346d077-a9ba-46bb-b560-c3d1859aafd2"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:maven/io.netty/netty-handler@4.1.132.Final"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#51d92588-7db1-4bd6-ab8c-e5593f52839a"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#51d92588-7db1-4bd6-ab8c-e5593f52839a"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#51d92588-7db1-4bd6-ab8c-e5593f52839a"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#51d92588-7db1-4bd6-ab8c-e5593f52839a"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#4f45fbf7-db32-4aa4-84b8-fe5646a7f978"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#4f45fbf7-db32-4aa4-84b8-fe5646a7f978"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#4f45fbf7-db32-4aa4-84b8-fe5646a7f978"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#4f45fbf7-db32-4aa4-84b8-fe5646a7f978"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#00860a00-9faa-4fc2-8e60-69a59206417f"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#00860a00-9faa-4fc2-8e60-69a59206417f"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#00860a00-9faa-4fc2-8e60-69a59206417f"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#00860a00-9faa-4fc2-8e60-69a59206417f"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#0d0c1ea4-db6f-4b09-abcc-3ab4752a99d1"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#0d0c1ea4-db6f-4b09-abcc-3ab4752a99d1"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#0d0c1ea4-db6f-4b09-abcc-3ab4752a99d1"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#0d0c1ea4-db6f-4b09-abcc-3ab4752a99d1"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#075ea1e9-fc4c-444e-94f8-6a42ad3b7e8b"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#075ea1e9-fc4c-444e-94f8-6a42ad3b7e8b"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#075ea1e9-fc4c-444e-94f8-6a42ad3b7e8b"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#075ea1e9-fc4c-444e-94f8-6a42ad3b7e8b"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#0005a0ec-6e22-4937-a9f6-051769c2a024"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#0005a0ec-6e22-4937-a9f6-051769c2a024"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#0005a0ec-6e22-4937-a9f6-051769c2a024"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#0005a0ec-6e22-4937-a9f6-051769c2a024"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#100c2a7f-7aa4-4132-a424-dbcd2e766477"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#100c2a7f-7aa4-4132-a424-dbcd2e766477"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#100c2a7f-7aa4-4132-a424-dbcd2e766477"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#100c2a7f-7aa4-4132-a424-dbcd2e766477"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#12f538ee-b8d7-4f0a-8bb8-2bce12073b62"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#12f538ee-b8d7-4f0a-8bb8-2bce12073b62"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#12f538ee-b8d7-4f0a-8bb8-2bce12073b62"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#12f538ee-b8d7-4f0a-8bb8-2bce12073b62"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:maven/io.netty/netty-handler@4.1.132.Final"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#3e12c626-8691-48f8-a60e-d37cc886e63f"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#3e12c626-8691-48f8-a60e-d37cc886e63f"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#3e12c626-8691-48f8-a60e-d37cc886e63f"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#3e12c626-8691-48f8-a60e-d37cc886e63f"
        }
      ],
      "analysis": {
        "state": "in_triage",
        "justification": "",
        "response": [],
        "detail": "This CVE is under investigation by Confluent."
      }
    },
    {
      "id": "CVE-2026-44250",
      "source": {
        "name": "ghsa",
        "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven"
      },
      "ratings": [
        {
          "source": {
            "name": "ghsa"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        }
      ],
      "description": "### Summary\nAn attacker can cause DoS by sending a crafted Redis payload with deeply nested arrays. This forces the server to allocate a massive number of state objects and collections, leading to memory exhaustion and an OutOfMemoryError.\n\n### Details\nio.netty.handler.codec.redis.RedisArrayAggregator aggregates RedisMessage parts into ArrayRedisMessage. It uses a `Deque<AggregateState>` to keep track of nested arrays. However, it does not limit the maximum depth of nested arrays. When an attacker sends a continuous stream of nested array headers (e.g., `*1\\r\\n*1\\r\\n*1\\r\\n...`), RedisArrayAggregator pushes a `new AggregateState` onto the stack and allocates a `new ArrayList` for each header. Because there is no depth limit, an attacker can send millions of such headers. This consumes a massive amount of heap memory for the AggregateState instances and their backing ArrayLists, eventually resulting in an OutOfMemoryError.\n\n### Impact\nDenial of Service due to memory exhaustion. Any application using Netty's RedisArrayAggregator to handle untrusted Redis traffic is vulnerable.",
      "recommendation": "Upgrade io.netty:netty-codec-redis to version 4.2.15.Final, 4.1.135.Final",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-44250"
        },
        {
          "url": "https://github.com/netty/netty"
        },
        {
          "url": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final"
        },
        {
          "url": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final"
        },
        {
          "url": "https://github.com/netty/netty/security/advisories/GHSA-3244-j874-rhc2"
        }
      ],
      "affects": [
        {
          "ref": "pkg:maven/io.netty/netty-codec-redis@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/io.netty/netty-codec-redis@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#19e02f82-a33b-400a-a78f-7a42d39c7333"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#19e02f82-a33b-400a-a78f-7a42d39c7333"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#3954e0d1-a6be-4588-95ad-2b267e71a04c"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#3954e0d1-a6be-4588-95ad-2b267e71a04c"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#7179412b-3b12-47d1-8148-a14e6c483225"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#7179412b-3b12-47d1-8148-a14e6c483225"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-codec-redis@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-codec-redis@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-codec-redis@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-codec-redis@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-codec-redis@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-codec-redis@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#pkg:maven/io.netty/netty-codec-redis@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#pkg:maven/io.netty/netty-codec-redis@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#pkg:maven/io.netty/netty-codec-redis@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#pkg:maven/io.netty/netty-codec-redis@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#06b85f66-aad4-4f82-b7b8-39fa3403c7d1"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#06b85f66-aad4-4f82-b7b8-39fa3403c7d1"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:maven/io.netty/netty-codec-redis@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:maven/io.netty/netty-codec-redis@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#007951e5-9396-4839-b490-6b6e495895b4"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#007951e5-9396-4839-b490-6b6e495895b4"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#255a27f1-5c7b-4425-9a92-51f7f8defcf5"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#255a27f1-5c7b-4425-9a92-51f7f8defcf5"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#52d0ef1b-8479-4901-a80b-0c9c812a13a8"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#52d0ef1b-8479-4901-a80b-0c9c812a13a8"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#0ab543c9-23d1-4878-90cf-17c32e4c1aae"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#0ab543c9-23d1-4878-90cf-17c32e4c1aae"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:maven/io.netty/netty-codec-redis@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:maven/io.netty/netty-codec-redis@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#0b7049ec-5406-4518-b3ac-01368f81b20f"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#0b7049ec-5406-4518-b3ac-01368f81b20f"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#7acd6596-2603-4e4c-bd5e-bca08c2e7d54"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#7acd6596-2603-4e4c-bd5e-bca08c2e7d54"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#1bfb2e1a-bfaf-4b02-a33f-2d278b659de2"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#1bfb2e1a-bfaf-4b02-a33f-2d278b659de2"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#23b98e4d-8de0-49f4-b513-9cb5a9081b6e"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#23b98e4d-8de0-49f4-b513-9cb5a9081b6e"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#06b153fd-9692-48db-8624-5e2e661cdad7"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#06b153fd-9692-48db-8624-5e2e661cdad7"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#394d7b5d-beb8-4347-81d3-15ee67a80587"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#394d7b5d-beb8-4347-81d3-15ee67a80587"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#6501deda-791f-4f7d-811d-1a522ba6cba5"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#6501deda-791f-4f7d-811d-1a522ba6cba5"
        }
      ],
      "analysis": {
        "state": "in_triage",
        "justification": "",
        "response": [],
        "detail": "This CVE is under investigation by Confluent."
      }
    },
    {
      "id": "CVE-2026-44890",
      "source": {
        "name": "ghsa",
        "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven"
      },
      "ratings": [
        {
          "source": {
            "name": "ghsa"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        }
      ],
      "description": "### Summary\nAn attacker can cause DoS by sending crafted Redis payloads across multiple connections without `\\r\\n`. This exhausts the server's direct memory pool (OutOfDirectMemoryError), preventing legitimate connections from being processed.\n\n### Details\nio.netty.handler.codec.redis.RedisDecoder decodes the length of bulk strings and array headers using the `decodeLength` method. This method reads bytes from the network until it encounters a `\\n` character. However, it does not enforce any maximum length check while buffering the bytes if the `\\n` character is not found. An attacker can exploit this by sending a continuous stream of digits (e.g., `$1111...`) without ever sending a `\\n`.\n\nTo cause a true Denial of Service, an attacker must open multiple concurrent connections and distribute the unbounded payloads among them.\n\nAccording to the RESP specification (https://redis.io/docs/latest/develop/reference/protocol-spec/), all parts of the protocol are strictly terminated with `\\r\\n`. Furthermore, the length prefix itself is an integer representation that must fit within standard numeric limits (e.g., a 64-bit signed integer). Therefore, a stream of digits exceeding these bounds without `\\r\\n` is a protocol violation and should be rejected immediately rather than buffered indefinitely.\n\n### Impact\nDenial of Service due to memory exhaustion. Any application using Netty's RedisDecoder to handle untrusted Redis traffic is vulnerable.",
      "recommendation": "Upgrade io.netty:netty-codec-redis to version 4.2.15.Final, 4.1.135.Final",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-44890"
        },
        {
          "url": "https://github.com/netty/netty"
        },
        {
          "url": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final"
        },
        {
          "url": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final"
        },
        {
          "url": "https://github.com/netty/netty/security/advisories/GHSA-6ghj-frrj-jjj3"
        }
      ],
      "affects": [
        {
          "ref": "pkg:maven/io.netty/netty-codec-redis@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/io.netty/netty-codec-redis@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#19e02f82-a33b-400a-a78f-7a42d39c7333"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#19e02f82-a33b-400a-a78f-7a42d39c7333"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#3954e0d1-a6be-4588-95ad-2b267e71a04c"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#3954e0d1-a6be-4588-95ad-2b267e71a04c"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#7179412b-3b12-47d1-8148-a14e6c483225"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#7179412b-3b12-47d1-8148-a14e6c483225"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-codec-redis@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-codec-redis@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-codec-redis@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-codec-redis@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-codec-redis@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-codec-redis@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#pkg:maven/io.netty/netty-codec-redis@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#pkg:maven/io.netty/netty-codec-redis@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#pkg:maven/io.netty/netty-codec-redis@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#pkg:maven/io.netty/netty-codec-redis@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#06b85f66-aad4-4f82-b7b8-39fa3403c7d1"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#06b85f66-aad4-4f82-b7b8-39fa3403c7d1"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:maven/io.netty/netty-codec-redis@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:maven/io.netty/netty-codec-redis@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#007951e5-9396-4839-b490-6b6e495895b4"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#007951e5-9396-4839-b490-6b6e495895b4"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#255a27f1-5c7b-4425-9a92-51f7f8defcf5"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#255a27f1-5c7b-4425-9a92-51f7f8defcf5"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#52d0ef1b-8479-4901-a80b-0c9c812a13a8"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#52d0ef1b-8479-4901-a80b-0c9c812a13a8"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#0ab543c9-23d1-4878-90cf-17c32e4c1aae"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#0ab543c9-23d1-4878-90cf-17c32e4c1aae"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:maven/io.netty/netty-codec-redis@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:maven/io.netty/netty-codec-redis@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#0b7049ec-5406-4518-b3ac-01368f81b20f"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#0b7049ec-5406-4518-b3ac-01368f81b20f"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#7acd6596-2603-4e4c-bd5e-bca08c2e7d54"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#7acd6596-2603-4e4c-bd5e-bca08c2e7d54"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#1bfb2e1a-bfaf-4b02-a33f-2d278b659de2"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#1bfb2e1a-bfaf-4b02-a33f-2d278b659de2"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#23b98e4d-8de0-49f4-b513-9cb5a9081b6e"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#23b98e4d-8de0-49f4-b513-9cb5a9081b6e"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#06b153fd-9692-48db-8624-5e2e661cdad7"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#06b153fd-9692-48db-8624-5e2e661cdad7"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#394d7b5d-beb8-4347-81d3-15ee67a80587"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#394d7b5d-beb8-4347-81d3-15ee67a80587"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#6501deda-791f-4f7d-811d-1a522ba6cba5"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#6501deda-791f-4f7d-811d-1a522ba6cba5"
        }
      ],
      "analysis": {
        "state": "in_triage",
        "justification": "",
        "response": [],
        "detail": "This CVE is under investigation by Confluent."
