{ "meta": { "mode": "reference", "generated_at": "2026-04-14T04:34:26Z", "os_name": "Ubuntu", "os_version": "24.04", "os_codename": "noble", "kernel": "6.17.0-1010-azure", "arch": "x86_64", "hostname": "", "package_manager": "dpkg", "reference_distro": "debian", "reference_branch": "stable" }, "packages": [ { "name": "glibc", "ecosystem": "debian,ubuntu,fedora,nixos", "version": "2.42", "upstream_version": "2.43", "description": "[8 resolved, 7 minor (Debian: unimportant)]", "homepage": "https://www.gnu.org/software/libc/libc.html", "upstream_repo": null, "download_count": 281889, "reverse_dep_count": 46, "cve_ids": [ "CVE-2026-4046" ], "minor_cve_count": 7, "fix_refs": [], "dependents": [], "score": 42.19, "dependencies": [], "max_cvss": 7.5, "max_epss": 0.00046, "transitive_rdep_count": 49657, "betweenness": 0.7086928160998629, "version_source": "repology", "patch_safety_score": 0.25, "patch_regression_risk": "high", "exposure_days": 0, "cve_disclosed_at": "", "distro_lag_days": 0, "distro_versions": {}, "distro_patch_dates": {}, "exploit_maturity": "none", "has_public_exploit": false, "exploit_urls": [], "in_cisa_kev": false, "epss_delta": 0.0, "epss_prev": 0.0, "ossfuzz_covered": false, "ossfuzz_project": "", "sla_days_overdue": 0, "sla_band": "ok", "vendor_advisory_ids": [], "changelog_summary": "", "reachable": false, "reachability_source": "", "reachable_cves": [], "unreachable_cves": [], "confusion_risks": [], "slsa_level": 0, "slsa_builder": "", "slsa_verified": false, "slsa_source_ref": "", "runtime_loaded": false, "runtime_pids": [], "runtime_procs": [], "score_uncertainty": 3.43, "score_lower": 38.76, "score_upper": 45.62, "health_state": "DEGRADED", "score_confidence": "certain", "is_outdated": true, "cve_count": 1 }, { "name": "zlib", "ecosystem": "debian,ubuntu,fedora,alpine,nixos", "version": "1.3.2", "upstream_version": "1.3.2", "description": "[13 resolved]", "homepage": "http://zlib.net/", "upstream_repo": null, "download_count": 281935, "reverse_dep_count": 101, "cve_ids": [], "minor_cve_count": 0, "fix_refs": [], "dependents": [], "score": 19.43, "dependencies": [], "max_cvss": 0.0, "max_epss": 0.0, "transitive_rdep_count": 37208, "betweenness": 0.025096965523852852, "version_source": "repology", "patch_safety_score": 0.797, "patch_regression_risk": "low", "exposure_days": 0, "cve_disclosed_at": "", "distro_lag_days": 635, "distro_versions": { "fedora_42": "1.3.1", "alpine_3_20": "1.3.1", "alpine_3_21": "1.3.1", "debian_12": "1.2.13.dfsg", "debian_13": "1.3.dfsg+really1.3.1", "debian_14": "1.3.dfsg+really1.3.1", "fedora_41": "1.3.1", "ubuntu_22_04": "1.1", "ubuntu_24_04": "1.3.dfsg", "ubuntu_25_04": "1.3.dfsg+really1.3.1" }, "distro_patch_dates": {}, "exploit_maturity": "none", "has_public_exploit": false, "exploit_urls": [], "in_cisa_kev": false, "epss_delta": 0.0, "epss_prev": 0.0, "ossfuzz_covered": false, "ossfuzz_project": "", "sla_days_overdue": 0, "sla_band": "", "vendor_advisory_ids": [], "changelog_summary": "", "reachable": false, "reachability_source": "", "reachable_cves": [], "unreachable_cves": [], "confusion_risks": [], "slsa_level": 0, "slsa_builder": "", "slsa_verified": false, "slsa_source_ref": "", "runtime_loaded": false, "runtime_pids": [], "runtime_procs": [], "score_uncertainty": 3.43, "score_lower": 16.0, "score_upper": 22.86, "health_state": "INTACT", "score_confidence": "moderate", "is_outdated": false, "cve_count": 0 }, { "name": "util-linux", "ecosystem": "debian,ubuntu,fedora,alpine,nixos", "version": "2.41-5", "upstream_version": "2.42", "description": "[2 resolved, 1 minor (Debian: unimportant)]", "homepage": "https://github.com/util-linux/util-linux", "upstream_repo": "https://github.com/util-linux/util-linux", "download_count": 1691270, "reverse_dep_count": 29, "cve_ids": [ "CVE-2026-3184" ], "minor_cve_count": 0, "fix_refs": [], "dependents": [], "score": 16.61, "dependencies": [], "max_cvss": 3.7, "max_epss": 0.00098, "transitive_rdep_count": 21404, "betweenness": 0.004206134824185226, "version_source": "unknown", "patch_safety_score": 0.547, "patch_regression_risk": "medium", "exposure_days": 0, "cve_disclosed_at": "", "distro_lag_days": 0, "distro_versions": {}, "distro_patch_dates": { "ubuntu_20.04": "not-affected", "ubuntu_22.04": "not-affected", "ubuntu_24.04": "not-affected" }, "exploit_maturity": "none", "has_public_exploit": false, "exploit_urls": [], "in_cisa_kev": false, "epss_delta": 0.0, "epss_prev": 0.0, "ossfuzz_covered": false, "ossfuzz_project": "", "sla_days_overdue": 0, "sla_band": "ok", "vendor_advisory_ids": [], "changelog_summary": "", "reachable": false, "reachability_source": "", "reachable_cves": [], "unreachable_cves": [], "confusion_risks": [], "slsa_level": 0, "slsa_builder": "", "slsa_verified": false, "slsa_source_ref": "", "runtime_loaded": false, "runtime_pids": [], "runtime_procs": [], "score_uncertainty": 3.43, "score_lower": 13.18, "score_upper": 20.04, "health_state": "DEGRADED", "score_confidence": "high", "is_outdated": true, "cve_count": 1 }, { "name": "openssl", "ecosystem": "ubuntu,fedora,alpine,nixos", "version": "3.6.1", "upstream_version": "4.0.0.b1", "description": "[9 resolved]", "homepage": "https://openssl-library.org", "upstream_repo": null, "download_count": 56, "reverse_dep_count": 56, "cve_ids": [], "minor_cve_count": 0, "fix_refs": [], "dependents": [], "score": 15.6, "dependencies": [], "max_cvss": 0.0, "max_epss": 0.0, "transitive_rdep_count": 25818, "betweenness": 0.008402270655791784, "version_source": "repology", "patch_safety_score": 0.0, "patch_regression_risk": "high", "exposure_days": 0, "cve_disclosed_at": "", "distro_lag_days": 365, "distro_versions": { "alpine_3_20": "3.3.7", "alpine_3_21": "3.3.7", "debian_12": "3.0.18", "debian_13": "3.5.5", "debian_14": "3.6.1", "fedora_41": "3.2.2", "fedora_42": "3.2.6", "ubuntu_22_04": "3.0.2", "ubuntu_24_04": "3.0.13", "ubuntu_25_04": "3.4.1" }, "distro_patch_dates": {}, "exploit_maturity": "none", "has_public_exploit": false, "exploit_urls": [], "in_cisa_kev": false, "epss_delta": 0.0, "epss_prev": 0.0, "ossfuzz_covered": false, "ossfuzz_project": "", "sla_days_overdue": 0, "sla_band": "", "vendor_advisory_ids": [], "changelog_summary": "", "reachable": false, "reachability_source": "", "reachable_cves": [], "unreachable_cves": [], "confusion_risks": [], "slsa_level": 0, "slsa_builder": "", "slsa_verified": false, "slsa_source_ref": "", "runtime_loaded": false, "runtime_pids": [], "runtime_procs": [], "score_uncertainty": 3.43, "score_lower": 12.17, "score_upper": 19.03, "health_state": "INTACT", "score_confidence": "moderate", "is_outdated": true, "cve_count": 0 }, { "name": "pam", "ecosystem": "debian,ubuntu,fedora", "version": "1.7.0", "upstream_version": "1.7.2", "description": "[3 resolved]", "homepage": "http://www.linux-pam.org/", "upstream_repo": null, "download_count": 563874, "reverse_dep_count": 33, "cve_ids": [ "CVE-2025-8941" ], "minor_cve_count": 0, "fix_refs": [], "dependents": [], "score": 12.8, "dependencies": [], "max_cvss": 7.8, "max_epss": 0.00014, "transitive_rdep_count": 5791, "betweenness": 0.024243506258732558, "version_source": "unknown", "patch_safety_score": 0.752, "patch_regression_risk": "low", "exposure_days": 243, "cve_disclosed_at": "2025-08-13", "distro_lag_days": 0, "distro_versions": {}, "distro_patch_dates": { "ubuntu_20.04": "not-affected", "ubuntu_22.04": "not-affected", "ubuntu_24.04": "not-affected", "ubuntu_25.04": "not-affected" }, "exploit_maturity": "none", "has_public_exploit": false, "exploit_urls": [], "in_cisa_kev": false, "epss_delta": 0.0, "epss_prev": 0.0, "ossfuzz_covered": false, "ossfuzz_project": "", "sla_days_overdue": 213, "sla_band": "critical", "vendor_advisory_ids": [], "changelog_summary": "", "reachable": false, "reachability_source": "", "reachable_cves": [], "unreachable_cves": [], "confusion_risks": [], "slsa_level": 0, "slsa_builder": "", "slsa_verified": false, "slsa_source_ref": "", "runtime_loaded": false, "runtime_pids": [], "runtime_procs": [], "score_uncertainty": 3.43, "score_lower": 9.37, "score_upper": 16.23, "health_state": "DEGRADED", "score_confidence": "high", "is_outdated": true, "cve_count": 1 }, { "name": "libbz2-1.0", "ecosystem": "debian", "version": "1.0.8-6", "upstream_version": null, "description": "high-quality block-sorting file compressor library - runtime", "homepage": "https://sourceware.org/bzip2/", "upstream_repo": null, "download_count": 281949, "reverse_dep_count": 0, "cve_ids": [], "minor_cve_count": 0, "fix_refs": [], "dependents": [], "score": 12.5, "dependencies": [], "max_cvss": 0.0, "max_epss": 0.0, "transitive_rdep_count": 27283, "betweenness": 0.0051699343235605, "version_source": "packages.gz", "patch_safety_score": 0.46, "patch_regression_risk": "medium", "exposure_days": 0, "cve_disclosed_at": "", "distro_lag_days": 0, "distro_versions": {}, "distro_patch_dates": {}, "exploit_maturity": "none", "has_public_exploit": false, "exploit_urls": [], "in_cisa_kev": false, "epss_delta": 0.0, "epss_prev": 0.0, "ossfuzz_covered": false, "ossfuzz_project": "", "sla_days_overdue": 0, "sla_band": "", "vendor_advisory_ids": [], "changelog_summary": "", "reachable": false, "reachability_source": "", "reachable_cves": [], "unreachable_cves": [], "confusion_risks": [], "slsa_level": 0, "slsa_builder": "", "slsa_verified": false, "slsa_source_ref": "", "runtime_loaded": false, "runtime_pids": [], "runtime_procs": [], "score_uncertainty": 3.43, "score_lower": 9.07, "score_upper": 15.93, "health_state": "INTACT", "score_confidence": "moderate", "is_outdated": false, "cve_count": 0 }, { "name": "libexpat1", "ecosystem": "debian", "version": "2.7.1-2", "upstream_version": null, "description": "[10 resolved]", "homepage": "https://libexpat.github.io/", "upstream_repo": null, "download_count": 281690, "reverse_dep_count": 0, "cve_ids": [ "CVE-2025-66382" ], "minor_cve_count": 0, "fix_refs": [], "dependents": [], "score": 12.34, "dependencies": [], "max_cvss": 2.9, "max_epss": 0.00011, "transitive_rdep_count": 19699, "betweenness": 0.00011943003047524916, "version_source": "packages.gz", "patch_safety_score": 0.46, "patch_regression_risk": "medium", "exposure_days": 136, "cve_disclosed_at": "2025-11-28", "distro_lag_days": 0, "distro_versions": {}, "distro_patch_dates": {}, "exploit_maturity": "none", "has_public_exploit": false, "exploit_urls": [], "in_cisa_kev": false, "epss_delta": 0.0, "epss_prev": 0.0, "ossfuzz_covered": false, "ossfuzz_project": "", "sla_days_overdue": 46, "sla_band": "breach", "vendor_advisory_ids": [], "changelog_summary": "", "reachable": false, "reachability_source": "", "reachable_cves": [], "unreachable_cves": [], "confusion_risks": [], "slsa_level": 0, "slsa_builder": "", "slsa_verified": false, "slsa_source_ref": "", "runtime_loaded": false, "runtime_pids": [], "runtime_procs": [], "score_uncertainty": 3.43, "score_lower": 8.91, "score_upper": 15.77, "health_state": "DEGRADED", "score_confidence": "certain", "is_outdated": false, "cve_count": 1 }, { "name": "debconf", "ecosystem": "debian", "version": "1.5.92", "upstream_version": "1.5.92", "description": "Debian configuration management system", "homepage": null, "upstream_repo": null, "download_count": 281967, "reverse_dep_count": 6, "cve_ids": [], "minor_cve_count": 0, "fix_refs": [], "dependents": [], "score": 11.87, "dependencies": [], "max_cvss": 0.0, "max_epss": 0.0, "transitive_rdep_count": 24933, "betweenness": 0.023753869154947236, "version_source": "repology", "patch_safety_score": 0.81, "patch_regression_risk": "low", "exposure_days": 0, "cve_disclosed_at": "", "distro_lag_days": 0, "distro_versions": { "debian_12": "1.5.82", "debian_13": "1.5.91", "debian_14": "1.5.92", "fedora_41": "1.5.91", "fedora_42": "1.5.91", "ubuntu_22_04": "1.5.79ubuntu1", "ubuntu_24_04": "1.5.86ubuntu1", "ubuntu_25_04": "1.5.87ubuntu1" }, "distro_patch_dates": {}, "exploit_maturity": "none", "has_public_exploit": false, "exploit_urls": [], "in_cisa_kev": false, "epss_delta": 0.0, "epss_prev": 0.0, "ossfuzz_covered": false, "ossfuzz_project": "", "sla_days_overdue": 0, "sla_band": "", "vendor_advisory_ids": [], "changelog_summary": "", "reachable": false, "reachability_source": "", "reachable_cves": [], "unreachable_cves": [], "confusion_risks": [], "slsa_level": 0, "slsa_builder": "", "slsa_verified": false, "slsa_source_ref": "", "runtime_loaded": false, "runtime_pids": [], "runtime_procs": [], "score_uncertainty": 3.43, "score_lower": 8.44, "score_upper": 15.3, "health_state": "INTACT", "score_confidence": "moderate", "is_outdated": false, "cve_count": 0 }, { "name": "ncurses", "ecosystem": "debian", "version": "6.5+20250216-2", "upstream_version": null, "description": "[3 resolved]", "homepage": "https://invisible-island.net/ncurses/", "upstream_repo": null, "download_count": 563819, "reverse_dep_count": 0, "cve_ids": [], "minor_cve_count": 0, "fix_refs": [], "dependents": [], "score": 10.39, "dependencies": [], "max_cvss": 0.0, "max_epss": 0.0, "transitive_rdep_count": 21707, "betweenness": 0.00691059405662076, "version_source": "unknown", "patch_safety_score": 0.547, "patch_regression_risk": "medium", "exposure_days": 0, "cve_disclosed_at": "", "distro_lag_days": 0, "distro_versions": { "alpine_3_20": "6.4_p20240420", "ubuntu_22_04": "6.3", "alpine_3_21": "6.5_p20241006", "debian_12": "6.4", "debian_13": "6.5+20250216", "debian_14": "6.6+20251231", "fedora_41": "6.5", "fedora_42": "6.5", "ubuntu_24_04": "6.4+20240113", "ubuntu_25_04": "6.5+20250216" }, "distro_patch_dates": {}, "exploit_maturity": "none", "has_public_exploit": false, "exploit_urls": [], "in_cisa_kev": false, "epss_delta": 0.0, "epss_prev": 0.0, "ossfuzz_covered": false, "ossfuzz_project": "", "sla_days_overdue": 0, "sla_band": "", "vendor_advisory_ids": [], "changelog_summary": "", "reachable": false, "reachability_source": "", "reachable_cves": [], "unreachable_cves": [], "confusion_risks": [], "slsa_level": 0, "slsa_builder": "", "slsa_verified": false, "slsa_source_ref": "", "runtime_loaded": false, "runtime_pids": [], "runtime_procs": [], "score_uncertainty": 3.43, "score_lower": 6.96, "score_upper": 13.82, "health_state": "INTACT", "score_confidence": "low", "is_outdated": false, "cve_count": 