      }
    },
    {
      "id": "CVE-2026-44893",
      "source": {
        "name": "ghsa",
        "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven"
      },
      "ratings": [
        {
          "source": {
            "name": "ghsa"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        }
      ],
      "description": "When decoding a PP2_TYPE_SSL TLV, HAProxyMessage.readNextTLV() first calls `header.retainedSlice(header.readerIndex(), length)` and only then reads the 1-byte client field and 4-byte verify field. If the attacker sets the TLV length below 5, the subsequent readByte/readInt throws IndexOutOfBoundsException. HAProxyMessageDecoder only catches HAProxyProtocolException around this call, so the IOOBE propagates and the retained slice on the pooled cumulation buffer is never released.",
      "recommendation": "Upgrade io.netty:netty-codec-haproxy to version 4.2.15.Final, 4.1.135.Final",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-44893"
        },
        {
          "url": "https://github.com/netty/netty"
        },
        {
          "url": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final"
        },
        {
          "url": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final"
        },
        {
          "url": "https://github.com/netty/netty/security/advisories/GHSA-cc37-9q2j-3hfv"
        }
      ],
      "affects": [
        {
          "ref": "pkg:maven/io.netty/netty-codec-haproxy@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/io.netty/netty-codec-haproxy@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#592220d3-d7c3-40f1-b122-82609f9fca9e"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#592220d3-d7c3-40f1-b122-82609f9fca9e"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#pkg:maven/io.netty/netty-codec-haproxy@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#pkg:maven/io.netty/netty-codec-haproxy@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#09babce3-9c19-48bc-a2a8-a7c4447df9eb"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#09babce3-9c19-48bc-a2a8-a7c4447df9eb"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#5e4ca9fa-90ea-4d13-a8ff-a0786b119273"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#5e4ca9fa-90ea-4d13-a8ff-a0786b119273"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-codec-haproxy@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-codec-haproxy@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#pkg:maven/io.netty/netty-codec-haproxy@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#pkg:maven/io.netty/netty-codec-haproxy@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-codec-haproxy@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-codec-haproxy@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-codec-haproxy@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-codec-haproxy@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#pkg:maven/io.netty/netty-codec-haproxy@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#pkg:maven/io.netty/netty-codec-haproxy@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#pkg:maven/io.netty/netty-codec-haproxy@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#pkg:maven/io.netty/netty-codec-haproxy@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#50a94483-1cb0-47de-9c41-32824d360aff"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#50a94483-1cb0-47de-9c41-32824d360aff"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:maven/io.netty/netty-codec-haproxy@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:maven/io.netty/netty-codec-haproxy@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#07294092-99e5-46e3-89de-f82bb528558b"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#07294092-99e5-46e3-89de-f82bb528558b"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#2d04be07-cced-4103-968d-58a4e3ba5472"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#2d04be07-cced-4103-968d-58a4e3ba5472"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#a84608b8-8edf-4e54-aae1-201d22612b4c"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#a84608b8-8edf-4e54-aae1-201d22612b4c"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#264cf9c5-2e83-44ab-a850-06fbe0f9a776"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#264cf9c5-2e83-44ab-a850-06fbe0f9a776"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:maven/io.netty/netty-codec-haproxy@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:maven/io.netty/netty-codec-haproxy@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#b1663245-0c2a-4aaa-8ed3-41aa992af48a"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#b1663245-0c2a-4aaa-8ed3-41aa992af48a"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:maven/io.netty/netty-codec-haproxy@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:maven/io.netty/netty-codec-haproxy@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#2d61b1f2-f684-44ad-9263-54c534e301e5"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#2d61b1f2-f684-44ad-9263-54c534e301e5"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#40bd610e-6bd6-4776-8450-330480e0f5a4"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#40bd610e-6bd6-4776-8450-330480e0f5a4"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#24d0fb16-f094-4315-b8a6-7a4228c2deaf"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#24d0fb16-f094-4315-b8a6-7a4228c2deaf"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#40e5857b-95af-4b21-94ef-4ca8b9474e68"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#40e5857b-95af-4b21-94ef-4ca8b9474e68"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#70ae7048-01e8-4962-8c90-ecc11fe5d7cb"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#70ae7048-01e8-4962-8c90-ecc11fe5d7cb"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#7a7d6138-0995-49bb-b970-2b176b4e2b22"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#7a7d6138-0995-49bb-b970-2b176b4e2b22"
        }
      ],
      "analysis": {
        "state": "in_triage",
        "justification": "",
        "response": [],
        "detail": "This CVE is under investigation by Confluent."
      }
    },
    {
      "id": "CVE-2026-45292",
      "source": {
        "name": "ghsa",
        "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven"
      },
      "ratings": [
        {
          "source": {
            "name": "ghsa"
          },
          "score": 5.3,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        }
      ],
      "cwes": [
        770
      ],
      "description": "opentelemetry-java is the Java implementation of the OpenTelemetry API for recording telemetry, and SDK for managing telemetry recorded by the API. Prior to 1.62.0, a vulnerability affects the baggage propagation implementation in opentelemetry-api and opentelemetry-extension-trace-propagators. Parsing oversized baggage causes unbounded memory allocation and CPU consumption. Because baggage is automatically re-injected into every outgoing request, the effect can fan out to downstream services that never received the original malicious request. This vulnerability is fixed in 1.62.0.",
      "recommendation": "Upgrade io.opentelemetry:opentelemetry-api to version 1.62.0",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-45292"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-45292"
        },
        {
          "url": "https://github.com/open-telemetry/opentelemetry-java"
        },
        {
          "url": "https://github.com/open-telemetry/opentelemetry-java/commit/03837d3c1763bc35464aea1078671e2ef2336a5f"
        },
        {
          "url": "https://github.com/open-telemetry/opentelemetry-java/pull/8380"
        },
        {
          "url": "https://github.com/open-telemetry/opentelemetry-java/releases/tag/v1.62.0"
        },
        {
          "url": "https://github.com/open-telemetry/opentelemetry-java/security/advisories/GHSA-rcgg-9c38-7xpx"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45292"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45292"
        }
      ],
      "published": "2026-05-28T17:16:32+00:00",
      "updated": "2026-05-29T15:42:56+00:00",
      "affects": [
        {
          "ref": "pkg:maven/io.opentelemetry/opentelemetry-api@1.30.1",
          "versions": [
            {
              "version": "1.30.1",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#pkg:maven/io.opentelemetry/opentelemetry-api@1.30.1"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#pkg:maven/io.opentelemetry/opentelemetry-api@1.30.1"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#pkg:maven/io.opentelemetry/opentelemetry-api@1.30.1"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#pkg:maven/io.opentelemetry/opentelemetry-api@1.30.1"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.opentelemetry/opentelemetry-api@1.30.1"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#pkg:maven/io.opentelemetry/opentelemetry-api@1.30.1"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#pkg:maven/io.opentelemetry/opentelemetry-api@1.30.1"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.opentelemetry/opentelemetry-api@1.30.1"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.opentelemetry/opentelemetry-api@1.30.1"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#1def90a1-5a1b-4e95-9172-342d636fbb40"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#pkg:maven/io.opentelemetry/opentelemetry-api@1.30.1"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:maven/io.opentelemetry/opentelemetry-api@1.30.1"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:maven/io.opentelemetry/opentelemetry-api@1.30.1"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#42040c3f-9753-4407-ae08-30b9438be7c4"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#018bc97e-ca38-4de5-b78a-957db10f99a0"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:maven/io.opentelemetry/opentelemetry-api@1.30.1"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:maven/io.opentelemetry/opentelemetry-api@1.30.1"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:maven/io.opentelemetry/opentelemetry-api@1.30.1"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#5383e286-88b5-4793-ab8f-c02e424a7625"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:maven/io.opentelemetry/opentelemetry-api@1.30.1"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#17cf8489-2d48-4e4c-9dc3-d72dac1b3fa7"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#3e1de03b-8784-492c-9784-a133534ee52d"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#566d8b40-4cac-47fd-9ae0-745f4a80756e"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#5c1642cd-5bb9-4a22-82b3-b67103fc731a"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#060db3ea-3553-49fd-995b-0389e35c6c9e"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#169173b6-0b16-4066-90a0-054b13655ceb"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-45300",
      "source": {
        "name": "ghsa",
        "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven"
      },
      "ratings": [
        {
          "source": {
            "name": "ghsa"
          },
          "score": 7.4,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N"
        }
      ],
      "cwes": [
        200
      ],
      "description": "The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. Versions on the 2.x branch prior to 2.15.0 and the 3.x branch prior to 3.0.10 leak `Cookie` headers to cross-origin redirect targets. When following a redirect to a different origin, the `propagatedHeaders()` method in `Redirect30xInterceptor.java` strips `Authorization` and `Proxy-Authorization` headers but does not strip the `Cookie` header, causing session cookies and other sensitive cookie values to be sent to attacker-controlled servers. Versions 2.15.0 and 3.0.10 patch the issue.",
      "recommendation": "Upgrade org.asynchttpclient:async-http-client to version 3.0.10, 2.15.0",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-45300"
        },
        {
          "url": "https://github.com/AsyncHttpClient/async-http-client"
        },
        {
          "url": "https://github.com/AsyncHttpClient/async-http-client/commit/3b0e3e9e"
        },
        {
          "url": "https://github.com/AsyncHttpClient/async-http-client/releases/tag/async-http-client-project-3.0.10"
        },
        {
          "url": "https://github.com/AsyncHttpClient/async-http-client/security/advisories/GHSA-fmxf-pm6p-7xgm"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45300"
        }
      ],
      "published": "2026-06-05T20:17:31+00:00",
      "updated": "2026-06-08T18:37:41+00:00",
      "affects": [
        {
          "ref": "pkg:maven/org.asynchttpclient/async-http-client@2.12.4",
          "versions": [
            {
              "version": "2.12.4",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/org.asynchttpclient/async-http-client@2.12.4",
          "versions": [
            {
              "version": "2.12.4",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/org.asynchttpclient/async-http-client@2.12.4",
          "versions": [
            {
              "version": "2.12.4",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#3851ee3b-134a-4505-b19a-674de674bf81"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#3851ee3b-134a-4505-b19a-674de674bf81"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#3851ee3b-134a-4505-b19a-674de674bf81"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#pkg:maven/org.asynchttpclient/async-http-client@2.12.4"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#pkg:maven/org.asynchttpclient/async-http-client@2.12.4"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#pkg:maven/org.asynchttpclient/async-http-client@2.12.4"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#92d697d6-4906-4665-abe0-bda1413d3556"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#92d697d6-4906-4665-abe0-bda1413d3556"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#92d697d6-4906-4665-abe0-bda1413d3556"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#75416367-6040-4e5b-aa99-97f12c98844a"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#75416367-6040-4e5b-aa99-97f12c98844a"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#75416367-6040-4e5b-aa99-97f12c98844a"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#pkg:maven/org.asynchttpclient/async-http-client@2.12.4"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#pkg:maven/org.asynchttpclient/async-http-client@2.12.4"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#pkg:maven/org.asynchttpclient/async-http-client@2.12.4"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#pkg:maven/org.asynchttpclient/async-http-client@2.12.4"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#pkg:maven/org.asynchttpclient/async-http-client@2.12.4"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#pkg:maven/org.asynchttpclient/async-http-client@2.12.4"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#44f7f14b-4f97-4b34-8c55-1e87e77ca8d8"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#44f7f14b-4f97-4b34-8c55-1e87e77ca8d8"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#44f7f14b-4f97-4b34-8c55-1e87e77ca8d8"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#pkg:maven/org.asynchttpclient/async-http-client@2.12.4"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#pkg:maven/org.asynchttpclient/async-http-client@2.12.4"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#pkg:maven/org.asynchttpclient/async-http-client@2.12.4"
        },
        {
          "ref": "urn:cdx:81487979-8292-4128-b1be-19c3deaa68ea/1#pkg:maven/org.asynchttpclient/async-http-client@2.12.4"
        },
        {
          "ref": "urn:cdx:81487979-8292-4128-b1be-19c3deaa68ea/1#pkg:maven/org.asynchttpclient/async-http-client@2.12.4"
        },
        {
          "ref": "urn:cdx:81487979-8292-4128-b1be-19c3deaa68ea/1#pkg:maven/org.asynchttpclient/async-http-client@2.12.4"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#166bf410-3dc4-44cc-8c29-97e75343bf5f"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#166bf410-3dc4-44cc-8c29-97e75343bf5f"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#166bf410-3dc4-44cc-8c29-97e75343bf5f"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:maven/org.asynchttpclient/async-http-client@2.12.4"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:maven/org.asynchttpclient/async-http-client@2.12.4"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:maven/org.asynchttpclient/async-http-client@2.12.4"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#305c543b-4db6-4373-a2b4-d4cf6d243615"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#305c543b-4db6-4373-a2b4-d4cf6d243615"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#305c543b-4db6-4373-a2b4-d4cf6d243615"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#02decb48-03a6-4729-9851-ffa342246d06"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#02decb48-03a6-4729-9851-ffa342246d06"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#02decb48-03a6-4729-9851-ffa342246d06"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#0167f350-d938-4425-8a09-70441e5560b2"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#0167f350-d938-4425-8a09-70441e5560b2"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#0167f350-d938-4425-8a09-70441e5560b2"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#2d8f2aa7-22f6-4211-b089-da029c63c6cd"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#2d8f2aa7-22f6-4211-b089-da029c63c6cd"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#2d8f2aa7-22f6-4211-b089-da029c63c6cd"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:maven/org.asynchttpclient/async-http-client@2.12.4"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:maven/org.asynchttpclient/async-http-client@2.12.4"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:maven/org.asynchttpclient/async-http-client@2.12.4"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#1d016937-bd7d-448a-9dab-ff89579bd5e7"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#1d016937-bd7d-448a-9dab-ff89579bd5e7"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#1d016937-bd7d-448a-9dab-ff89579bd5e7"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:maven/org.asynchttpclient/async-http-client@2.12.4"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:maven/org.asynchttpclient/async-http-client@2.12.4"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:maven/org.asynchttpclient/async-http-client@2.12.4"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#0271e612-2b13-4535-8725-737e2a2d1936"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#0271e612-2b13-4535-8725-737e2a2d1936"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#0271e612-2b13-4535-8725-737e2a2d1936"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#11932c33-f160-466d-bbd6-4db5a57d80a8"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#11932c33-f160-466d-bbd6-4db5a57d80a8"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#11932c33-f160-466d-bbd6-4db5a57d80a8"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#155ead15-8434-49a8-bb6a-faced234300b"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#155ead15-8434-49a8-bb6a-faced234300b"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#155ead15-8434-49a8-bb6a-faced234300b"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#5d242a3a-75c1-4b36-af04-caa64f67a977"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#5d242a3a-75c1-4b36-af04-caa64f67a977"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#5d242a3a-75c1-4b36-af04-caa64f67a977"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#00ad9a78-91bb-48c7-9fbf-bb23e31b2c7c"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#00ad9a78-91bb-48c7-9fbf-bb23e31b2c7c"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#00ad9a78-91bb-48c7-9fbf-bb23e31b2c7c"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#14d6f8ca-60ed-4b12-8723-1d0ff0d6f7f6"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#14d6f8ca-60ed-4b12-8723-1d0ff0d6f7f6"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#14d6f8ca-60ed-4b12-8723-1d0ff0d6f7f6"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-45416",
      "source": {
        "name": "ghsa",
        "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven"
      },
      "ratings": [
        {
          "source": {
            "name": "ghsa"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        }
      ],
      "description": "SslClientHelloHandler.decode() reads the 24-bit TLS handshake length and, when the ClientHello does not fit in the first record, eagerly allocates `ctx.alloc().buffer(handshakeLength)` (line 161). The guard at line 140 is `handshakeLength > maxClientHelloLength && maxClientHelloLength != 0`, and the commonly-used SniHandler/AbstractSniHandler constructors (SniHandler(Mapping), SniHandler(AsyncMapping), AbstractSniHandler()) pass maxClientHelloLength=0 and handshakeTimeoutMillis=0, so the length guard is disabled and no timeout is scheduled. A 16 MiB request exceeds the default pooled chunk size and becomes a huge/unpooled allocation performed immediately. The buffer is retained in the handler until the channel closes.",
      "recommendation": "Upgrade io.netty:netty-handler to version 4.2.15.Final, 4.1.135.Final",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-45416"
        },
        {
          "url": "https://github.com/netty/netty"
        },
        {
          "url": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final"
        },
        {
          "url": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final"
        },
        {
          "url": "https://github.com/netty/netty/security/advisories/GHSA-x4gw-5cx5-pgmh"
        }
      ],
      "affects": [
        {
          "ref": "pkg:maven/io.netty/netty-handler@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/io.netty/netty-handler@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/io.netty/netty-handler@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/io.netty/netty-handler@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/io.netty/netty-handler@4.1.132.Final",
          "versions": [
            {
              "version": "4.1.132.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#030d2af2-1368-4eeb-85b4-4ab842fcd349"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#030d2af2-1368-4eeb-85b4-4ab842fcd349"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#030d2af2-1368-4eeb-85b4-4ab842fcd349"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#030d2af2-1368-4eeb-85b4-4ab842fcd349"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#f9c90576-3ca4-4eb8-b20b-de3476ecebde"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#f9c90576-3ca4-4eb8-b20b-de3476ecebde"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#f9c90576-3ca4-4eb8-b20b-de3476ecebde"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#f9c90576-3ca4-4eb8-b20b-de3476ecebde"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#pkg:maven/io.netty/netty-handler@4.1.132.Final"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#6310963f-6bc7-44f3-a944-2928f4a07e1e"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#6310963f-6bc7-44f3-a944-2928f4a07e1e"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#6310963f-6bc7-44f3-a944-2928f4a07e1e"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#6310963f-6bc7-44f3-a944-2928f4a07e1e"
        },
        {
          "ref": "urn:cdx:79822606-80bb-4b4a-b189-2083c09a8497/1#pkg:maven/io.netty/netty-handler@4.1.132.Final"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#280223c7-279e-44aa-bb69-e0603b7e0021"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#280223c7-279e-44aa-bb69-e0603b7e0021"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#280223c7-279e-44aa-bb69-e0603b7e0021"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#280223c7-279e-44aa-bb69-e0603b7e0021"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-handler@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-handler@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-handler@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-handler@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:b3144944-978b-40c4-b130-dfbb479d3bd2/1#pkg:maven/io.netty/netty-handler@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:b3144944-978b-40c4-b130-dfbb479d3bd2/1#pkg:maven/io.netty/netty-handler@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:b3144944-978b-40c4-b130-dfbb479d3bd2/1#pkg:maven/io.netty/netty-handler@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:b3144944-978b-40c4-b130-dfbb479d3bd2/1#pkg:maven/io.netty/netty-handler@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#08484693-60de-4e26-8142-d2f347ad3e83"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#08484693-60de-4e26-8142-d2f347ad3e83"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#08484693-60de-4e26-8142-d2f347ad3e83"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#08484693-60de-4e26-8142-d2f347ad3e83"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#pkg:maven/io.netty/netty-handler@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#pkg:maven/io.netty/netty-handler@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#pkg:maven/io.netty/netty-handler@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#pkg:maven/io.netty/netty-handler@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-handler@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-handler@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-handler@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-handler@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/io.netty/netty-handler@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/io.netty/netty-handler@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/io.netty/netty-handler@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/io.netty/netty-handler@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-handler@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-handler@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-handler@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-handler@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#38918ba2-33cd-414d-85f1-4b24226db3c3"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#38918ba2-33cd-414d-85f1-4b24226db3c3"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#38918ba2-33cd-414d-85f1-4b24226db3c3"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#38918ba2-33cd-414d-85f1-4b24226db3c3"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#a054f2cd-7adb-48b8-9249-5e02026b8af3"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#a054f2cd-7adb-48b8-9249-5e02026b8af3"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#a054f2cd-7adb-48b8-9249-5e02026b8af3"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#a054f2cd-7adb-48b8-9249-5e02026b8af3"
        },
        {
          "ref": "urn:cdx:81487979-8292-4128-b1be-19c3deaa68ea/1#pkg:maven/io.netty/netty-handler@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:81487979-8292-4128-b1be-19c3deaa68ea/1#pkg:maven/io.netty/netty-handler@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:81487979-8292-4128-b1be-19c3deaa68ea/1#pkg:maven/io.netty/netty-handler@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:81487979-8292-4128-b1be-19c3deaa68ea/1#pkg:maven/io.netty/netty-handler@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:maven/io.netty/netty-handler@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:maven/io.netty/netty-handler@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:maven/io.netty/netty-handler@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:maven/io.netty/netty-handler@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:maven/io.netty/netty-handler@4.1.132.Final"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#ab9384fe-119e-40bd-81c8-595eb754d970"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#ab9384fe-119e-40bd-81c8-595eb754d970"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#ab9384fe-119e-40bd-81c8-595eb754d970"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#ab9384fe-119e-40bd-81c8-595eb754d970"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#30e92104-7b5d-49e4-ae22-1ccbe6a183f9"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#30e92104-7b5d-49e4-ae22-1ccbe6a183f9"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#30e92104-7b5d-49e4-ae22-1ccbe6a183f9"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#30e92104-7b5d-49e4-ae22-1ccbe6a183f9"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:maven/io.netty/netty-handler@4.1.132.Final"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#1468354f-7a07-4213-88a8-2eb72ce5259c"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#1468354f-7a07-4213-88a8-2eb72ce5259c"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#1468354f-7a07-4213-88a8-2eb72ce5259c"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#1468354f-7a07-4213-88a8-2eb72ce5259c"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#1714e49e-3c31-40b9-9937-aec285e15663"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#1714e49e-3c31-40b9-9937-aec285e15663"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#1714e49e-3c31-40b9-9937-aec285e15663"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#1714e49e-3c31-40b9-9937-aec285e15663"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:maven/io.netty/netty-handler@4.1.132.Final"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#2384597a-fdd5-4aee-b965-0fa54d89b2ed"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#2384597a-fdd5-4aee-b965-0fa54d89b2ed"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#2384597a-fdd5-4aee-b965-0fa54d89b2ed"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#2384597a-fdd5-4aee-b965-0fa54d89b2ed"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:maven/io.netty/netty-handler@4.1.132.Final"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#0346d077-a9ba-46bb-b560-c3d1859aafd2"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#0346d077-a9ba-46bb-b560-c3d1859aafd2"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#0346d077-a9ba-46bb-b560-c3d1859aafd2"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#0346d077-a9ba-46bb-b560-c3d1859aafd2"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:maven/io.netty/netty-handler@4.1.132.Final"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#51d92588-7db1-4bd6-ab8c-e5593f52839a"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#51d92588-7db1-4bd6-ab8c-e5593f52839a"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#51d92588-7db1-4bd6-ab8c-e5593f52839a"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#51d92588-7db1-4bd6-ab8c-e5593f52839a"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#4f45fbf7-db32-4aa4-84b8-fe5646a7f978"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#4f45fbf7-db32-4aa4-84b8-fe5646a7f978"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#4f45fbf7-db32-4aa4-84b8-fe5646a7f978"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#4f45fbf7-db32-4aa4-84b8-fe5646a7f978"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#00860a00-9faa-4fc2-8e60-69a59206417f"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#00860a00-9faa-4fc2-8e60-69a59206417f"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#00860a00-9faa-4fc2-8e60-69a59206417f"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#00860a00-9faa-4fc2-8e60-69a59206417f"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#0d0c1ea4-db6f-4b09-abcc-3ab4752a99d1"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#0d0c1ea4-db6f-4b09-abcc-3ab4752a99d1"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#0d0c1ea4-db6f-4b09-abcc-3ab4752a99d1"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#0d0c1ea4-db6f-4b09-abcc-3ab4752a99d1"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#075ea1e9-fc4c-444e-94f8-6a42ad3b7e8b"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#075ea1e9-fc4c-444e-94f8-6a42ad3b7e8b"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#075ea1e9-fc4c-444e-94f8-6a42ad3b7e8b"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#075ea1e9-fc4c-444e-94f8-6a42ad3b7e8b"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#0005a0ec-6e22-4937-a9f6-051769c2a024"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#0005a0ec-6e22-4937-a9f6-051769c2a024"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#0005a0ec-6e22-4937-a9f6-051769c2a024"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#0005a0ec-6e22-4937-a9f6-051769c2a024"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#100c2a7f-7aa4-4132-a424-dbcd2e766477"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#100c2a7f-7aa4-4132-a424-dbcd2e766477"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#100c2a7f-7aa4-4132-a424-dbcd2e766477"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#100c2a7f-7aa4-4132-a424-dbcd2e766477"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#12f538ee-b8d7-4f0a-8bb8-2bce12073b62"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#12f538ee-b8d7-4f0a-8bb8-2bce12073b62"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#12f538ee-b8d7-4f0a-8bb8-2bce12073b62"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#12f538ee-b8d7-4f0a-8bb8-2bce12073b62"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:maven/io.netty/netty-handler@4.1.132.Final"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#3e12c626-8691-48f8-a60e-d37cc886e63f"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#3e12c626-8691-48f8-a60e-d37cc886e63f"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#3e12c626-8691-48f8-a60e-d37cc886e63f"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#3e12c626-8691-48f8-a60e-d37cc886e63f"
        }
      ],
      "analysis": {
        "state": "in_triage",
        "justification": "",
        "response": [],
        "detail": "This CVE is under investigation by Confluent."
      }
    },
    {
      "id": "CVE-2026-45536",
      "source": {
        "name": "ghsa",
        "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven"
      },
      "ratings": [
        {
          "source": {
            "name": "ghsa"
          },
          "score": 4,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
        }
      ],
      "description": "netty_unix_socket_recvFd sets msg_control to `char control[CMSG_SPACE(sizeof(int))]` (line 940) \u2014 24 bytes on 64-bit Linux. A peer-sent SCM_RIGHTS cmsg carrying two ints has cmsg_len = CMSG_LEN(8) = 24, which fits exactly with no MSG_CTRUNC, so the kernel installs both fds in the receiving process. The subsequent check `cmsg->cmsg_len == CMSG_LEN(sizeof(int))` (line 972, expected 20) fails, the branch that would read the fd is skipped, and neither installed fd is closed. The for(;;) loop calls recvmsg again (non-blocking \u2192 EAGAIN \u2192 Java maps to 0 \u2192 read loop exits normally), leaving two leaked fds per message. There is no MSG_CTRUNC handling. Reachable via Epoll/KQueue DomainSocketChannel when the application opts into DomainSocketReadMode.FILE_DESCRIPTORS (non-default).",
      "recommendation": "Upgrade io.netty:netty-transport-native-epoll to version 4.2.15.Final, 4.1.135.Final; Upgrade io.netty:netty-transport-native-kqueue to version 4.2.15.Final, 4.1.135.Final",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-45536"
        },
        {
          "url": "https://github.com/netty/netty"
        },
        {
          "url": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final"
        },
        {
          "url": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final"
        },
        {
          "url": "https://github.com/netty/netty/security/advisories/GHSA-w573-9ffj-6ff9"
        }
      ],
      "affects": [
        {
          "ref": "pkg:maven/io.netty/netty-transport-native-kqueue@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/io.netty/netty-transport-native-kqueue@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/io.netty/netty-transport-native-kqueue@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/io.netty/netty-transport-native-kqueue@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/io.netty/netty-transport-native-kqueue@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/io.netty/netty-transport-native-epoll@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/io.netty/netty-transport-native-epoll@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/io.netty/netty-transport-native-epoll@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/io.netty/netty-transport-native-epoll@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/io.netty/netty-transport-native-epoll@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/io.netty/netty-transport-native-epoll@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/io.netty/netty-transport-native-kqueue@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/io.netty/netty-transport-native-epoll@4.1.132.Final",
          "versions": [
            {
              "version": "4.1.132.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#4d1c554f-4fd5-4919-bea1-29131d34812f"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#4d1c554f-4fd5-4919-bea1-29131d34812f"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#4d1c554f-4fd5-4919-bea1-29131d34812f"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#4d1c554f-4fd5-4919-bea1-29131d34812f"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#4d1c554f-4fd5-4919-bea1-29131d34812f"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#0a399f14-56b1-47c8-9f1b-caf6dc1225e3"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#0a399f14-56b1-47c8-9f1b-caf6dc1225e3"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#0a399f14-56b1-47c8-9f1b-caf6dc1225e3"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#0a399f14-56b1-47c8-9f1b-caf6dc1225e3"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#0a399f14-56b1-47c8-9f1b-caf6dc1225e3"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#0a399f14-56b1-47c8-9f1b-caf6dc1225e3"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#4d1c554f-4fd5-4919-bea1-29131d34812f"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#d1fc7be5-5f09-4287-a4e3-15777e7d6570"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#d1fc7be5-5f09-4287-a4e3-15777e7d6570"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#d1fc7be5-5f09-4287-a4e3-15777e7d6570"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#d1fc7be5-5f09-4287-a4e3-15777e7d6570"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#d1fc7be5-5f09-4287-a4e3-15777e7d6570"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#66f6fad2-8e97-440c-aea2-e0e1a33d92cd"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#66f6fad2-8e97-440c-aea2-e0e1a33d92cd"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#66f6fad2-8e97-440c-aea2-e0e1a33d92cd"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#66f6fad2-8e97-440c-aea2-e0e1a33d92cd"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#66f6fad2-8e97-440c-aea2-e0e1a33d92cd"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#66f6fad2-8e97-440c-aea2-e0e1a33d92cd"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#d1fc7be5-5f09-4287-a4e3-15777e7d6570"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#pkg:maven/io.netty/netty-transport-native-epoll@4.1.132.Final"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#1e5efe55-0743-4277-a6b5-305f72c6514a"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#1e5efe55-0743-4277-a6b5-305f72c6514a"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#1e5efe55-0743-4277-a6b5-305f72c6514a"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#1e5efe55-0743-4277-a6b5-305f72c6514a"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#1e5efe55-0743-4277-a6b5-305f72c6514a"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#0acd63c3-300a-4d97-89d5-662ffc0e7d9c"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#0acd63c3-300a-4d97-89d5-662ffc0e7d9c"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#0acd63c3-300a-4d97-89d5-662ffc0e7d9c"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#0acd63c3-300a-4d97-89d5-662ffc0e7d9c"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#0acd63c3-300a-4d97-89d5-662ffc0e7d9c"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#0acd63c3-300a-4d97-89d5-662ffc0e7d9c"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#1e5efe55-0743-4277-a6b5-305f72c6514a"