0 }, { "name": "passwd", "ecosystem": "debian,ubuntu", "version": "4.17.4-2", "upstream_version": null, "description": "[17 resolved, 1 minor (Debian: unimportant)]", "homepage": "https://github.com/shadow-maint/shadow", "upstream_repo": "https://github.com/shadow-maint/shadow", "download_count": 281930, "reverse_dep_count": 0, "cve_ids": [ "CVE-2024-56433" ], "minor_cve_count": 1, "fix_refs": [], "dependents": [], "score": 9.18, "dependencies": [], "max_cvss": 3.6, "max_epss": 0.04509, "transitive_rdep_count": 5131, "betweenness": 0.05150043485248212, "version_source": "packages.gz", "patch_safety_score": 0.547, "patch_regression_risk": "medium", "exposure_days": 473, "cve_disclosed_at": "2024-12-26", "distro_lag_days": 0, "distro_versions": {}, "distro_patch_dates": {}, "exploit_maturity": "none", "has_public_exploit": false, "exploit_urls": [], "in_cisa_kev": false, "epss_delta": 0.0, "epss_prev": 0.0, "ossfuzz_covered": false, "ossfuzz_project": "", "sla_days_overdue": 383, "sla_band": "critical", "vendor_advisory_ids": [], "changelog_summary": "", "reachable": false, "reachability_source": "", "reachable_cves": [], "unreachable_cves": [], "confusion_risks": [], "slsa_level": 0, "slsa_builder": "", "slsa_verified": false, "slsa_source_ref": "", "runtime_loaded": false, "runtime_pids": [], "runtime_procs": [], "score_uncertainty": 3.43, "score_lower": 5.75, "score_upper": 12.61, "health_state": "DEGRADED", "score_confidence": "certain", "is_outdated": false, "cve_count": 1 }, { "name": "tar", "ecosystem": "debian,ubuntu,fedora,alpine", "version": "1.35", "upstream_version": "1.35", "description": "[1 minor (Debian: unimportant)]", "homepage": "https://www.gnu.org/software/tar/", "upstream_repo": null, "download_count": 281935, "reverse_dep_count": 122, "cve_ids": [ "CVE-2026-5704" ], "minor_cve_count": 1, "fix_refs": [], "dependents": [], "score": 8.47, "dependencies": [], "max_cvss": 5.0, "max_epss": 0.00025, "transitive_rdep_count": 680, "betweenness": 0.00847223699749401, "version_source": "repology", "patch_safety_score": 0.797, "patch_regression_risk": "low", "exposure_days": 0, "cve_disclosed_at": "", "distro_lag_days": 0, "distro_versions": {}, "distro_patch_dates": {}, "exploit_maturity": "none", "has_public_exploit": false, "exploit_urls": [], "in_cisa_kev": false, "epss_delta": 0.0, "epss_prev": 0.0, "ossfuzz_covered": false, "ossfuzz_project": "", "sla_days_overdue": 0, "sla_band": "ok", "vendor_advisory_ids": [], "changelog_summary": "", "reachable": false, "reachability_source": "", "reachable_cves": [], "unreachable_cves": [], "confusion_risks": [], "slsa_level": 0, "slsa_builder": "", "slsa_verified": false, "slsa_source_ref": "", "runtime_loaded": false, "runtime_pids": [], "runtime_procs": [], "score_uncertainty": 3.43, "score_lower": 5.04, "score_upper": 11.9, "health_state": "DEGRADED", "score_confidence": "certain", "is_outdated": false, "cve_count": 1 }, { "name": "libselinux", "ecosystem": "debian,fedora", "version": "3.10", "upstream_version": "3.10", "description": "SELinux runtime shared libraries", "homepage": "https://github.com/SELinuxProject", "upstream_repo": null, "download_count": 281905, "reverse_dep_count": 19, "cve_ids": [], "minor_cve_count": 0, "fix_refs": [], "dependents": [], "score": 8.21, "dependencies": [], "max_cvss": 0.0, "max_epss": 0.0, "transitive_rdep_count": 16503, "betweenness": 0.00983303685305168, "version_source": "repology", "patch_safety_score": 0.71, "patch_regression_risk": "medium", "exposure_days": 0, "cve_disclosed_at": "", "distro_lag_days": 0, "distro_versions": {}, "distro_patch_dates": {}, "exploit_maturity": "none", "has_public_exploit": false, "exploit_urls": [], "in_cisa_kev": false, "epss_delta": 0.0, "epss_prev": 0.0, "ossfuzz_covered": false, "ossfuzz_project": "", "sla_days_overdue": 0, "sla_band": "", "vendor_advisory_ids": [], "changelog_summary": "", "reachable": false, "reachability_source": "", "reachable_cves": [], "unreachable_cves": [], "confusion_risks": [], "slsa_level": 0, "slsa_builder": "", "slsa_verified": false, "slsa_source_ref": "", "runtime_loaded": false, "runtime_pids": [], "runtime_procs": [], "score_uncertainty": 3.43, "score_lower": 4.78, "score_upper": 11.64, "health_state": "INTACT", "score_confidence": "moderate", "is_outdated": false, "cve_count": 0 }, { "name": "gcc", "ecosystem": "debian,ubuntu,fedora,alpine,nixos", "version": "20260327", "upstream_version": "15.2.0", "description": "GNU C compiler", "homepage": null, "upstream_repo": null, "download_count": 281932, "reverse_dep_count": 316, "cve_ids": [], "minor_cve_count": 0, "fix_refs": [], "dependents": [], "score": 7.53, "dependencies": [], "max_cvss": 0.0, "max_epss": 0.0, "transitive_rdep_count": 445, "betweenness": 0.0002269183368709588, "version_source": "repology", "patch_safety_score": 0.5, "patch_regression_risk": "medium", "exposure_days": 0, "cve_disclosed_at": "", "distro_lag_days": 0, "distro_versions": {}, "distro_patch_dates": {}, "exploit_maturity": "none", "has_public_exploit": false, "exploit_urls": [], "in_cisa_kev": false, "epss_delta": 0.0, "epss_prev": 0.0, "ossfuzz_covered": false, "ossfuzz_project": "", "sla_days_overdue": 0, "sla_band": "", "vendor_advisory_ids": [], "changelog_summary": "", "reachable": false, "reachability_source": "", "reachable_cves": [], "unreachable_cves": [], "confusion_risks": [], "slsa_level": 0, "slsa_builder": "", "slsa_verified": false, "slsa_source_ref": "", "runtime_loaded": false, "runtime_pids": [], "runtime_procs": [], "score_uncertainty": 3.43, "score_lower": 4.1, "score_upper": 10.96, "health_state": "INTACT", "score_confidence": "moderate", "is_outdated": true, "cve_count": 0 }, { "name": "libcap2", "ecosystem": "debian", "version": "2.75-10+b8", "upstream_version": null, "description": "[5 resolved]", "homepage": "https://sites.google.com/site/fullycapable/", "upstream_repo": null, "download_count": 281678, "reverse_dep_count": 0, "cve_ids": [], "minor_cve_count": 0, "fix_refs": [], "dependents": [], "score": 7.53, "dependencies": [], "max_cvss": 0.0, "max_epss": 0.0, "transitive_rdep_count": 16198, "betweenness": 0.001410139019479273, "version_source": "packages.gz", "patch_safety_score": 0.46, "patch_regression_risk": "medium", "exposure_days": 0, "cve_disclosed_at": "", "distro_lag_days": 0, "distro_versions": {}, "distro_patch_dates": {}, "exploit_maturity": "none", "has_public_exploit": false, "exploit_urls": [], "in_cisa_kev": false, "epss_delta": 0.0, "epss_prev": 0.0, "ossfuzz_covered": false, "ossfuzz_project": "", "sla_days_overdue": 0, "sla_band": "", "vendor_advisory_ids": [], "changelog_summary": "", "reachable": false, "reachability_source": "", "reachable_cves": [], "unreachable_cves": [], "confusion_risks": [], "slsa_level": 0, "slsa_builder": "", "slsa_verified": false, "slsa_source_ref": "", "runtime_loaded": false, "runtime_pids": [], "runtime_procs": [], "score_uncertainty": 3.43, "score_lower": 4.1, "score_upper": 10.96, "health_state": "INTACT", "score_confidence": "moderate", "is_outdated": false, "cve_count": 0 }, { "name": "readline-common", "ecosystem": "debian,ubuntu", "version": "8.2-6", "upstream_version": null, "description": "GNU readline and history libraries, common files", "homepage": "https://tiswww.case.edu/php/chet/readline/rltop.html", "upstream_repo": null, "download_count": 281860, "reverse_dep_count": 0, "cve_ids": [], "minor_cve_count": 0, "fix_refs": [], "dependents": [], "score": 6.36, "dependencies": [], "max_cvss": 0.0, "max_epss": 0.0, "transitive_rdep_count": 13604, "betweenness": 0.0, "version_source": "packages.gz", "patch_safety_score": 0.547, "patch_regression_risk": "medium", "exposure_days": 0, "cve_disclosed_at": "", "distro_lag_days": 0, "distro_versions": {}, "distro_patch_dates": {}, "exploit_maturity": "none", "has_public_exploit": false, "exploit_urls": [], "in_cisa_kev": false, "epss_delta": 0.0, "epss_prev": 0.0, "ossfuzz_covered": false, "ossfuzz_project": "", "sla_days_overdue": 0, "sla_band": "", "vendor_advisory_ids": [], "changelog_summary": "", "reachable": false, "reachability_source": "", "reachable_cves": [], "unreachable_cves": [], "confusion_risks": [], "slsa_level": 0, "slsa_builder": "", "slsa_verified": false, "slsa_source_ref": "", "runtime_loaded": false, "runtime_pids": [], "runtime_procs": [], "score_uncertainty": 3.43, "score_lower": 2.93, "score_upper": 9.79, "health_state": "INTACT", "score_confidence": "moderate", "is_outdated": false, "cve_count": 0 }, { "name": "libkeyutils1", "ecosystem": "debian", "version": "1.6.3-6", "upstream_version": null, "description": "Linux Key Management Utilities (library)", "homepage": "https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/keyutils.git", "upstream_repo": "https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/keyutils", "download_count": 281770, "reverse_dep_count": 0, "cve_ids": [], "minor_cve_count": 0, "fix_refs": [], "dependents": [], "score": 6.03, "dependencies": [], "max_cvss": 0.0, "max_epss": 0.0, "transitive_rdep_count": 12852, "betweenness": 0.0, "version_source": "packages.gz", "patch_safety_score": 0.46, "patch_regression_risk": "medium", "exposure_days": 0, "cve_disclosed_at": "", "distro_lag_days": 0, "distro_versions": {}, "distro_patch_dates": {}, "exploit_maturity": "none", "has_public_exploit": false, "exploit_urls": [], "in_cisa_kev": false, "epss_delta": 0.0, "epss_prev": 0.0, "ossfuzz_covered": false, "ossfuzz_project": "", "sla_days_overdue": 0, "sla_band": "", "vendor_advisory_ids": [], "changelog_summary": "", "reachable": false, "reachability_source": "", "reachable_cves": [], "unreachable_cves": [], "confusion_risks": [], "slsa_level": 0, "slsa_builder": "", "slsa_verified": false, "slsa_source_ref": "", "runtime_loaded": false, "runtime_pids": [], "runtime_procs": [], "score_uncertainty": 3.43, "score_lower": 2.6, "score_upper": 9.46, "health_state": "INTACT", "score_confidence": "moderate", "is_outdated": false, "cve_count": 0 }, { "name": "netbase", "ecosystem": "debian", "version": "6.5", "upstream_version": null, "description": "Basic TCP/IP networking system", "homepage": null, "upstream_repo": null, "download_count": 281896, "reverse_dep_count": 0, "cve_ids": [], "minor_cve_count": 0, "fix_refs": [], "dependents": [], "score": 5.54, "dependencies": [], "max_cvss": 0.0, "max_epss": 0.0, "transitive_rdep_count": 11753, "betweenness": 0.0, "version_source": "repology", "patch_safety_score": 0.547, "patch_regression_risk": "medium", "exposure_days": 0, "cve_disclosed_at": "", "distro_lag_days": 0, "distro_versions": { "debian_12": "6.4", "debian_13": "6.5", "debian_14": "6.5", "ubuntu_22_04": "6.3", "ubuntu_24_04": "6.4", "ubuntu_25_04": "6.4" }, "distro_patch_dates": {}, "exploit_maturity": "none", "has_public_exploit": false, "exploit_urls": [], "in_cisa_kev": false, "epss_delta": 0.0, "epss_prev": 0.0, "ossfuzz_covered": false, "ossfuzz_project": "", "sla_days_overdue": 0, "sla_band": "", "vendor_advisory_ids": [], "changelog_summary": "", "reachable": false, "reachability_source": "", "reachable_cves": [], "unreachable_cves": [], "confusion_risks": [], "slsa_level": 0, "slsa_builder": "", "slsa_verified": false, "slsa_source_ref": "", "runtime_loaded": false, "runtime_pids": [], "runtime_procs": [], "score_uncertainty": 3.43, "score_lower": 2.11, "score_upper": 8.97, "health_state": "INTACT", "score_confidence": "moderate", "is_outdated": false, "cve_count": 0 }, { "name": "perl-base", "ecosystem": "debian", "version": "5.40.1-6", "upstream_version": null, "description": "[2 resolved, 1 minor (Debian: unimportant)]", "homepage": "https://dev.perl.org/perl5/", "upstream_repo": null, "download_count": 281939, "reverse_dep_count": 0, "cve_ids": [], "minor_cve_count": 1, "fix_refs": [], "dependents": [], "score": 5.14, "dependencies": [], "max_cvss": 0.0, "max_epss": 0.0, "transitive_rdep_count": 10829, "betweenness": 0.0005605217130093944, "version_source": "packages.gz", "patch_safety_score": 0.46, "patch_regression_risk": "medium", "exposure_days": 0, "cve_disclosed_at": "", "distro_lag_days": 0, "distro_versions": {}, "distro_patch_dates": {}, "exploit_maturity": "none", "has_public_exploit": false, "exploit_urls": [], "in_cisa_kev": false, "epss_delta": 0.0, "epss_prev": 0.0, "ossfuzz_covered": false, "ossfuzz_project": "", "sla_days_overdue": 0, "sla_band": "", "vendor_advisory_ids": [], "changelog_summary": "", "reachable": false, "reachability_source": "", "reachable_cves": [], "unreachable_cves": [], "confusion_risks": [], "slsa_level": 0, "slsa_builder": "", "slsa_verified": false, "slsa_source_ref": "", "runtime_loaded": false, "runtime_pids": [], "runtime_procs": [], "score_uncertainty": 3.43, "score_lower": 1.71, "score_upper": 8.57, "health_state": "INTACT", "score_confidence": "moderate", "is_outdated": false, "cve_count": 0 }, { "name": "sysvinit-utils", "ecosystem": "debian", "version": "3.14-4", "upstream_version": null, "description": "System-V-like utilities", "homepage": "https://github.com/slicer69/sysvinit", "upstream_repo": "https://github.com/slicer69/sysvin", "download_count": 281916, "reverse_dep_count": 0, "cve_ids": [], "minor_cve_count": 0, "fix_refs": [], "dependents": [], "score": 4.25, "dependencies": [], "max_cvss": 0.0, "max_epss": 0.0, "transitive_rdep_count": 8835, "betweenness": 0.0, "version_source": "packages.gz", "patch_safety_score": 0.547, "patch_regression_risk": "medium", "exposure_days": 0, "cve_disclosed_at": "", "distro_lag_days": 0, "distro_versions": {}, "distro_patch_dates": {}, "exploit_maturity": "none", "has_public_exploit": false, "exploit_urls": [], "in_cisa_kev": false, "epss_delta": 0.0, "epss_prev": 0.0, "ossfuzz_covered": false, "ossfuzz_project": "", "sla_days_overdue": 0, "sla_band": "", "vendor_advisory_ids": [], "changelog_summary": "", "reachable": false, "reachability_source": "", "reachable_cves": [], "unreachable_cves": [], "confusion_risks": [], "slsa_level": 0, "slsa_builder": "", "slsa_verified": false, "slsa_source_ref": "", "runtime_loaded": false, "runtime_pids": [], "runtime_procs": [], "score_uncertainty": 3.43, "score_lower": 0.82, "score_upper": 7.68, "health_state": "INTACT", "score_confidence": "moderate", "is_outdated": false, "cve_count": 