        },
        {
          "ref": "urn:cdx:79822606-80bb-4b4a-b189-2083c09a8497/1#pkg:maven/io.netty/netty-transport-native-epoll@4.1.132.Final"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#25c79e74-a11f-424e-b9de-60c85427b474"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#25c79e74-a11f-424e-b9de-60c85427b474"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#25c79e74-a11f-424e-b9de-60c85427b474"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#25c79e74-a11f-424e-b9de-60c85427b474"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#25c79e74-a11f-424e-b9de-60c85427b474"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#30e261a6-0435-4048-9995-a9fd2ab1afbe"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#30e261a6-0435-4048-9995-a9fd2ab1afbe"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#30e261a6-0435-4048-9995-a9fd2ab1afbe"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#30e261a6-0435-4048-9995-a9fd2ab1afbe"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#30e261a6-0435-4048-9995-a9fd2ab1afbe"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#30e261a6-0435-4048-9995-a9fd2ab1afbe"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#25c79e74-a11f-424e-b9de-60c85427b474"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#324322aa-a99e-4232-b83c-216e2cd4f2b7"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#324322aa-a99e-4232-b83c-216e2cd4f2b7"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#324322aa-a99e-4232-b83c-216e2cd4f2b7"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#324322aa-a99e-4232-b83c-216e2cd4f2b7"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#324322aa-a99e-4232-b83c-216e2cd4f2b7"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#0bdf6447-59e5-480e-bf12-22c23709b151"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#0bdf6447-59e5-480e-bf12-22c23709b151"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#0bdf6447-59e5-480e-bf12-22c23709b151"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#0bdf6447-59e5-480e-bf12-22c23709b151"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#0bdf6447-59e5-480e-bf12-22c23709b151"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#0bdf6447-59e5-480e-bf12-22c23709b151"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#324322aa-a99e-4232-b83c-216e2cd4f2b7"
        },
        {
          "ref": "urn:cdx:b3144944-978b-40c4-b130-dfbb479d3bd2/1#pkg:maven/io.netty/netty-transport-native-epoll@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:b3144944-978b-40c4-b130-dfbb479d3bd2/1#pkg:maven/io.netty/netty-transport-native-epoll@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:b3144944-978b-40c4-b130-dfbb479d3bd2/1#pkg:maven/io.netty/netty-transport-native-epoll@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:b3144944-978b-40c4-b130-dfbb479d3bd2/1#pkg:maven/io.netty/netty-transport-native-epoll@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:b3144944-978b-40c4-b130-dfbb479d3bd2/1#pkg:maven/io.netty/netty-transport-native-epoll@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:b3144944-978b-40c4-b130-dfbb479d3bd2/1#pkg:maven/io.netty/netty-transport-native-epoll@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#0a930a81-b3c0-4d4c-9296-05832ab4c52f"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#0a930a81-b3c0-4d4c-9296-05832ab4c52f"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#0a930a81-b3c0-4d4c-9296-05832ab4c52f"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#0a930a81-b3c0-4d4c-9296-05832ab4c52f"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#0a930a81-b3c0-4d4c-9296-05832ab4c52f"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#pkg:maven/io.netty/netty-transport-native-epoll@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#pkg:maven/io.netty/netty-transport-native-epoll@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#pkg:maven/io.netty/netty-transport-native-epoll@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#pkg:maven/io.netty/netty-transport-native-epoll@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#pkg:maven/io.netty/netty-transport-native-epoll@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#pkg:maven/io.netty/netty-transport-native-epoll@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#0a930a81-b3c0-4d4c-9296-05832ab4c52f"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#24370101-223d-45b8-943d-a8db1288170f"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#24370101-223d-45b8-943d-a8db1288170f"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#24370101-223d-45b8-943d-a8db1288170f"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#24370101-223d-45b8-943d-a8db1288170f"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#24370101-223d-45b8-943d-a8db1288170f"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#pkg:maven/io.netty/netty-transport-native-epoll@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#pkg:maven/io.netty/netty-transport-native-epoll@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#pkg:maven/io.netty/netty-transport-native-epoll@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#pkg:maven/io.netty/netty-transport-native-epoll@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#pkg:maven/io.netty/netty-transport-native-epoll@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#pkg:maven/io.netty/netty-transport-native-epoll@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#24370101-223d-45b8-943d-a8db1288170f"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#157d8527-1dbb-4c59-a1ff-6cdeb60011be"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#157d8527-1dbb-4c59-a1ff-6cdeb60011be"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#157d8527-1dbb-4c59-a1ff-6cdeb60011be"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#157d8527-1dbb-4c59-a1ff-6cdeb60011be"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#157d8527-1dbb-4c59-a1ff-6cdeb60011be"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#26955c44-8a89-4a09-9fbc-e11be61f5b94"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#26955c44-8a89-4a09-9fbc-e11be61f5b94"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#26955c44-8a89-4a09-9fbc-e11be61f5b94"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#26955c44-8a89-4a09-9fbc-e11be61f5b94"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#26955c44-8a89-4a09-9fbc-e11be61f5b94"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#26955c44-8a89-4a09-9fbc-e11be61f5b94"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#157d8527-1dbb-4c59-a1ff-6cdeb60011be"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/io.netty/netty-transport-native-kqueue@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/io.netty/netty-transport-native-kqueue@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/io.netty/netty-transport-native-kqueue@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/io.netty/netty-transport-native-kqueue@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/io.netty/netty-transport-native-kqueue@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/io.netty/netty-transport-native-epoll@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/io.netty/netty-transport-native-epoll@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/io.netty/netty-transport-native-epoll@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/io.netty/netty-transport-native-epoll@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/io.netty/netty-transport-native-epoll@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/io.netty/netty-transport-native-epoll@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/io.netty/netty-transport-native-kqueue@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#0bf5353b-5c10-401d-930a-ed05c9f73e44"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#0bf5353b-5c10-401d-930a-ed05c9f73e44"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#0bf5353b-5c10-401d-930a-ed05c9f73e44"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#0bf5353b-5c10-401d-930a-ed05c9f73e44"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#0bf5353b-5c10-401d-930a-ed05c9f73e44"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#04abce0a-645f-4867-b80b-904f672adb10"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#04abce0a-645f-4867-b80b-904f672adb10"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#04abce0a-645f-4867-b80b-904f672adb10"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#04abce0a-645f-4867-b80b-904f672adb10"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#04abce0a-645f-4867-b80b-904f672adb10"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#04abce0a-645f-4867-b80b-904f672adb10"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#0bf5353b-5c10-401d-930a-ed05c9f73e44"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#3cd1754b-67b9-4284-841f-ed3b83694bcb"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#3cd1754b-67b9-4284-841f-ed3b83694bcb"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#3cd1754b-67b9-4284-841f-ed3b83694bcb"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#3cd1754b-67b9-4284-841f-ed3b83694bcb"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#3cd1754b-67b9-4284-841f-ed3b83694bcb"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#20d69d2e-2c7c-44db-a731-c2482c746f51"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#20d69d2e-2c7c-44db-a731-c2482c746f51"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#20d69d2e-2c7c-44db-a731-c2482c746f51"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#20d69d2e-2c7c-44db-a731-c2482c746f51"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#20d69d2e-2c7c-44db-a731-c2482c746f51"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#20d69d2e-2c7c-44db-a731-c2482c746f51"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#3cd1754b-67b9-4284-841f-ed3b83694bcb"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#1bbe6c6b-9f47-4b14-8a07-a7eb417e2315"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#1bbe6c6b-9f47-4b14-8a07-a7eb417e2315"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#1bbe6c6b-9f47-4b14-8a07-a7eb417e2315"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#1bbe6c6b-9f47-4b14-8a07-a7eb417e2315"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#1bbe6c6b-9f47-4b14-8a07-a7eb417e2315"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#09535e74-27fe-4afc-bb88-9a0129a5656c"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#09535e74-27fe-4afc-bb88-9a0129a5656c"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#09535e74-27fe-4afc-bb88-9a0129a5656c"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#09535e74-27fe-4afc-bb88-9a0129a5656c"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#09535e74-27fe-4afc-bb88-9a0129a5656c"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#09535e74-27fe-4afc-bb88-9a0129a5656c"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#1bbe6c6b-9f47-4b14-8a07-a7eb417e2315"
        },
        {
          "ref": "urn:cdx:81487979-8292-4128-b1be-19c3deaa68ea/1#pkg:maven/io.netty/netty-transport-native-kqueue@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:81487979-8292-4128-b1be-19c3deaa68ea/1#pkg:maven/io.netty/netty-transport-native-kqueue@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:81487979-8292-4128-b1be-19c3deaa68ea/1#pkg:maven/io.netty/netty-transport-native-kqueue@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:81487979-8292-4128-b1be-19c3deaa68ea/1#pkg:maven/io.netty/netty-transport-native-kqueue@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:81487979-8292-4128-b1be-19c3deaa68ea/1#pkg:maven/io.netty/netty-transport-native-kqueue@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:81487979-8292-4128-b1be-19c3deaa68ea/1#pkg:maven/io.netty/netty-transport-native-epoll@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:81487979-8292-4128-b1be-19c3deaa68ea/1#pkg:maven/io.netty/netty-transport-native-epoll@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:81487979-8292-4128-b1be-19c3deaa68ea/1#pkg:maven/io.netty/netty-transport-native-epoll@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:81487979-8292-4128-b1be-19c3deaa68ea/1#pkg:maven/io.netty/netty-transport-native-epoll@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:81487979-8292-4128-b1be-19c3deaa68ea/1#pkg:maven/io.netty/netty-transport-native-epoll@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:81487979-8292-4128-b1be-19c3deaa68ea/1#pkg:maven/io.netty/netty-transport-native-epoll@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:81487979-8292-4128-b1be-19c3deaa68ea/1#pkg:maven/io.netty/netty-transport-native-kqueue@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:maven/io.netty/netty-transport-native-epoll@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:maven/io.netty/netty-transport-native-epoll@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:maven/io.netty/netty-transport-native-epoll@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:maven/io.netty/netty-transport-native-epoll@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:maven/io.netty/netty-transport-native-epoll@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:maven/io.netty/netty-transport-native-epoll@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:maven/io.netty/netty-transport-native-epoll@4.1.132.Final"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#4d96ff70-1750-4525-8fd1-c80edede9411"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#4d96ff70-1750-4525-8fd1-c80edede9411"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#4d96ff70-1750-4525-8fd1-c80edede9411"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#4d96ff70-1750-4525-8fd1-c80edede9411"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#4d96ff70-1750-4525-8fd1-c80edede9411"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#8c9a2464-259a-413b-816e-a58b860edc9c"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#8c9a2464-259a-413b-816e-a58b860edc9c"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#8c9a2464-259a-413b-816e-a58b860edc9c"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#8c9a2464-259a-413b-816e-a58b860edc9c"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#8c9a2464-259a-413b-816e-a58b860edc9c"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#8c9a2464-259a-413b-816e-a58b860edc9c"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#4d96ff70-1750-4525-8fd1-c80edede9411"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#2907351b-e30d-42b8-8a00-e742e509b747"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#2907351b-e30d-42b8-8a00-e742e509b747"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#2907351b-e30d-42b8-8a00-e742e509b747"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#2907351b-e30d-42b8-8a00-e742e509b747"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#2907351b-e30d-42b8-8a00-e742e509b747"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#007f38cc-22a9-4979-b413-592f2fe7601b"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#007f38cc-22a9-4979-b413-592f2fe7601b"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#007f38cc-22a9-4979-b413-592f2fe7601b"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#007f38cc-22a9-4979-b413-592f2fe7601b"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#007f38cc-22a9-4979-b413-592f2fe7601b"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#007f38cc-22a9-4979-b413-592f2fe7601b"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#2907351b-e30d-42b8-8a00-e742e509b747"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:maven/io.netty/netty-transport-native-epoll@4.1.132.Final"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#0cf08519-6f62-407f-84e3-8e6777d82321"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#0cf08519-6f62-407f-84e3-8e6777d82321"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#0cf08519-6f62-407f-84e3-8e6777d82321"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#0cf08519-6f62-407f-84e3-8e6777d82321"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#0cf08519-6f62-407f-84e3-8e6777d82321"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#0a1ad543-a3d9-4377-a729-494ad33ad56a"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#0a1ad543-a3d9-4377-a729-494ad33ad56a"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#0a1ad543-a3d9-4377-a729-494ad33ad56a"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#0a1ad543-a3d9-4377-a729-494ad33ad56a"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#0a1ad543-a3d9-4377-a729-494ad33ad56a"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#0a1ad543-a3d9-4377-a729-494ad33ad56a"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#0cf08519-6f62-407f-84e3-8e6777d82321"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#0c6ec6dc-3efa-44c9-9d01-d06da8b09d2a"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#0c6ec6dc-3efa-44c9-9d01-d06da8b09d2a"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#0c6ec6dc-3efa-44c9-9d01-d06da8b09d2a"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#0c6ec6dc-3efa-44c9-9d01-d06da8b09d2a"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#0c6ec6dc-3efa-44c9-9d01-d06da8b09d2a"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#071bf784-bb00-4908-bf96-e6e2d481671c"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#071bf784-bb00-4908-bf96-e6e2d481671c"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#071bf784-bb00-4908-bf96-e6e2d481671c"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#071bf784-bb00-4908-bf96-e6e2d481671c"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#071bf784-bb00-4908-bf96-e6e2d481671c"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#071bf784-bb00-4908-bf96-e6e2d481671c"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#0c6ec6dc-3efa-44c9-9d01-d06da8b09d2a"
        },
        {