0 }, { "name": "sed", "ecosystem": "debian,ubuntu,fedora,alpine", "version": "4.9", "upstream_version": "4.9", "description": "GNU stream editor for filtering/transforming text", "homepage": "https://www.gnu.org/software/sed/", "upstream_repo": null, "download_count": 281921, "reverse_dep_count": 135, "cve_ids": [], "minor_cve_count": 0, "fix_refs": [], "dependents": [], "score": 4.0, "dependencies": [], "max_cvss": 0.0, "max_epss": 0.0, "transitive_rdep_count": 1534, "betweenness": 0.0, "version_source": "repology", "patch_safety_score": 0.797, "patch_regression_risk": "low", "exposure_days": 0, "cve_disclosed_at": "", "distro_lag_days": 0, "distro_versions": {}, "distro_patch_dates": {}, "exploit_maturity": "none", "has_public_exploit": false, "exploit_urls": [], "in_cisa_kev": false, "epss_delta": 0.0, "epss_prev": 0.0, "ossfuzz_covered": false, "ossfuzz_project": "", "sla_days_overdue": 0, "sla_band": "", "vendor_advisory_ids": [], "changelog_summary": "", "reachable": false, "reachability_source": "", "reachable_cves": [], "unreachable_cves": [], "confusion_risks": [], "slsa_level": 0, "slsa_builder": "", "slsa_verified": false, "slsa_source_ref": "", "runtime_loaded": false, "runtime_pids": [], "runtime_procs": [], "score_uncertainty": 3.43, "score_lower": 0.57, "score_upper": 7.43, "health_state": "INTACT", "score_confidence": "moderate", "is_outdated": false, "cve_count": 0 }, { "name": "libedit2", "ecosystem": "debian", "version": "3.1-20250104-1", "upstream_version": null, "description": "BSD editline and history libraries", "homepage": "https://www.thrysoee.dk/editline/", "upstream_repo": null, "download_count": 281863, "reverse_dep_count": 0, "cve_ids": [], "minor_cve_count": 0, "fix_refs": [], "dependents": [], "score": 3.68, "dependencies": [], "max_cvss": 0.0, "max_epss": 0.0, "transitive_rdep_count": 7564, "betweenness": 2.263180358065458e-05, "version_source": "packages.gz", "patch_safety_score": 0.46, "patch_regression_risk": "medium", "exposure_days": 0, "cve_disclosed_at": "", "distro_lag_days": 0, "distro_versions": {}, "distro_patch_dates": {}, "exploit_maturity": "none", "has_public_exploit": false, "exploit_urls": [], "in_cisa_kev": false, "epss_delta": 0.0, "epss_prev": 0.0, "ossfuzz_covered": false, "ossfuzz_project": "", "sla_days_overdue": 0, "sla_band": "", "vendor_advisory_ids": [], "changelog_summary": "", "reachable": false, "reachability_source": "", "reachable_cves": [], "unreachable_cves": [], "confusion_risks": [], "slsa_level": 0, "slsa_builder": "", "slsa_verified": false, "slsa_source_ref": "", "runtime_loaded": false, "runtime_pids": [], "runtime_procs": [], "score_uncertainty": 3.43, "score_lower": 0.25, "score_upper": 7.11, "health_state": "INTACT", "score_confidence": "moderate", "is_outdated": false, "cve_count": 0 }, { "name": "libacl1", "ecosystem": "debian", "version": "2.3.2-2+b1", "upstream_version": null, "description": "access control list - shared library", "homepage": "https://savannah.nongnu.org/projects/acl/", "upstream_repo": null, "download_count": 281952, "reverse_dep_count": 0, "cve_ids": [], "minor_cve_count": 0, "fix_refs": [], "dependents": [], "score": 3.13, "dependencies": [], "max_cvss": 0.0, "max_epss": 0.0, "transitive_rdep_count": 6302, "betweenness": 0.0002005600856601598, "version_source": "packages.gz", "patch_safety_score": 0.46, "patch_regression_risk": "medium", "exposure_days": 0, "cve_disclosed_at": "", "distro_lag_days": 0, "distro_versions": {}, "distro_patch_dates": {}, "exploit_maturity": "none", "has_public_exploit": false, "exploit_urls": [], "in_cisa_kev": false, "epss_delta": 0.0, "epss_prev": 0.0, "ossfuzz_covered": false, "ossfuzz_project": "", "sla_days_overdue": 0, "sla_band": "", "vendor_advisory_ids": [], "changelog_summary": "", "reachable": false, "reachability_source": "", "reachable_cves": [], "unreachable_cves": [], "confusion_risks": [], "slsa_level": 0, "slsa_builder": "", "slsa_verified": false, "slsa_source_ref": "", "runtime_loaded": false, "runtime_pids": [], "runtime_procs": [], "score_uncertainty": 3.43, "score_lower": 0, "score_upper": 6.56, "health_state": "INTACT", "score_confidence": "moderate", "is_outdated": false, "cve_count": 0 }, { "name": "base-passwd", "ecosystem": "debian", "version": "3.6.8", "upstream_version": null, "description": "Debian base system master password and group files", "homepage": null, "upstream_repo": null, "download_count": 281952, "reverse_dep_count": 0, "cve_ids": [], "minor_cve_count": 0, "fix_refs": [], "dependents": [], "score": 2.81, "dependencies": [], "max_cvss": 0.0, "max_epss": 0.0, "transitive_rdep_count": 5565, "betweenness": 0.0005909727370068364, "version_source": "repology", "patch_safety_score": 0.547, "patch_regression_risk": "medium", "exposure_days": 0, "cve_disclosed_at": "", "distro_lag_days": 0, "distro_versions": {}, "distro_patch_dates": {}, "exploit_maturity": "none", "has_public_exploit": false, "exploit_urls": [], "in_cisa_kev": false, "epss_delta": 0.0, "epss_prev": 0.0, "ossfuzz_covered": false, "ossfuzz_project": "", "sla_days_overdue": 0, "sla_band": "", "vendor_advisory_ids": [], "changelog_summary": "", "reachable": false, "reachability_source": "", "reachable_cves": [], "unreachable_cves": [], "confusion_risks": [], "slsa_level": 0, "slsa_builder": "", "slsa_verified": false, "slsa_source_ref": "", "runtime_loaded": false, "runtime_pids": [], "runtime_procs": [], "score_uncertainty": 3.43, "score_lower": 0, "score_upper": 6.24, "health_state": "INTACT", "score_confidence": "moderate", "is_outdated": false, "cve_count": 0 }, { "name": "libattr1", "ecosystem": "debian", "version": "2.5.2-3", "upstream_version": null, "description": "extended attribute handling - shared library", "homepage": "https://savannah.nongnu.org/projects/attr/", "upstream_repo": null, "download_count": 281940, "reverse_dep_count": 0, "cve_ids": [], "minor_cve_count": 0, "fix_refs": [], "dependents": [], "score": 2.73, "dependencies": [], "max_cvss": 0.0, "max_epss": 0.0, "transitive_rdep_count": 5414, "betweenness": 0.0, "version_source": "packages.gz", "patch_safety_score": 0.46, "patch_regression_risk": "medium", "exposure_days": 0, "cve_disclosed_at": "", "distro_lag_days": 0, "distro_versions": {}, "distro_patch_dates": {}, "exploit_maturity": "none", "has_public_exploit": false, "exploit_urls": [], "in_cisa_kev": false, "epss_delta": 0.0, "epss_prev": 0.0, "ossfuzz_covered": false, "ossfuzz_project": "", "sla_days_overdue": 0, "sla_band": "", "vendor_advisory_ids": [], "changelog_summary": "", "reachable": false, "reachability_source": "", "reachable_cves": [], "unreachable_cves": [], "confusion_risks": [], "slsa_level": 0, "slsa_builder": "", "slsa_verified": false, "slsa_source_ref": "", "runtime_loaded": false, "runtime_pids": [], "runtime_procs": [], "score_uncertainty": 3.43, "score_lower": 0, "score_upper": 6.16, "health_state": "INTACT", "score_confidence": "moderate", "is_outdated": false, "cve_count": 0 }, { "name": "findutils", "ecosystem": "debian,ubuntu,fedora,alpine,nixos", "version": "4.10.0", "upstream_version": "4.10.0", "description": "utilities