          "ref": "urn:cdx:2318b985-4766-44a8-b195-c5db9e77d2db/1#pkg:maven/io.netty/netty-transport-native-epoll@4.1.132.Final"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#087e0251-f9c5-4299-9bc7-72939bb0200a"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#087e0251-f9c5-4299-9bc7-72939bb0200a"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#087e0251-f9c5-4299-9bc7-72939bb0200a"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#087e0251-f9c5-4299-9bc7-72939bb0200a"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#087e0251-f9c5-4299-9bc7-72939bb0200a"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#334f2818-19f4-495a-858d-186764007229"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#334f2818-19f4-495a-858d-186764007229"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#334f2818-19f4-495a-858d-186764007229"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#334f2818-19f4-495a-858d-186764007229"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#334f2818-19f4-495a-858d-186764007229"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#334f2818-19f4-495a-858d-186764007229"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#087e0251-f9c5-4299-9bc7-72939bb0200a"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:maven/io.netty/netty-transport-native-epoll@4.1.132.Final"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#55ca0cef-b7bb-4512-b507-c7da7242b42c"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#55ca0cef-b7bb-4512-b507-c7da7242b42c"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#55ca0cef-b7bb-4512-b507-c7da7242b42c"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#55ca0cef-b7bb-4512-b507-c7da7242b42c"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#55ca0cef-b7bb-4512-b507-c7da7242b42c"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#1dc4d536-2b77-4bd9-b560-e9f381459849"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#1dc4d536-2b77-4bd9-b560-e9f381459849"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#1dc4d536-2b77-4bd9-b560-e9f381459849"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#1dc4d536-2b77-4bd9-b560-e9f381459849"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#1dc4d536-2b77-4bd9-b560-e9f381459849"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#1dc4d536-2b77-4bd9-b560-e9f381459849"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#55ca0cef-b7bb-4512-b507-c7da7242b42c"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:maven/io.netty/netty-transport-native-epoll@4.1.132.Final"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#6cb2b498-89b4-4f4f-bceb-d95f36bd67d9"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#6cb2b498-89b4-4f4f-bceb-d95f36bd67d9"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#6cb2b498-89b4-4f4f-bceb-d95f36bd67d9"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#6cb2b498-89b4-4f4f-bceb-d95f36bd67d9"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#6cb2b498-89b4-4f4f-bceb-d95f36bd67d9"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#4195fb61-0457-455b-aa35-71e0568c4848"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#4195fb61-0457-455b-aa35-71e0568c4848"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#4195fb61-0457-455b-aa35-71e0568c4848"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#4195fb61-0457-455b-aa35-71e0568c4848"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#4195fb61-0457-455b-aa35-71e0568c4848"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#4195fb61-0457-455b-aa35-71e0568c4848"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#6cb2b498-89b4-4f4f-bceb-d95f36bd67d9"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#06633051-0778-4366-9106-2abbcebac9fe"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#06633051-0778-4366-9106-2abbcebac9fe"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#06633051-0778-4366-9106-2abbcebac9fe"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#06633051-0778-4366-9106-2abbcebac9fe"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#06633051-0778-4366-9106-2abbcebac9fe"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#04058dda-9e74-4104-b06e-980ad510fdb6"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#04058dda-9e74-4104-b06e-980ad510fdb6"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#04058dda-9e74-4104-b06e-980ad510fdb6"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#04058dda-9e74-4104-b06e-980ad510fdb6"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#04058dda-9e74-4104-b06e-980ad510fdb6"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#04058dda-9e74-4104-b06e-980ad510fdb6"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#06633051-0778-4366-9106-2abbcebac9fe"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#505cec5e-bc19-4dfc-89af-7b996536a105"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#505cec5e-bc19-4dfc-89af-7b996536a105"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#505cec5e-bc19-4dfc-89af-7b996536a105"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#505cec5e-bc19-4dfc-89af-7b996536a105"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#505cec5e-bc19-4dfc-89af-7b996536a105"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:maven/io.netty/netty-transport-native-epoll@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:maven/io.netty/netty-transport-native-epoll@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:maven/io.netty/netty-transport-native-epoll@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:maven/io.netty/netty-transport-native-epoll@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:maven/io.netty/netty-transport-native-epoll@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:maven/io.netty/netty-transport-native-epoll@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#505cec5e-bc19-4dfc-89af-7b996536a105"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#18e33a0b-16d1-4957-9b4b-db8f81f9c334"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#18e33a0b-16d1-4957-9b4b-db8f81f9c334"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#18e33a0b-16d1-4957-9b4b-db8f81f9c334"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#18e33a0b-16d1-4957-9b4b-db8f81f9c334"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#18e33a0b-16d1-4957-9b4b-db8f81f9c334"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#105ace3d-cbb5-4071-b606-76ef6505a440"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#105ace3d-cbb5-4071-b606-76ef6505a440"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#105ace3d-cbb5-4071-b606-76ef6505a440"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#105ace3d-cbb5-4071-b606-76ef6505a440"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#105ace3d-cbb5-4071-b606-76ef6505a440"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#105ace3d-cbb5-4071-b606-76ef6505a440"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#18e33a0b-16d1-4957-9b4b-db8f81f9c334"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#1a1d59fc-0bca-4802-8080-cc6f917018f4"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#1a1d59fc-0bca-4802-8080-cc6f917018f4"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#1a1d59fc-0bca-4802-8080-cc6f917018f4"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#1a1d59fc-0bca-4802-8080-cc6f917018f4"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#1a1d59fc-0bca-4802-8080-cc6f917018f4"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#07339adb-29da-4e23-ac10-abb4759ea77c"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#07339adb-29da-4e23-ac10-abb4759ea77c"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#07339adb-29da-4e23-ac10-abb4759ea77c"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#07339adb-29da-4e23-ac10-abb4759ea77c"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#07339adb-29da-4e23-ac10-abb4759ea77c"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#07339adb-29da-4e23-ac10-abb4759ea77c"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#1a1d59fc-0bca-4802-8080-cc6f917018f4"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#233e8f2a-6df2-4e27-a80a-5dc4f252fde1"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#233e8f2a-6df2-4e27-a80a-5dc4f252fde1"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#233e8f2a-6df2-4e27-a80a-5dc4f252fde1"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#233e8f2a-6df2-4e27-a80a-5dc4f252fde1"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#233e8f2a-6df2-4e27-a80a-5dc4f252fde1"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#07052695-ef58-4ae5-a536-9cf8e4e236ec"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#07052695-ef58-4ae5-a536-9cf8e4e236ec"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#07052695-ef58-4ae5-a536-9cf8e4e236ec"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#07052695-ef58-4ae5-a536-9cf8e4e236ec"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#07052695-ef58-4ae5-a536-9cf8e4e236ec"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#07052695-ef58-4ae5-a536-9cf8e4e236ec"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#233e8f2a-6df2-4e27-a80a-5dc4f252fde1"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#00cbfb64-97a9-4b01-9ba6-cc30c5df3f78"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#00cbfb64-97a9-4b01-9ba6-cc30c5df3f78"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#00cbfb64-97a9-4b01-9ba6-cc30c5df3f78"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#00cbfb64-97a9-4b01-9ba6-cc30c5df3f78"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#00cbfb64-97a9-4b01-9ba6-cc30c5df3f78"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#0d9bf201-3262-43f1-a0e4-7342c97f2f05"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#0d9bf201-3262-43f1-a0e4-7342c97f2f05"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#0d9bf201-3262-43f1-a0e4-7342c97f2f05"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#0d9bf201-3262-43f1-a0e4-7342c97f2f05"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#0d9bf201-3262-43f1-a0e4-7342c97f2f05"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#0d9bf201-3262-43f1-a0e4-7342c97f2f05"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#00cbfb64-97a9-4b01-9ba6-cc30c5df3f78"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#063eb5cc-a2d7-4b39-bbd8-52a6f1d7d9f6"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#063eb5cc-a2d7-4b39-bbd8-52a6f1d7d9f6"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#063eb5cc-a2d7-4b39-bbd8-52a6f1d7d9f6"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#063eb5cc-a2d7-4b39-bbd8-52a6f1d7d9f6"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#063eb5cc-a2d7-4b39-bbd8-52a6f1d7d9f6"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#06170e58-f6f5-4987-8b07-fa889e1978ec"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#06170e58-f6f5-4987-8b07-fa889e1978ec"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#06170e58-f6f5-4987-8b07-fa889e1978ec"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#06170e58-f6f5-4987-8b07-fa889e1978ec"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#06170e58-f6f5-4987-8b07-fa889e1978ec"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#06170e58-f6f5-4987-8b07-fa889e1978ec"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#063eb5cc-a2d7-4b39-bbd8-52a6f1d7d9f6"
        },
        {
          "ref": "urn:cdx:f39e636d-a91d-4b16-89e7-93b2d9de9bcd/1#pkg:maven/io.netty/netty-transport-native-epoll@4.1.132.Final"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#01b171d3-81df-4d79-bb63-cc418ef10697"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#01b171d3-81df-4d79-bb63-cc418ef10697"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#01b171d3-81df-4d79-bb63-cc418ef10697"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#01b171d3-81df-4d79-bb63-cc418ef10697"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#01b171d3-81df-4d79-bb63-cc418ef10697"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#154c29c0-bd23-40fd-a836-9621f7e4f087"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#154c29c0-bd23-40fd-a836-9621f7e4f087"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#154c29c0-bd23-40fd-a836-9621f7e4f087"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#154c29c0-bd23-40fd-a836-9621f7e4f087"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#154c29c0-bd23-40fd-a836-9621f7e4f087"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#154c29c0-bd23-40fd-a836-9621f7e4f087"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#01b171d3-81df-4d79-bb63-cc418ef10697"
        }
      ],
      "analysis": {
        "state": "in_triage",
        "justification": "",
        "response": [],
        "detail": "This CVE is under investigation by Confluent."
      }
    },
    {
      "id": "CVE-2026-45673",
      "source": {
        "name": "ghsa",
        "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven"
      },
      "ratings": [
        {
          "source": {
            "name": "ghsa"
          },
          "score": 6.8,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N"
        }
      ],
      "description": "### Summary\nNetty's DNS resolver uses a predictable PRNG for generating DNS transaction IDs and defaults to a static UDP source port. This combination reduces the entropy of DNS queries, enabling DNS Cache Poisoning (Kaminsky attack).\n\n### Details\nTwo factors contribute to this vulnerability in io.netty.resolver.dns:\n- Predictable Query IDs: `DnsQueryIdSpace` manages 16-bit transaction IDs in buckets of 16,384 IDs. It initializes only the first bucket. When an ID is returned, it is pushed back into the bucket at a random index generated by java.util.concurrent.ThreadLocalRandom:\n\n```java\nRandom random = ThreadLocalRandom.current();\nint insertionPosition = random.nextInt(count + 1);\n```\n\nBecause ThreadLocalRandom is a predictable LCG and the resolver operates within a single bucket, the sequence of IDs is predictable once the PRNG state is mathematically recovered.\n\n- Default Static Source Port: `DnsNameResolverBuilder` defaults to a `channelStrategy` of `ChannelPerResolver`. This binds the DatagramChannel once, resulting in a static source port for all subsequent queries.\n\nCombined, a static source port and predictable transaction IDs reduces the entropy required to secure DNS resolution against spoofing.\n\n### Impact\nDNS Cache Poisoning. Downstream applications using the default Netty DNS resolver may connect to malicious IPs, leading to traffic interception or MitM attacks.",
      "recommendation": "Upgrade io.netty:netty-resolver-dns to version 4.2.15.Final, 4.1.135.Final",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-45673"
        },
        {
          "url": "https://github.com/netty/netty"
        },
        {
          "url": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final"
        },
        {
          "url": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final"
        },
        {
          "url": "https://github.com/netty/netty/security/advisories/GHSA-xmv7-r254-6q78"
        }
      ],
      "affects": [
        {
          "ref": "pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#11d74907-5623-401a-98fa-077e5a665785"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#11d74907-5623-401a-98fa-077e5a665785"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#ae9310c3-683d-4aa7-a436-cf0bd266a721"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#ae9310c3-683d-4aa7-a436-cf0bd266a721"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#198d0120-85b4-4ae6-987a-d658c74702bb"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#198d0120-85b4-4ae6-987a-d658c74702bb"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#73d3c098-a308-4013-974e-d2c3eaeabbb5"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#73d3c098-a308-4013-974e-d2c3eaeabbb5"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#04c9b36d-3b16-4e88-a5f2-ff8ac12583f7"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#04c9b36d-3b16-4e88-a5f2-ff8ac12583f7"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#2a99dc13-3c6e-448b-987a-15f03b7581a7"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#2a99dc13-3c6e-448b-987a-15f03b7581a7"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#5bf3cd3d-0efb-445f-b246-1caad9ac9aa9"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#5bf3cd3d-0efb-445f-b246-1caad9ac9aa9"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#580b0df2-3738-4b89-8606-c9c5435b58f9"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#580b0df2-3738-4b89-8606-c9c5435b58f9"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#3bb57721-b9f0-4836-9712-f786589299d8"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#3bb57721-b9f0-4836-9712-f786589299d8"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#3e01516e-de83-409f-802f-e5cdbf722ecf"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#3e01516e-de83-409f-802f-e5cdbf722ecf"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#3cdf1215-eea5-428b-81ef-5590a7705c36"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#3cdf1215-eea5-428b-81ef-5590a7705c36"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#32526ab6-5d66-4c8a-9c4e-e6ac35eca5ef"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#32526ab6-5d66-4c8a-9c4e-e6ac35eca5ef"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#080425fb-39a9-4188-b56e-2debe0794bc2"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#080425fb-39a9-4188-b56e-2debe0794bc2"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#0dd070d3-3606-486b-8f38-f97c2ab5a171"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#0dd070d3-3606-486b-8f38-f97c2ab5a171"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#27111b1b-22b4-483d-a25e-2e6edb1ebfd9"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#27111b1b-22b4-483d-a25e-2e6edb1ebfd9"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-45674",
      "source": {
        "name": "ghsa",
        "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven"
      },
      "ratings": [
        {
          "source": {
            "name": "ghsa"
          },
          "score": 8.7,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N"
        }
      ],
      "description": "### Summary\nNetty's DnsResolveContext fails to validate the origin (bailiwick) of CNAME records in DNS responses.\n\n### Details\nIn `io.netty.resolver.dns.DnsResolveContext#buildAliasMap`, the resolver processes the ANSWER section of a DNS response and blindly caches all CNAME records it finds.\n\nAccording to https://datatracker.ietf.org/doc/html/rfc5452#section-6 \n\n```\nCare must be taken to only accept\n   data if it is known that the originator is authoritative for the\n   QNAME or a parent of the QNAME.\n   One very simple way to achieve this is to only accept data if it is\n   part of the domain for which the query was intended.\n```\n\n### Impact\nDNS Cache Poisoning (Bailiwick Bypass). Any application using Netty's DNS resolver is impacted.",
      "recommendation": "Upgrade io.netty:netty-resolver-dns to version 4.2.15.Final, 4.1.135.Final",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-45674"
        },
        {
          "url": "https://github.com/netty/netty"
        },
        {
          "url": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final"
        },
        {
          "url": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final"
        },
        {
          "url": "https://github.com/netty/netty/security/advisories/GHSA-676x-f7gg-47vc"
        }
      ],
      "affects": [
        {
          "ref": "pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#11d74907-5623-401a-98fa-077e5a665785"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#11d74907-5623-401a-98fa-077e5a665785"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#ae9310c3-683d-4aa7-a436-cf0bd266a721"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#ae9310c3-683d-4aa7-a436-cf0bd266a721"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#198d0120-85b4-4ae6-987a-d658c74702bb"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#198d0120-85b4-4ae6-987a-d658c74702bb"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#73d3c098-a308-4013-974e-d2c3eaeabbb5"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#73d3c098-a308-4013-974e-d2c3eaeabbb5"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#04c9b36d-3b16-4e88-a5f2-ff8ac12583f7"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#04c9b36d-3b16-4e88-a5f2-ff8ac12583f7"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#2a99dc13-3c6e-448b-987a-15f03b7581a7"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#2a99dc13-3c6e-448b-987a-15f03b7581a7"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#5bf3cd3d-0efb-445f-b246-1caad9ac9aa9"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#5bf3cd3d-0efb-445f-b246-1caad9ac9aa9"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#580b0df2-3738-4b89-8606-c9c5435b58f9"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#580b0df2-3738-4b89-8606-c9c5435b58f9"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#3bb57721-b9f0-4836-9712-f786589299d8"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#3bb57721-b9f0-4836-9712-f786589299d8"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#3e01516e-de83-409f-802f-e5cdbf722ecf"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#3e01516e-de83-409f-802f-e5cdbf722ecf"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#3cdf1215-eea5-428b-81ef-5590a7705c36"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#3cdf1215-eea5-428b-81ef-5590a7705c36"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#32526ab6-5d66-4c8a-9c4e-e6ac35eca5ef"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#32526ab6-5d66-4c8a-9c4e-e6ac35eca5ef"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#080425fb-39a9-4188-b56e-2debe0794bc2"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#080425fb-39a9-4188-b56e-2debe0794bc2"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#0dd070d3-3606-486b-8f38-f97c2ab5a171"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#0dd070d3-3606-486b-8f38-f97c2ab5a171"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#27111b1b-22b4-483d-a25e-2e6edb1ebfd9"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#27111b1b-22b4-483d-a25e-2e6edb1ebfd9"
        }
      ],
      "analysis": {
        "state": "in_triage",
        "justification": "",
        "response": [],
        "detail": "This CVE is under investigation by Confluent."
      }
    },
    {
      "id": "CVE-2026-45799",
      "source": {
        "name": "ghsa",
        "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven"
      },
      "ratings": [
        {
          "source": {
            "name": "ghsa"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        }
      ],
      "description": "# CVE-2026-45799\n\n## Maintainer summary\n\nWire's protobuf group-skipping logic did not reject negative lengths before skipping a\nlength-delimited field inside a group. A crafted protobuf payload could cause Wire to throw an\nunchecked runtime exception during decoding instead of the documented `IOException` /\n`ProtocolException` failure path.\n\nThis can crash services that decode untrusted protobuf payloads and only handle Wire's documented\nchecked decoding failures.\n\n## Affected artifacts\n\n### `com.squareup.wire:wire-runtime`\n\nAffected versions: vulnerable releases before `6.3.0`.\n\nPatched versions: `6.3.0` and later.\n\nUsers should upgrade to `com.squareup.wire:wire-runtime:6.3.0` or later.\n\n### `com.squareup.wire:wire-runtime-jvm`\n\nAffected versions: vulnerable legacy releases, including `5.3.1` and `5.3.3`.\n\nPatched versions: none.\n\n`com.squareup.wire:wire-runtime-jvm` is a discontinued legacy artifact and will not receive a\npatched release. Users should migrate to `com.squareup.wire:wire-runtime:6.3.0` or later.\n\n### Wire 7 alpha releases\n\nThe fix has been merged to `master` and will be included in the next Wire 7 alpha release. Until\nthat release is available, Wire 7 alpha users should avoid decoding untrusted protobuf payloads with\naffected alpha versions or build from a commit containing the fix.\n\n## Fix\n\nThe issue is fixed in Wire `6.3.0`.\n\nThe fix rejects negative lengths while skipping groups and throws `ProtocolException` instead of\nallowing the reader to move to an invalid position and later throw an unchecked runtime exception.\n\n## Credit\n\nReported by @TrekLaps.\n\n## Technical details\n\nThe following technical details are based on the original report, updated by the maintainers to\nreflect the assigned CVE, the supported fixed artifact, and the discontinued status of\n`com.squareup.wire:wire-runtime-jvm`.\n\n`ByteArrayProtoReader32.skipGroup()` in `wire-runtime` did not validate that a\n`LENGTH_DELIMITED` field's length is non-negative before calling `skip()`. A crafted protobuf\nvarint encodes `-128` as a signed `Int`. When `skip(-128)` runs, the internal position counter\nunderflows to an invalid negative position. The next `readByte()` accesses the source with that\nnegative position, throwing `ArrayIndexOutOfBoundsException`, a `RuntimeException` that escapes\nWire's documented `IOException` boundary and can crash the request handler.\n\n`ProtoAdapter.decode(byte[])` is declared to throw `IOException`. Callers following the documented\nAPI may catch only `IOException`, so unchecked runtime exceptions from malformed input can escape\nthe expected error boundary.\n\nThe originally confirmed vulnerable legacy versions include `5.3.1` and `5.3.3` for the\ndiscontinued `com.squareup.wire:wire-runtime-jvm` coordinate. The supported replacement coordinate\nis `com.squareup.wire:wire-runtime`, fixed in version `6.3.0`.\n\n## Root cause\n\nIn the originally reported vulnerable code path, `ByteArrayProtoReader32.skipGroup()` read the\nlength as a signed `Int` and used it without validating that it was non-negative:\n\n```kotlin\nSTATE_LENGTH_DELIMITED -> {\n  val length = internalReadVarint32() // returns signed Int and can be negative\n  skip(length)                        // no negative check\n}\n```\n\nThe internal `skip()` implementation then accepted the negative count because the computed\nposition was not greater than the limit:\n\n```kotlin\nprivate fun skip(byteCount: Int) {\n  val newPos = pos + byteCount        // for example, 7 + (-128) = -121\n  if (newPos > limit) throw EOFException()\n  pos = newPos                        // pos = -121\n}\n```\n\nThe next read could then index the source with the invalid negative position:\n\n```kotlin\nprivate fun readByte(): Byte {\n  if (pos == limit) throw EOFException()\n  return source[pos++]                // source[-121] throws ArrayIndexOutOfBoundsException\n}\n```\n\nWire already rejected negative lengths in normal length-delimited field decoding. The same\nvalidation was missing from group-skipping code.\n\nThe fix adds this validation when skipping groups:\n\n```kotlin\nSTATE_LENGTH_DELIMITED -> {\n  val length = internalReadVarint32()\n  if (length < 0) throw ProtocolException(\"Negative length: $length...\")\n  skip(length)\n}\n```\n\nThe fix was applied to both `ByteArrayProtoReader32.skipGroup()` and `ProtoReader.skipGroup()`.\n\n## Reproduction\n\nThe following reproduction was provided for vulnerable legacy `wire-runtime-jvm` releases such as\n`5.3.1` and `5.3.3`:\n\n```bash\ncurl -sL https://repo1.maven.org/maven2/com/squareup/wire/wire-runtime-jvm/5.3.3/wire-runtime-jvm-5.3.3.jar -o wire.jar\ncurl -sL https://repo1.maven.org/maven2/com/squareup/okio/okio-jvm/3.9.1/okio-jvm-3.9.1.jar -o okio.jar\ncurl -sL https://repo1.maven.org/maven2/org/jetbrains/kotlin/kotlin-stdlib/2.1.0/kotlin-stdlib-2.1.0.jar -o stdlib.jar\n```\n\n```java\n// WirePoc.java\nimport com.squareup.wire.AnyMessage;\n\npublic class WirePoc {\n  public static void main(String[] args) throws Exception {\n    byte[] payload = new byte[] {\n      (byte) 0x9B, 0x06,                                          // field 99, START_GROUP\n      0x0A,                                                       // field 1, LENGTH_DELIMITED\n      (byte) 0x80, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 0x0F,   // varint = -128\n      (byte) 0x9C, 0x06                                           // field 99, END_GROUP\n    };\n\n    AnyMessage.ADAPTER.decode(payload);\n  }\n}\n```\n\n```bash\njavac -cp \"wire.jar:okio.jar:stdlib.jar\" WirePoc.java\njava -cp \".:wire.jar:okio.jar:stdlib.jar\" WirePoc\n```\n\nObserved output on vulnerable versions:\n\n```text\nException in thread \"main\" java.lang.ArrayIndexOutOfBoundsException: Index -120 out of bounds for length 10\n    at com.squareup.wire.ByteArrayProtoReader32.readByte(ByteArrayProtoReader32.kt:448)\n    at com.squareup.wire.ByteArrayProtoReader32.internalReadVarint32(ByteArrayProtoReader32.kt:294)\n    at com.squareup.wire.ByteArrayProtoReader32.skipGroup(ByteArrayProtoReader32.kt:209)\n    at com.squareup.wire.ByteArrayProtoReader32.nextTag(ByteArrayProtoReader32.kt:156)\n    at com.squareup.wire.AnyMessage$Companion$ADAPTER$1.decode(AnyMessage.kt:150)\n    at com.squareup.wire.AnyMessage$Companion$ADAPTER$1.decode(AnyMessage.kt:88)\n    at com.squareup.wire.ProtoAdapter.decode(ProtoAdapter.kt:468)\n    at WirePoc.main(WirePoc.java:10)\n```\n\nWith the fix, the same payload is rejected with `ProtocolException`.\n\n## Why this can affect any Wire-decoding service\n\n`skipGroup()` is called for any unknown field with wire type 3. An attacker can send an unknown\nfield, such as field 99, with wire type `START_GROUP`. The decoder skips it via `skipGroup()`\nregardless of which message type the service uses, so no schema knowledge is required.\n\nPayload:\n\n```text\n9b060a80ffffff0f9c06\n```\n\nPayload breakdown:\n\n```text\n0x9B 0x06                 field 99, wire type 3 (START_GROUP)\n0x0A                      field 1, wire type 2 (LENGTH_DELIMITED) inside group\n0x80 0xFF 0xFF 0xFF 0x0F  5-byte varint = -128 as signed Int\n0x9C 0x06                 field 99, END_GROUP\n```",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-45799"
        },
        {
          "url": "https://github.com/square/wire"
        },
        {
          "url": "https://github.com/square/wire/pull/3595"
        },
        {
          "url": "https://github.com/square/wire/pull/3597"
        },
        {
          "url": "https://github.com/square/wire/security/advisories/GHSA-7xpr-hc2w-34m9"
        }
      ],
      "affects": [
        {
          "ref": "pkg:maven/com.squareup.wire/wire-runtime-jvm@4.9.7",
          "versions": [
            {
              "version": "4.9.7",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#pkg:maven/com.squareup.wire/wire-runtime-jvm@4.9.7"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#pkg:maven/com.squareup.wire/wire-runtime-jvm@4.9.7"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#pkg:maven/com.squareup.wire/wire-runtime-jvm@4.9.7"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#pkg:maven/com.squareup.wire/wire-runtime-jvm@4.9.7"
        },
        {
          "ref": "urn:cdx:b3144944-978b-40c4-b130-dfbb479d3bd2/1#pkg:maven/com.squareup.wire/wire-runtime-jvm@4.9.7"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#pkg:maven/com.squareup.wire/wire-runtime-jvm@4.9.7"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#4976dbf8-ad80-481e-bfa0-5e4cc4818cb2"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#9a841cec-9f56-4a19-b358-a999990565f7"
        },
        {
          "ref": "urn:cdx:08ee2388-95ee-4596-88e5-b082bc7831ec/1#pkg:maven/com.squareup.wire/wire-runtime-jvm@4.9.7"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#pkg:maven/com.squareup.wire/wire-runtime-jvm@4.9.7"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#354006e3-d561-4cea-90f9-2299d6c03251"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#118fbc58-f510-42ce-869f-438030068513"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#6588ef8e-2036-403d-ac8d-5db952779a07"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#5529d5f8-1533-4abe-ae58-38470a2c912d"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#2301ca9c-fa57-413a-ac66-1fc67ef6161f"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:maven/com.squareup.wire/wire-runtime-jvm@4.9.7"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#0fded4f2-9cac-4b46-9de3-d411548e7d1e"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#0f55f1ad-4706-4e13-8499-938b4f80c0fa"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#a9387b94-b5e6-4961-89de-0a93de2fbd19"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#57bdcc7b-1c1d-4bec-b906-d8fd8716f598"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#0880dcec-7a36-4cec-8e92-890e1f387304"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#0a260b53-ff61-4336-9e24-4e1dc9d16290"
        }
      ],
      "analysis": {
        "state": "in_triage",
        "justification": "",
        "response": [],
        "detail": "This CVE is under investigation by Confluent."