for finding files--find, xargs", "homepage": "https://savannah.gnu.org/projects/findutils/", "upstream_repo": null, "download_count": 281936, "reverse_dep_count": 104, "cve_ids": [], "minor_cve_count": 0, "fix_refs": [], "dependents": [], "score": 2.73, "dependencies": [], "max_cvss": 0.0, "max_epss": 0.0, "transitive_rdep_count": 2, "betweenness": 0.006424511984185817, "version_source": "repology", "patch_safety_score": 0.797, "patch_regression_risk": "low", "exposure_days": 0, "cve_disclosed_at": "", "distro_lag_days": 0, "distro_versions": {}, "distro_patch_dates": {}, "exploit_maturity": "none", "has_public_exploit": false, "exploit_urls": [], "in_cisa_kev": false, "epss_delta": 0.0, "epss_prev": 0.0, "ossfuzz_covered": false, "ossfuzz_project": "", "sla_days_overdue": 0, "sla_band": "", "vendor_advisory_ids": [], "changelog_summary": "", "reachable": false, "reachability_source": "", "reachable_cves": [], "unreachable_cves": [], "confusion_risks": [], "slsa_level": 0, "slsa_builder": "", "slsa_verified": false, "slsa_source_ref": "", "runtime_loaded": false, "runtime_pids": [], "runtime_procs": [], "score_uncertainty": 3.43, "score_lower": 0, "score_upper": 6.16, "health_state": "INTACT", "score_confidence": "moderate", "is_outdated": false, "cve_count": 0 }, { "name": "adduser", "ecosystem": "debian", "version": "3.155", "upstream_version": "3.155", "description": "add and remove users and groups", "homepage": null, "upstream_repo": null, "download_count": 281969, "reverse_dep_count": 4, "cve_ids": [], "minor_cve_count": 0, "fix_refs": [], "dependents": [], "score": 2.67, "dependencies": [], "max_cvss": 0.0, "max_epss": 0.0, "transitive_rdep_count": 5079, "betweenness": 0.00010707519973643029, "version_source": "repology", "patch_safety_score": 0.797, "patch_regression_risk": "low", "exposure_days": 0, "cve_disclosed_at": "", "distro_lag_days": 0, "distro_versions": {}, "distro_patch_dates": {}, "exploit_maturity": "none", "has_public_exploit": false, "exploit_urls": [], "in_cisa_kev": false, "epss_delta": 0.0, "epss_prev": 0.0, "ossfuzz_covered": false, "ossfuzz_project": "", "sla_days_overdue": 0, "sla_band": "", "vendor_advisory_ids": [], "changelog_summary": "", "reachable": false, "reachability_source": "", "reachable_cves": [], "unreachable_cves": [], "confusion_risks": [], "slsa_level": 0, "slsa_builder": "", "slsa_verified": false, "slsa_source_ref": "", "runtime_loaded": false, "runtime_pids": [], "runtime_procs": [], "score_uncertainty": 3.43, "score_lower": 0, "score_upper": 6.1, "health_state": "INTACT", "score_confidence": "moderate", "is_outdated": false, "cve_count": 0 }, { "name": "cpio", "ecosystem": "debian", "version": "2.15", "upstream_version": "2.15", "description": "[1 resolved]", "homepage": "https://www.gnu.org/software/cpio/", "upstream_repo": null, "download_count": 281715, "reverse_dep_count": 91, "cve_ids": [], "minor_cve_count": 0, "fix_refs": [], "dependents": [], "score": 2.41, "dependencies": [], "max_cvss": 0.0, "max_epss": 0.0, "transitive_rdep_count": 144, "betweenness": 0.0, "version_source": "repology", "patch_safety_score": 0.797, "patch_regression_risk": "low", "exposure_days": 0, "cve_disclosed_at": "", "distro_lag_days": 0, "distro_versions": {}, "distro_patch_dates": {}, "exploit_maturity": "none", "has_public_exploit": false, "exploit_urls": [], "in_cisa_kev": false, "epss_delta": 0.0, "epss_prev": 0.0, "ossfuzz_covered": false, "ossfuzz_project": "", "sla_days_overdue": 0, "sla_band": "", "vendor_advisory_ids": [], "changelog_summary": "", "reachable": false, "reachability_source": "", "reachable_cves": [], "unreachable_cves": [], "confusion_risks": [], "slsa_level": 0, "slsa_builder": "", "slsa_verified": false, "slsa_source_ref": "", "runtime_loaded": false, "runtime_pids": [], "runtime_procs": [], "score_uncertainty": 3.43, "score_lower": 0, "score_upper": 5.84, "health_state": "INTACT", "score_confidence": "moderate", "is_outdated": false, "cve_count": 0 }, { "name": "grep", "ecosystem": "debian,ubuntu,fedora,alpine", "version": "3.12", "upstream_version": "3.12", "description": "GNU grep, egrep and fgrep", "homepage": "https://www.gnu.org/software/grep/", "upstream_repo": null, "download_count": 281930, "reverse_dep_count": 78, "cve_ids": [], "minor_cve_count": 0, "fix_refs": [], "dependents": [], "score": 2.06, "dependencies": [], "max_cvss": 0.0, "max_epss": 0.0, "transitive_rdep_count": 0, "betweenness": 0.0, "version_source": "repology", "patch_safety_score": 0.797, "patch_regression_risk": "low", "exposure_days": 0, "cve_disclosed_at": "", "distro_lag_days": 0, "distro_versions": {}, "distro_patch_dates": {}, "exploit_maturity": "none", "has_public_exploit": false, "exploit_urls": [], "in_cisa_kev": false, "epss_delta": 0.0, "epss_prev": 0.0, "ossfuzz_covered": false, "ossfuzz_project": "", "sla_days_overdue": 0, "sla_band": "", "vendor_advisory_ids": [], "changelog_summary": "", "reachable": false, "reachability_source": "", "reachable_cves": [], "unreachable_cves": [], "confusion_risks": [], "slsa_level": 0, "slsa_builder": "", "slsa_verified": false, "slsa_source_ref": "", "runtime_loaded": false, "runtime_pids": [], "runtime_procs": [], "score_uncertainty": 3.43, "score_lower": 0, "score_upper": 5.49, "health_state": "INTACT", "score_confidence": "low", "is_outdated": false, "cve_count": 0 }, { "name": "bash", "ecosystem": "debian,ubuntu,fedora,arch,alpine,nixos", "version": "5.3", "upstream_version": "5.3.p9", "description": "[1 resolved]", "homepage": "http://tiswww.case.edu/php/chet/bash/bashtop.html", "upstream_repo": null, "download_count": 281877, "reverse_dep_count": 53, "cve_ids": [], "minor_cve_count": 0, "fix_refs": [], "dependents": [], "score": 1.99, "dependencies": [], "max_cvss": 0.0, "max_epss": 0.0, "transitive_rdep_count": 27, "betweenness": 0.03162836669137632, "version_source": "repology", "patch_safety_score": 0.547, "patch_regression_risk": "medium", "exposure_days": 0, "cve_disclosed_at": "", "distro_lag_days": 0, "distro_versions": {}, "distro_patch_dates": {}, "exploit_maturity": "none", "has_public_exploit": false, "exploit_urls": [], "in_cisa_kev": false, "epss_delta": 0.0, "epss_prev": 0.0, "ossfuzz_covered": false, "ossfuzz_project": "", "sla_days_overdue": 0, "sla_band": "", "vendor_advisory_ids": [], "changelog_summary": "", "reachable": false, "reachability_source": "", "reachable_cves": [], "unreachable_cves": [], "confusion_risks": [], "slsa_level": 0, "slsa_builder": "", "slsa_verified": false, "slsa_source_ref": "", "runtime_loaded": false, "runtime_pids": [], "runtime_procs": [], "score_uncertainty": 3.43, "score_lower": 0, "score_upper": 5.42, "health_state": "INTACT", "score_confidence": "moderate", "is_outdated": true, "cve_count": 0 }, { "name": "logrotate", "ecosystem": "debian", "version": "3.22.0", "upstream_version": "3.22.0", "description": "Log rotation utility", "homepage": "https://github.com/logrotate/logrotate", "upstream_repo": "https://github.com/logrotate/logrotate", "download_count": 281636, "reverse_dep_count": 