      }
    },
    {
      "id": "CVE-2026-46340",
      "source": {
        "name": "ghsa",
        "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven"
      },
      "ratings": [
        {
          "source": {
            "name": "ghsa"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        }
      ],
      "description": "For each non-complete SctpMessage fragment the handler does `fragments.put(streamId, Unpooled.wrappedBuffer(frag, byteBuf))`, wrapping the previous accumulator and the new slice into a *new* CompositeByteBuf every time. After N fragments the accumulator is an N-deep chain of composites, each holding references and component arrays; readableBytes()/getBytes() on the final buffer recurse N levels. There is no limit on N, on total bytes, or on the number of streamIdentifiers an attacker can open (each gets its own map entry). A peer that never sets the `complete` flag can grow this structure indefinitely from tiny 1-byte DATA chunks.",
      "recommendation": "Upgrade io.netty:netty-transport-sctp to version 4.2.15.Final, 4.1.135.Final",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-46340"
        },
        {
          "url": "https://github.com/netty/netty"
        },
        {
          "url": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final"
        },
        {
          "url": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final"
        },
        {
          "url": "https://github.com/netty/netty/security/advisories/GHSA-5xrh-qmmq-w6ch"
        }
      ],
      "affects": [
        {
          "ref": "pkg:maven/io.netty/netty-transport-sctp@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/io.netty/netty-transport-sctp@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#36d92c30-686c-4040-9f14-53c0baf78faf"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#36d92c30-686c-4040-9f14-53c0baf78faf"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#3401ba75-5535-410e-9f5e-19e18a090c50"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#3401ba75-5535-410e-9f5e-19e18a090c50"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#e80eb087-c1d4-4aac-8e8b-2c5e5f441144"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#e80eb087-c1d4-4aac-8e8b-2c5e5f441144"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-transport-sctp@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-transport-sctp@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-transport-sctp@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-transport-sctp@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-transport-sctp@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-transport-sctp@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#pkg:maven/io.netty/netty-transport-sctp@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#pkg:maven/io.netty/netty-transport-sctp@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#pkg:maven/io.netty/netty-transport-sctp@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#pkg:maven/io.netty/netty-transport-sctp@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#5566e91d-2061-46ae-8c0e-3e0a5a0c766b"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#5566e91d-2061-46ae-8c0e-3e0a5a0c766b"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:maven/io.netty/netty-transport-sctp@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:maven/io.netty/netty-transport-sctp@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#0a203e57-6d25-4082-a908-902e79fa1e64"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#0a203e57-6d25-4082-a908-902e79fa1e64"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#771c93c8-2998-4813-accb-76e4b80cbf8a"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#771c93c8-2998-4813-accb-76e4b80cbf8a"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#34836cbf-a09a-4bb0-bf65-1933f534bd45"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#34836cbf-a09a-4bb0-bf65-1933f534bd45"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#19dbb834-7464-43b5-b719-a28eca8ea42e"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#19dbb834-7464-43b5-b719-a28eca8ea42e"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:maven/io.netty/netty-transport-sctp@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:maven/io.netty/netty-transport-sctp@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#33d6334a-3b9b-4647-b21e-17658abdd15a"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#33d6334a-3b9b-4647-b21e-17658abdd15a"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#0aa620ec-db98-4e04-9909-652dc77aa35e"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#0aa620ec-db98-4e04-9909-652dc77aa35e"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#2e714360-ef29-45d0-9c43-7208f8c2b647"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#2e714360-ef29-45d0-9c43-7208f8c2b647"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#618ed1e9-06d9-4123-aa3c-98b030d1c878"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#618ed1e9-06d9-4123-aa3c-98b030d1c878"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#601b5027-43a7-4229-b3b7-1a6fff142acb"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#601b5027-43a7-4229-b3b7-1a6fff142acb"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#030749ea-d516-444a-b1c4-0a2ac7295d1f"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#030749ea-d516-444a-b1c4-0a2ac7295d1f"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#98c2b699-722e-46b0-a5ac-ccb2c7be9c08"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#98c2b699-722e-46b0-a5ac-ccb2c7be9c08"
        }
      ],
      "analysis": {
        "state": "in_triage",
        "justification": "",
        "response": [],
        "detail": "This CVE is under investigation by Confluent."
      }
    },
    {
      "id": "CVE-2026-47244",
      "source": {
        "name": "ghsa",
        "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven"
      },
      "ratings": [
        {
          "source": {
            "name": "ghsa"
          },
          "score": 5.3,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
        }
      ],
      "description": "### Impact\nDefaultHttp2Connection.DefaultEndpoint initialises maxActiveStreams/maxStreams to Integer.MAX_VALUE, and Http2Settings never inserts SETTINGS_MAX_CONCURRENT_STREAMS by default (Http2Settings.java:305-307 only clamps a user-supplied value). Unless the application explicitly calls initialSettings().maxConcurrentStreams(n), a Netty HTTP/2 server advertises no limit and enforces none locally. Each open stream allocates a DefaultStream object, PropertyMap slots, flow-controller state and IntObjectHashMap entry; with ~2^30 permissible odd stream IDs a single TCP connection can create hundreds of thousands of long-lived stream objects. This is also the precondition for CVE-2023-44487-style Rapid-Reset amplification, where the absence of a low concurrent cap multiplies backend work.\n\n### Resources\nhttps://www.rfc-editor.org/rfc/rfc7540.html#section-6.5.2",
      "recommendation": "Upgrade io.netty:netty-codec-http2 to version 4.2.15.Final, 4.1.135.Final",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-47244"
        },
        {
          "url": "https://github.com/netty/netty"
        },
        {
          "url": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final"
        },
        {
          "url": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final"
        },
        {
          "url": "https://github.com/netty/netty/security/advisories/GHSA-5x3r-wrvg-rp6q"
        }
      ],
      "affects": [
        {
          "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#08eba2d0-aae6-47ba-836d-7955f93b19bf"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#08eba2d0-aae6-47ba-836d-7955f93b19bf"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#11be54c0-fc3a-4fdc-90e9-4f23af49b73e"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#11be54c0-fc3a-4fdc-90e9-4f23af49b73e"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#3574b7ee-6c84-48d3-8096-a3e4c1096384"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#3574b7ee-6c84-48d3-8096-a3e4c1096384"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#6198a049-3ef0-45cb-9527-93c725ffe2dd"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#6198a049-3ef0-45cb-9527-93c725ffe2dd"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#41831416-4600-4935-aee3-85dda742a4f6"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#41831416-4600-4935-aee3-85dda742a4f6"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#0175589c-f266-4c58-a669-b8b78b8e4d4d"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#0175589c-f266-4c58-a669-b8b78b8e4d4d"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#2217680e-2dbb-40be-9aa7-b00d252b762d"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#2217680e-2dbb-40be-9aa7-b00d252b762d"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#09ef7d54-1c35-422e-9a41-07084d7a94d1"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#09ef7d54-1c35-422e-9a41-07084d7a94d1"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#38e8fef7-95e9-4a8f-b600-a2358c0f945d"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#38e8fef7-95e9-4a8f-b600-a2358c0f945d"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#4df4d70b-85a8-49a2-9ce6-bcda9a7cd517"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#4df4d70b-85a8-49a2-9ce6-bcda9a7cd517"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#076d908a-559a-49ac-a6cc-562452bc7f24"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#076d908a-559a-49ac-a6cc-562452bc7f24"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#1f3c2294-3455-410a-81bb-f01a20cf3a00"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#1f3c2294-3455-410a-81bb-f01a20cf3a00"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#1b86bdf3-cf10-44eb-93c7-ebc49f5a1638"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#1b86bdf3-cf10-44eb-93c7-ebc49f5a1638"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#047b063c-8542-41ef-96d7-8c44a48f3048"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#047b063c-8542-41ef-96d7-8c44a48f3048"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#460774ee-0233-4bd2-b70e-104fe72b8cb4"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#460774ee-0233-4bd2-b70e-104fe72b8cb4"
        }
      ]
    },
    {
      "id": "CVE-2026-47691",
      "source": {
        "name": "ghsa",
        "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven"
      },
      "ratings": [
        {
          "source": {
            "name": "ghsa"
          },
          "score": 8.7,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N"
        }
      ],
      "description": "### Summary\nNetty's `DnsResolveContext` insufficiently validates the bailiwick of NS records, enabling DNS Cache Poisoning. An attacker controlling an authoritative name server for a subdomain can poison the cache for parent domains (like `.co.uk`).\n\n### Details\nIn `io.netty.resolver.dns.DnsResolveContext.AuthoritativeNameServerList#add` method accepts any NS record from the AUTHORITY section as long as the record's name is a suffix of the questionName.\n\nThis means if the resolver queries evil.co.uk., it will accept an NS record claiming authority over co.uk.. Subsequently, the `handleWithAdditional` method caches the associated A records from the ADDITIONAL section directly into the `authoritativeDnsServerCache` under the parent domain's key (co.uk.). This bypasses standard bailiwick rules, where a server authoritative for a subdomain should not be trusted to provide authoritative records for its parent. The poisoned cache is then used for all future resolutions under co.uk..\n\nThe `io.netty.resolver.dns.DnsResolveContext.AuthoritativeNameServerList#cache` method only prevents caching if the record is for the root zone (dots == 1).\n\n### Impact\nDNS Cache Poisoning. Any application using Netty's DNS resolver is impacted.",
      "recommendation": "Upgrade io.netty:netty-resolver-dns to version 4.2.15.Final, 4.1.135.Final",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-47691"
        },
        {
          "url": "https://github.com/netty/netty"
        },
        {
          "url": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final"
        },
        {
          "url": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final"
        },
        {
          "url": "https://github.com/netty/netty/security/advisories/GHSA-5pvg-856g-cp85"
        }
      ],
      "affects": [
        {
          "ref": "pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final",
          "versions": [
            {
              "version": "4.1.130.Final",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#11d74907-5623-401a-98fa-077e5a665785"
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#11d74907-5623-401a-98fa-077e5a665785"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#ae9310c3-683d-4aa7-a436-cf0bd266a721"
        },
        {
          "ref": "urn:cdx:d3034d0e-8934-42bd-9ae0-f5c976911cfa/1#ae9310c3-683d-4aa7-a436-cf0bd266a721"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#198d0120-85b4-4ae6-987a-d658c74702bb"
        },
        {
          "ref": "urn:cdx:888bee19-e2cd-4ccc-a92c-23b3ff86eef9/1#198d0120-85b4-4ae6-987a-d658c74702bb"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#73d3c098-a308-4013-974e-d2c3eaeabbb5"
        },
        {
          "ref": "urn:cdx:f2d6ee3c-d6e8-4c05-aad5-ad393271240d/1#73d3c098-a308-4013-974e-d2c3eaeabbb5"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#04c9b36d-3b16-4e88-a5f2-ff8ac12583f7"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#04c9b36d-3b16-4e88-a5f2-ff8ac12583f7"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#2a99dc13-3c6e-448b-987a-15f03b7581a7"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#2a99dc13-3c6e-448b-987a-15f03b7581a7"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#5bf3cd3d-0efb-445f-b246-1caad9ac9aa9"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#5bf3cd3d-0efb-445f-b246-1caad9ac9aa9"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#580b0df2-3738-4b89-8606-c9c5435b58f9"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#580b0df2-3738-4b89-8606-c9c5435b58f9"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#3bb57721-b9f0-4836-9712-f786589299d8"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#3bb57721-b9f0-4836-9712-f786589299d8"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:maven/io.netty/netty-resolver-dns@4.1.130.Final"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#3e01516e-de83-409f-802f-e5cdbf722ecf"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#3e01516e-de83-409f-802f-e5cdbf722ecf"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#3cdf1215-eea5-428b-81ef-5590a7705c36"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#3cdf1215-eea5-428b-81ef-5590a7705c36"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#32526ab6-5d66-4c8a-9c4e-e6ac35eca5ef"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#32526ab6-5d66-4c8a-9c4e-e6ac35eca5ef"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#080425fb-39a9-4188-b56e-2debe0794bc2"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#080425fb-39a9-4188-b56e-2debe0794bc2"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#0dd070d3-3606-486b-8f38-f97c2ab5a171"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#0dd070d3-3606-486b-8f38-f97c2ab5a171"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#27111b1b-22b4-483d-a25e-2e6edb1ebfd9"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#27111b1b-22b4-483d-a25e-2e6edb1ebfd9"
        }
      ],
      "analysis": {
        "state": "in_triage",
        "justification": "",
        "response": [],
        "detail": "This CVE is under investigation by Confluent."
      }
    },
    {
      "id": "CVE-2026-8149",
      "source": {
        "name": "ghsa",
        "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven"
      },
      "ratings": [],
      "cwes": [
        1068
      ],
      "description": "A vulnerability in Legion of the Bouncy Castle Inc. BC-LTS on Linux, X86_64, AVX, AVX-512f.\n\n This vulnerability is associated with program files gcm128w, gcm512w.\n\n\n\nThis issue affects BC-LTS: from 2.73.0 before 2.73.11.",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-8149"
        },
        {
          "url": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902026%E2%80%908149"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8149"
        }
      ],
      "published": "2026-05-08T07:16:29+00:00",
      "updated": "2026-05-19T00:16:37+00:00",
      "affects": [
        {
          "ref": "pkg:maven/org.bouncycastle/bc-fips@2.1.2",
          "versions": [
            {
              "version": "2.1.2",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#pkg:maven/org.bouncycastle/bc-fips@2.1.2"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#pkg:maven/org.bouncycastle/bc-fips@2.1.2"
        },
        {
          "ref": "urn:cdx:95223ab0-e4c6-47cb-bc26-fea8b269cfdf/1#pkg:maven/org.bouncycastle/bc-fips@2.1.2"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#pkg:maven/org.bouncycastle/bc-fips@2.1.2"
        },
        {
          "ref": "urn:cdx:8c392a9b-6d23-4f5b-ac81-ff5a75a6bc13/1#pkg:maven/org.bouncycastle/bc-fips@2.1.2"
        },
        {
          "ref": "urn:cdx:5e549bc3-6d25-40e7-b686-bc32e33a183e/1#pkg:maven/org.bouncycastle/bc-fips@2.1.2"
        },
        {
          "ref": "urn:cdx:5fc65f84-1140-46fc-b9d6-1bd6625f61d1/1#pkg:maven/org.bouncycastle/bc-fips@2.1.2"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#13e65b71-e441-40d9-81ab-11ab0e45d7fa"
        },
        {
          "ref": "urn:cdx:df2b0311-36c9-4621-a279-088609fc1428/1#pkg:maven/org.bouncycastle/bc-fips@2.1.2"
        },
        {
          "ref": "urn:cdx:6e561114-b182-45e8-8ac3-803788492062/1#pkg:maven/org.bouncycastle/bc-fips@2.1.2"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#1803f84a-cb9a-491d-8c79-c6f32afd4194"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#009cd636-d1ee-4bfe-953e-7fddc06efc36"
        },
        {
          "ref": "urn:cdx:23d27867-9cec-43f0-9146-1bd26d68930c/1#pkg:maven/org.bouncycastle/bc-fips@2.1.2"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#1aa4f2cb-6192-46fb-bb6e-40b3a348930b"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:maven/org.bouncycastle/bc-fips@2.1.2"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#0b86a44f-44fc-45b5-9f19-fd214e34314a"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#621fd888-6930-4418-b248-a2175a0bcc13"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#3d98e44a-3d4d-4046-94ae-5aa0af7f76c8"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#331773f9-f2a4-445b-96a4-fba0e62916c3"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#051ade57-97cc-4deb-9649-005f1b6ce987"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#0566cb14-44ec-41c3-a5b7-a39ab17d76be"
        }
      ],
      "analysis": {
        "state": "in_triage",
        "justification": "",
        "response": [],
        "detail": "This CVE is under investigation by Confluent."
      }
    },
    {
      "id": "CVE-2026-33117",
      "source": {
        "name": "ghsa",
        "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven"
      },
      "ratings": [
        {
          "source": {
            "name": "ghsa"
          },
          "score": 9.1,
          "severity": "critical",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"
        }
      ],
      "cwes": [
        287,
        347
      ],
      "description": "Improper authentication in Azure SDK allows an unauthorized attacker to bypass a security feature over a network.",
      "recommendation": "Upgrade com.azure:azure-security-keyvault-keys to version 4.10.6",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-33117"
        },
        {
          "url": "https://github.com/Azure/azure-sdk-for-java"
        },
        {
          "url": "https://github.com/Azure/azure-sdk-for-java/commit/1b5c5c79d85a5c9a9cfd07f6cdff6fd0f50eccf9"
        },
        {
          "url": "https://github.com/Azure/azure-sdk-for-java/pull/48476"
        },
        {
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33117"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33117"
        }
      ],
      "published": "2026-05-12T18:17:04+00:00",
      "updated": "2026-05-15T18:38:17+00:00",
      "affects": [
        {
          "ref": "pkg:maven/com.azure/azure-security-keyvault-keys@4.9.2",
          "versions": [
            {
              "version": "4.9.2",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#pkg:maven/com.azure/azure-security-keyvault-keys@4.9.2"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#pkg:maven/com.azure/azure-security-keyvault-keys@4.9.2"
        },
        {
          "ref": "urn:cdx:4a4fcbc3-7f47-4f1e-86a4-a575dbd82d2c/1#pkg:maven/com.azure/azure-security-keyvault-keys@4.9.2"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:maven/com.azure/azure-security-keyvault-keys@4.9.2"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:maven/com.azure/azure-security-keyvault-keys@4.9.2"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:maven/com.azure/azure-security-keyvault-keys@4.9.2"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:maven/com.azure/azure-security-keyvault-keys@4.9.2"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:maven/com.azure/azure-security-keyvault-keys@4.9.2"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:maven/com.azure/azure-security-keyvault-keys@4.9.2"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:maven/com.azure/azure-security-keyvault-keys@4.9.2"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-45205",
      "source": {
        "name": "ghsa",
        "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven"
      },
      "ratings": [
        {
          "source": {
            "name": "ghsa"
          },
          "score": 5.3,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
        }
      ],
      "cwes": [
        674
      ],
      "description": "Uncontrolled Recursion vulnerability in Apache Commons.\n\nWhen processing an untrusted configuration file, Commons Configuration will throw a StackOverflowError for YAML input with cycles.\nThis issue affects Apache Commons: from 2.2 before 2.15.0.\n\nUsers are recommended to upgrade to version 2.15.0, which fixes the issue.",
      "recommendation": "Upgrade org.apache.commons:commons-configuration2 to version 2.15.0",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-45205"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2026/05/14/5"
        },
        {
          "url": "https://github.com/apache/commons-configuration"
        },
        {
          "url": "https://github.com/apache/commons-configuration/pull/634"
        },
        {
          "url": "https://lists.apache.org/thread/q3q3j10ohcqhs6o0rg1v7kz6kk27vtkk"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45205"
        }
      ],
      "published": "2026-05-14T12:16:35+00:00",
      "updated": "2026-05-15T18:40:16+00:00",
      "affects": [
        {
          "ref": "pkg:maven/org.apache.commons/commons-configuration2@2.11.0",
          "versions": [
            {
              "version": "2.11.0",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#pkg:maven/org.apache.commons/commons-configuration2@2.11.0"
        },
        {
          "ref": "urn:cdx:da989cc3-20db-4ed6-ac93-b31bd87c7ff3/1#pkg:maven/org.apache.commons/commons-configuration2@2.11.0"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:maven/org.apache.commons/commons-configuration2@2.11.0"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:maven/org.apache.commons/commons-configuration2@2.11.0"
        },
        {
          "ref": "urn:cdx:bc1a37d2-4693-445c-8d33-78af5ecf1239/1#pkg:maven/org.apache.commons/commons-configuration2@2.11.0"
        },
        {
          "ref": "urn:cdx:217bb614-afb8-4c64-97ec-cf5d3563d1cb/1#pkg:maven/org.apache.commons/commons-configuration2@2.11.0"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:maven/org.apache.commons/commons-configuration2@2.11.0"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:maven/org.apache.commons/commons-configuration2@2.11.0"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:maven/org.apache.commons/commons-configuration2@2.11.0"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:maven/org.apache.commons/commons-configuration2@2.11.0"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:maven/org.apache.commons/commons-configuration2@2.11.0"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-6860",
      "source": {
        "name": "ghsa",
        "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven"
      },
      "ratings": [
        {
          "source": {
            "name": "ghsa"
          },
          "score": 5.3,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
        },
        {
          "source": {
            "name": "nvd"
          },
          "score": 5.3,
          "severity": "medium",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
        }
      ],
      "cwes": [
        770,
        295
      ],
      "description": "A TCP client can perform a TLS handshake and present the server name extension with a server name that is accepted by a server wildcard name, e.g. if the server is configured with a certificate accepting *.example.com, any XYZ.example.com where xyz is a valid name can be used.",
      "recommendation": "Upgrade io.vertx:vertx-core to version 4.5.27, 5.0.12",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-6860"
        },
        {
          "url": "https://github.com/eclipse-vertx/vert.x"
        },
        {
          "url": "https://github.com/eclipse-vertx/vert.x/pull/6102"
        },
        {
          "url": "https://github.com/eclipse-vertx/vert.x/security/advisories/GHSA-3g76-f9xq-8vp6"
        },
        {
          "url": "https://github.com/vert-x3/wiki/wiki/4.5.27-Release-Notes"
        },
        {
          "url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/381"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6860"
        },
        {
          "url": "https://vertx.io/blog/eclipse-vert-x-4-5-27"
        },
        {
          "url": "https://vertx.io/blog/eclipse-vert-x-5-0-12"
        }
      ],
      "published": "2026-05-06T10:16:26+00:00",
      "updated": "2026-05-12T13:42:01+00:00",
      "affects": [
        {
          "ref": "pkg:maven/io.vertx/vertx-core@4.5.24",
          "versions": [
            {
              "version": "4.5.24",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#pkg:maven/io.vertx/vertx-core@4.5.24"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#pkg:maven/io.vertx/vertx-core@4.5.24"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#pkg:maven/io.vertx/vertx-core@4.5.24"
        },
        {
          "ref": "urn:cdx:705f1a25-3a8b-4429-a161-05674185e5bb/1#pkg:maven/io.vertx/vertx-core@4.5.24"
        },
        {
          "ref": "urn:cdx:b5d2bdb1-a4b0-4c9f-933c-8441e81174db/1#pkg:maven/io.vertx/vertx-core@4.5.24"
        },
        {
          "ref": "urn:cdx:eb93eda6-965a-4708-bb84-a8aeaa07c026/1#pkg:maven/io.vertx/vertx-core@4.5.24"
        },
        {
          "ref": "urn:cdx:736dcb9a-2601-4281-84f9-ce7e6a0476de/1#pkg:maven/io.vertx/vertx-core@4.5.24"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:maven/io.vertx/vertx-core@4.5.24"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#e87715a4-46ed-458c-a833-1974dce72532"
        },
        {
          "ref": "urn:cdx:26a2af27-ba63-48bb-9724-4192bde7a6a4/1#pkg:maven/io.vertx/vertx-core@4.5.24"
        },
        {
          "ref": "urn:cdx:df01a452-acaf-4de9-ba9c-cf597f56e687/1#pkg:maven/io.vertx/vertx-core@4.5.24"
        },
        {
          "ref": "urn:cdx:71f575db-a454-4413-8d19-8f92d546b93c/1#pkg:maven/io.vertx/vertx-core@4.5.24"
        },
        {
          "ref": "urn:cdx:48f67de0-c005-47c2-a1e3-5b9e4208c32e/1#pkg:maven/io.vertx/vertx-core@4.5.24"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#99321338-096f-47f3-a249-7d00882c76e4"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-0636",
      "source": {
        "name": "ghsa",
        "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven"
      },
      "ratings": [
        {
          "source": {
            "name": "redhat"
          },
          "score": 6.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
        }
      ],
      "cwes": [
        90
      ],
      "description": "Improper neutralization of special elements used in an LDAP query ('LDAP injection') vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all (prov modules).\n\n This vulnerability is associated with program files LDAPStoreHelper.\n\n\n\nThis issue affects BC-JAVA: from 1.74 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.84.",
      "recommendation": "Upgrade org.bouncycastle:bcprov-jdk18on to version 1.84",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-0636"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-0636"
        },
        {
          "url": "https://github.com/bcgit/bc-java"
        },
        {
          "url": "https://github.com/bcgit/bc-java/commit/d20cdb8430e09224114fec0179a71859929fcbde"
        },
        {
          "url": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902026%E2%80%900636"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0636"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-0636"
        }
      ],
      "published": "2026-04-15T10:16:38+00:00",
      "updated": "2026-05-19T00:16:36+00:00",
      "affects": [
        {
          "ref": "pkg:maven/org.bouncycastle/bcprov-jdk18on@1.82",
          "versions": [
            {
              "version": "1.82",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#pkg:maven/org.bouncycastle/bcprov-jdk18on@1.82"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#pkg:maven/org.bouncycastle/bcprov-jdk18on@1.82"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#pkg:maven/org.bouncycastle/bcprov-jdk18on@1.82"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:maven/org.bouncycastle/bcprov-jdk18on@1.82"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:maven/org.bouncycastle/bcprov-jdk18on@1.82"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:maven/org.bouncycastle/bcprov-jdk18on@1.82"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-5588",
      "source": {
        "name": "ghsa",
        "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven"
      },
      "ratings": [
        {
          "source": {
            "name": "amazon"
          },
          "severity": "medium"
        },
        {
          "source": {
            "name": "redhat"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
        }
      ],
      "cwes": [
        327
      ],
      "description": "Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all (pkix modules), Legion of the Bouncy Castle Inc. BCPKIX-FIPS bcpkix on All (pkix modules), Legion of the Bouncy Castle Inc. BCPIX-LTS bcpkix on All (pkix modules).\n\n This vulnerability is associated with program files JcaContentVerifierProviderBuilder.Java, JcaContentVerfierProviderBuilder.Java.\n\n\n\nThis issue affects BC-JAVA: from 1.67 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.84; BCPKIX-FIPS: from 2.0.6 before 2.0.11, from 2.1.7 before 2.1.11; BCPIX-LTS: from 2.73.7 before 2.73.11.",
      "recommendation": "Upgrade org.bouncycastle:bcpkix-jdk18on to version 1.84",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-5588"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-5588"
        },
        {
          "url": "https://github.com/bcgit/bc-java"
        },
        {
          "url": "https://github.com/bcgit/bc-java/commit/656bae0dbd9b1521f840521ff786e78749fe3057"
        },
        {
          "url": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902026%E2%80%905588"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5588"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-5588"
        }
      ],
      "published": "2026-04-15T10:16:49+00:00",
      "updated": "2026-05-19T00:16:37+00:00",
      "affects": [
        {
          "ref": "pkg:maven/org.bouncycastle/bcpkix-jdk18on@1.82",
          "versions": [
            {
              "version": "1.82",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#pkg:maven/org.bouncycastle/bcpkix-jdk18on@1.82"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#pkg:maven/org.bouncycastle/bcpkix-jdk18on@1.82"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#pkg:maven/org.bouncycastle/bcpkix-jdk18on@1.82"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:maven/org.bouncycastle/bcpkix-jdk18on@1.82"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:maven/org.bouncycastle/bcpkix-jdk18on@1.82"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:maven/org.bouncycastle/bcpkix-jdk18on@1.82"
        }
      ],
      "analysis": {
        "state": "not_affected",
        "justification": "",
        "response": [
          "update"
        ],
        "detail": null
      }
    },
    {
      "id": "CVE-2026-5598",
      "source": {
        "name": "ghsa",
        "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven"
      },
      "ratings": [
        {
          "source": {
            "name": "redhat"
          },
          "score": 7.5,
          "severity": "high",
          "method": "CVSSv31",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
        }
      ],
      "cwes": [
        385
      ],
      "description": "Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all (core modules).\n\n This vulnerability is associated with program files FrodoEngine.Java.\n\n\n\nThis issue affects BC-JAVA: from 1.71 before 1.80.2, from 1.81 before 1.80.1, from 1.82 before 1.84.",
      "recommendation": "Upgrade org.bouncycastle:bcprov-jdk18on to version 1.84",
      "advisories": [
        {
          "url": "https://avd.aquasec.com/nvd/cve-2026-5598"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2026-5598"
        },
        {
          "url": "https://github.com/bcgit/bc-java"
        },
        {
          "url": "https://github.com/bcgit/bc-java/commit/8692e6b2b191fc4aafa32545c7a78bdb9bf110c5"
        },
        {
          "url": "https://github.com/bcgit/bc-java/commit/94abbd56413dfdac651fd878bc60253871ef5e87"
        },
        {
          "url": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902026%E2%80%905598"
        },
        {
          "url": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902026%E2%80%905998"
        },
        {
          "url": "https://github.com/bcgit/bc-java/wiki/CVE-2026-5598"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5598"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-5598"
        }
      ],
      "published": "2026-04-15T10:16:49+00:00",
      "updated": "2026-05-19T00:16:37+00:00",
      "affects": [
        {
          "ref": "pkg:maven/org.bouncycastle/bcprov-jdk18on@1.82",
          "versions": [
            {
              "version": "1.82",
              "status": "affected"
            }
          ]
        },
        {
          "ref": "urn:cdx:e72a8f30-c0b3-4ee4-a22d-82e72b9ae868/1#pkg:maven/org.bouncycastle/bcprov-jdk18on@1.82"
        },
        {
          "ref": "urn:cdx:1ea94fa1-eaaf-4bd7-a49e-c81a563b8852/1#pkg:maven/org.bouncycastle/bcprov-jdk18on@1.82"
        },
        {
          "ref": "urn:cdx:a5df6022-22b7-48a5-8a74-cfa2b9f50306/1#pkg:maven/org.bouncycastle/bcprov-jdk18on@1.82"
        },
        {
          "ref": "urn:cdx:31b1b473-02f5-46ba-952d-7decf285a42c/1#pkg:maven/org.bouncycastle/bcprov-jdk18on@1.82"
        },
        {
          "ref": "urn:cdx:15b20a40-3580-47a0-92be-0d96b5c9bf00/1#pkg:maven/org.bouncycastle/bcprov-jdk18on@1.82"
        },
        {
          "ref": "urn:cdx:1558d614-3abc-4ea2-b31a-96fd04fca2a3/1#pkg:maven/org.bouncycastle/bcprov-jdk18on@1.82"
        }
      ],
      "analysis": {
        "state": "in_triage",
        "justification": "",
        "response": [],
        "detail": "This CVE is under investigation by Confluent."
      }
    }
  ],
  "component": []
}