73, "cve_ids": [], "minor_cve_count": 0, "fix_refs": [], "dependents": [], "score": 1.99, "dependencies": [], "max_cvss": 0.0, "max_epss": 0.0, "transitive_rdep_count": 90, "betweenness": 0.00010789885511901821, "version_source": "repology", "patch_safety_score": 0.797, "patch_regression_risk": "low", "exposure_days": 0, "cve_disclosed_at": "", "distro_lag_days": 0, "distro_versions": {}, "distro_patch_dates": {}, "exploit_maturity": "none", "has_public_exploit": false, "exploit_urls": [], "in_cisa_kev": false, "epss_delta": 0.0, "epss_prev": 0.0, "ossfuzz_covered": false, "ossfuzz_project": "", "sla_days_overdue": 0, "sla_band": "", "vendor_advisory_ids": [], "changelog_summary": "", "reachable": false, "reachability_source": "", "reachable_cves": [], "unreachable_cves": [], "confusion_risks": [], "slsa_level": 0, "slsa_builder": "", "slsa_verified": false, "slsa_source_ref": "", "runtime_loaded": false, "runtime_pids": [], "runtime_procs": [], "score_uncertainty": 3.43, "score_lower": 0, "score_upper": 5.42, "health_state": "INTACT", "score_confidence": "moderate", "is_outdated": false, "cve_count": 0 }, { "name": "ucf", "ecosystem": "debian", "version": "3.0053", "upstream_version": "3.0053", "description": "Update Configuration File(s): preserve user changes to config files", "homepage": null, "upstream_repo": null, "download_count": 281775, "reverse_dep_count": 5, "cve_ids": [], "minor_cve_count": 0, "fix_refs": [], "dependents": [], "score": 1.85, "dependencies": [], "max_cvss": 0.0, "max_epss": 0.0, "transitive_rdep_count": 3120, "betweenness": 0.0014120272450995558, "version_source": "repology", "patch_safety_score": 0.797, "patch_regression_risk": "low", "exposure_days": 0, "cve_disclosed_at": "", "distro_lag_days": 0, "distro_versions": {}, "distro_patch_dates": {}, "exploit_maturity": "none", "has_public_exploit": false, "exploit_urls": [], "in_cisa_kev": false, "epss_delta": 0.0, "epss_prev": 0.0, "ossfuzz_covered": false, "ossfuzz_project": "", "sla_days_overdue": 0, "sla_band": "", "vendor_advisory_ids": [], "changelog_summary": "", "reachable": false, "reachability_source": "", "reachable_cves": [], "unreachable_cves": [], "confusion_risks": [], "slsa_level": 0, "slsa_builder": "", "slsa_verified": false, "slsa_source_ref": "", "runtime_loaded": false, "runtime_pids": [], "runtime_procs": [], "score_uncertainty": 3.43, "score_lower": 0, "score_upper": 5.28, "health_state": "INTACT", "score_confidence": "moderate", "is_outdated": false, "cve_count": 0 }, { "name": "gzip", "ecosystem": "debian,ubuntu,fedora,alpine,nixos", "version": "1.14", "upstream_version": "1.14", "description": "GNU compression utilities", "homepage": "https://www.gnu.org/software/gzip/", "upstream_repo": null, "download_count": 281930, "reverse_dep_count": 64, "cve_ids": [], "minor_cve_count": 0, "fix_refs": [], "dependents": [], "score": 1.75, "dependencies": [], "max_cvss": 0.0, "max_epss": 0.0, "transitive_rdep_count": 7, "betweenness": 0.0, "version_source": "repology", "patch_safety_score": 0.797, "patch_regression_risk": "low", "exposure_days": 0, "cve_disclosed_at": "", "distro_lag_days": 90, "distro_versions": { "alpine_3_20": "1.13", "alpine_3_21": "1.13", "debian_12": "1.12", "debian_13": "1.13", "debian_14": "1.13", "fedora_41": "1.13", "fedora_42": "1.13", "ubuntu_24_04": "1.12", "ubuntu_25_04": "1.13", "ubuntu_22_04": "1.10" }, "distro_patch_dates": {}, "exploit_maturity": "none", "has_public_exploit": false, "exploit_urls": [], "in_cisa_kev": false, "epss_delta": 0.0, "epss_prev": 0.0, "ossfuzz_covered": false, "ossfuzz_project": "", "sla_days_overdue": 0, "sla_band": "", "vendor_advisory_ids": [], "changelog_summary": "", "reachable": false, "reachability_source": "", "reachable_cves": [], "unreachable_cves": [], "confusion_risks": [], "slsa_level": 0, "slsa_builder": "", "slsa_verified": false, "slsa_source_ref": "", "runtime_loaded": false, "runtime_pids": [], "runtime_procs": [], "score_uncertainty": 3.43, "score_lower": 0, "score_upper": 5.18, "health_state": "INTACT", "score_confidence": "moderate", "is_outdated": false, "cve_count": 0 }, { "name": "coreutils", "ecosystem": "debian,ubuntu,fedora,arch,alpine,nixos", "version": "9.10", "upstream_version": "9.10", "description": "[1 resolved, 2 minor (Debian: unimportant)]", "homepage": "https://gnu.org/software/coreutils", "upstream_repo": null, "download_count": 281951, "reverse_dep_count": 51, "cve_ids": [], "minor_cve_count": 2, "fix_refs": [], "dependents": [], "score": 1.5, "dependencies": [], "max_cvss": 0.0, "max_epss": 0.0, "transitive_rdep_count": 88, "betweenness": 0.0, "version_source": "repology", "patch_safety_score": 0.81, "patch_regression_risk": "low", "exposure_days": 0, "cve_disclosed_at": "", "distro_lag_days": 270, "distro_versions": { "alpine_3_20": "9.5", "alpine_3_21": "9.5", "debian_12": "9.1", "debian_13": "9.7", "debian_14": "9.10", "fedora_41": "9.5", "fedora_42": "9.6", "ubuntu_22_04": "8.32", "ubuntu_25_04": "9.5", "ubuntu_24_04": "9.4" }, "distro_patch_dates": {}, "exploit_maturity": "none", "has_public_exploit": false, "exploit_urls": [], "in_cisa_kev": false, "epss_delta": 0.0, "epss_prev": 0.0, "ossfuzz_covered": false, "ossfuzz_project": "", "sla_days_overdue": 0, "sla_band": "", "vendor_advisory_ids": [], "changelog_summary": "", "reachable": false, "reachability_source": "", "reachable_cves": [], "unreachable_cves": [], "confusion_risks": [], "slsa_level": 0, "slsa_builder": "", "slsa_verified": false, "slsa_source_ref": "", "runtime_loaded": false, "runtime_pids": [], "runtime_procs": [], "score_uncertainty": 3.43, "score_lower": 0, "score_upper": 4.93, "health_state": "INTACT", "score_confidence": "moderate", "is_outdated": false, "cve_count": 0 }, { "name": "dpkg", "ecosystem": "debian,ubuntu", "version": "1.23.7", "upstream_version": "1.23.7", "description": "[2 resolved]", "homepage": "https://wiki.debian.org/Teams/Dpkg", "upstream_repo": null, "download_count": 281965, "reverse_dep_count": 20, "cve_ids": [], "minor_cve_count": 0, "fix_refs": [], "dependents": [], "score": 1.39, "dependencies": [], "max_cvss": 0.0, "max_epss": 0.0, "transitive_rdep_count": 672, "betweenness": 0.021305825654338296, "version_source": "repology", "patch_safety_score": 0.5, "patch_regression_risk": "medium", "exposure_days": 0, "cve_disclosed_at": "", "distro_lag_days": 0, "distro_versions": {}, "distro_patch_dates": {}, "exploit_maturity": "none", "has_public_exploit": false, "exploit_urls": [], "in_cisa_kev": false, "epss_delta": 0.0, "epss_prev": 0.0, "ossfuzz_covered": false, "ossfuzz_project": "", "sla_days_overdue": 0, "sla_band": "", "vendor_advisory_ids": [], "changelog_summary": "", "reachable": false, "reachability_source": "", "reachable_cves": [], "unreachable_cves": [], "confusion_risks": [], "slsa_level": 0, "slsa_builder": "", "slsa_verified": false, "slsa_source_ref": "", "runtime_loaded": false, "runtime_pids": [], "runtime_procs": [], "score_uncertainty": 3.43, "score_lower": 0, "score_upper": 4.82, "health_state": "INTACT", "score_confidence": "moderate", "is_outdated": false, "cve_count": 0 }, { "name": "apt", "ecosystem": "debian,ubuntu", "version": "3.2.0", "upstream_version": "3.2.0", "description": "[1 minor (Debian: unimportant)]", "homepage": null, "upstream_repo": null, "download_count": 281966, "reverse_dep_count": 14, "cve_ids": [], "minor_cve_count": 1, "fix_refs": [], "dependents": [], "score": 1.17, "dependencies": [], "max_cvss": 0.0, "max_epss": 0.0, "transitive_rdep_count": 731, "betweenness": 0.013413816230717638, "version_source": "repology", "patch_safety_score": 0.513, "patch_regression_risk": "medium", "exposure_days": 0, "cve_disclosed_at": "", "distro_lag_days": 180, "distro_versions": { "alpine_3_20": "2.9.3", "alpine_3_21": "2.9.16", "debian_12": "2.6.1", "debian_13": "3.0.3", "debian_14": "3.2.0", "fedora_41": "2.9.8", "fedora_42": "3.1.16", "ubuntu_22_04": "2.4.5", "ubuntu_24_04": "2.7.14build2", "ubuntu_25_04": "3.0.0" }, "distro_patch_dates": {}, "exploit_maturity": "none", "has_public_exploit": false, "exploit_urls": [], "in_cisa_kev": false, "epss_delta": 0.0, "epss_prev": 0.0, "ossfuzz_covered": false, "ossfuzz_project": "", "sla_days_overdue": 0, "sla_band": "", "vendor_advisory_ids": [], "changelog_summary": "", "reachable": false, "reachability_source": "", "reachable_cves": [], "unreachable_cves": [], "confusion_risks": [], "slsa_level": 0, "slsa_builder": "", "slsa_verified": false, "slsa_source_ref": "", "runtime_loaded": false, "runtime_pids": [], "runtime_procs": [], "score_uncertainty": 3.43, "score_lower": 0, "score_upper": 4.6, "health_state": "INTACT", "score_confidence": "moderate", "is_outdated": false, "cve_count": 0 }, { "name": "debian-archive-keyring", "ecosystem": "debian", "version": "2025.1", "upstream_version": "2025.1", "description": "OpenPGP archive certificates of the Debian archive", "homepage": null, "upstream_repo": null, "download_count": 281758, "reverse_dep_count": 25, "cve_ids": [], "minor_cve_count": 0, "fix_refs": [], "dependents": [], "score": 1.16, "dependencies": [], "max_cvss": 0.0, "max_epss": 0.0, "transitive_rdep_count": 612, "betweenness": 0.0, "version_source": "repology", "patch_safety_score": 0.797, "patch_regression_risk": "low", "exposure_days": 0, "cve_disclosed_at": "", "distro_lag_days": 0, "distro_versions": {}, "distro_patch_dates": {}, "exploit_maturity": "none", "has_public_exploit": false, "exploit_urls": [], "in_cisa_kev": false, "epss_delta": 0.0, "epss_prev": 0.0, "ossfuzz_covered": false, "ossfuzz_project": "", "sla_days_overdue": 0, "sla_band": "", "vendor_advisory_ids": [], "changelog_summary": "", "reachable": false, "reachability_source": "", "reachable_cves": [], "unreachable_cves": [], "confusion_risks": [], "slsa_level": 0, "slsa_builder": "", "slsa_verified": false, "slsa_source_ref": "", "runtime_loaded": false, "runtime_pids": [], "runtime_procs": [], "score_uncertainty": 3.43, "score_lower": 0, "score_upper": 4.59, "health_state": "INTACT", "score_confidence": "moderate", "is_outdated": false, "cve_count": 0 }, { "name": "hostname", "ecosystem": "debian", "version": "3.25", "upstream_version": "3.25", "description": "utility to set/show the host name or domain name", "homepage": null, "upstream_repo": null, "download_count": 281931, "reverse_dep_count": 23, "cve_ids": [], "minor_cve_count": 0, "fix_refs": [], "dependents": [], "score": 0.84, "dependencies": [], "max_cvss": 0.0, "max_epss": 0.0, "transitive_rdep_count": 4, "betweenness": 0.0, "version_source": "repology", "patch_safety_score": 0.797, "patch_regression_risk": "low", "exposure_days": 0, "cve_disclosed_at": "", "distro_lag_days": 0, "distro_versions": {}, "distro_patch_dates": {}, "exploit_maturity": "none", "has_public_exploit": false, "exploit_urls": [], "in_cisa_kev": false, "epss_delta": 0.0, "epss_prev": 0.0, "ossfuzz_covered": false, "ossfuzz_project": "", "sla_days_overdue": 0, "sla_band": "", "vendor_advisory_ids": [], "changelog_summary": "", "reachable": false, "reachability_source": "", "reachable_cves": [], "unreachable_cves": [], "confusion_risks": [], "slsa_level": 0, "slsa_builder": "", "slsa_verified": false, "slsa_source_ref": "", "runtime_loaded": false, "runtime_pids": [], "runtime_procs": [], "score_uncertainty": 3.43, "score_lower": 0, "score_upper": 4.27, "health_state": "INTACT", "score_confidence": "moderate", "is_outdated": false, "cve_count": 0 }, { "name": "libslang2", "ecosystem": "debian", "version": "2.3.3-5+b2", "upstream_version": null, "description": "[2 minor (Debian: unimportant)]", "homepage": "http://www.jedsoft.org/slang/", "upstream_repo": null, "download_count": 281570, "reverse_dep_count": 0, "cve_ids": [], "minor_cve_count": 2, "fix_refs": [], "dependents": [], "score": 0.63, "dependencies": [], "max_cvss": 0.0, "max_epss": 0.0, "transitive_rdep_count": 668, "betweenness": 0.0, "version_source": "packages.gz", "patch_safety_score": 0.46, "patch_regression_risk": "medium", "exposure_days": 0, "cve_disclosed_at": "", "distro_lag_days": 0, "distro_versions": {}, "distro_patch_dates": {}, "exploit_maturity": "none", "has_public_exploit": false, "exploit_urls": [], "in_cisa_kev": false, "epss_delta": 0.0, "epss_prev": 0.0, "ossfuzz_covered": false, "ossfuzz_project": "", "sla_days_overdue": 0, "sla_band": "", "vendor_advisory_ids": [], "changelog_summary": "", "reachable": false, "reachability_source": "", "reachable_cves": [], "unreachable_cves": [], "confusion_risks": [], "slsa_level": 0, "slsa_builder": "", "slsa_verified": false, "slsa_source_ref": "", "runtime_loaded": false, "runtime_pids": [], "runtime_procs": [], "score_uncertainty": 3.43, "score_lower": 0, "score_upper": 4.06, "health_state": "INTACT", "score_confidence": "moderate", "is_outdated": false, "cve_count": 0 }, { "name": "libpopt0", "ecosystem": "debian", "version": "1.19", "upstream_version": null, "description": "lib for parsing cmdline parameters", "homepage": "https://github.com/rpm-software-management/popt", "upstream_repo": "https://github.com/rpm-software-management/pop", "download_count": 281859, "reverse_dep_count": 0, "cve_ids": [], "minor_cve_count": 0, "fix_refs": [], "dependents": [], "score": 0.6, "dependencies": [], "max_cvss": 0.0, "max_epss": 0.0, "transitive_rdep_count": 593, "betweenness": 0.0, "version_source": "packages.gz", "patch_safety_score": 0.46, "patch_regression_risk": "medium", "exposure_days": 0, "cve_disclosed_at": "", "distro_lag_days": 0, "distro_versions": {}, "distro_patch_dates": {}, "exploit_maturity": "none", "has_public_exploit": false, "exploit_urls": [], "in_cisa_kev": false, "epss_delta": 0.0, "epss_prev": 0.0, "ossfuzz_covered": false, "ossfuzz_project": "", "sla_days_overdue": 0, "sla_band": "", "vendor_advisory_ids": [], "changelog_summary": "", "reachable": false, "reachability_source": "", "reachable_cves": [], "unreachable_cves": [], "confusion_risks": [], "slsa_level": 0, "slsa_builder": "", "slsa_verified": false, "slsa_source_ref": "", "runtime_loaded": false, "runtime_pids": [], "runtime_procs": [], "score_uncertainty": 3.43, "score_lower": 0, "score_upper": 4.03, "health_state": "INTACT", "score_confidence": "moderate", "is_outdated": false, "cve_count": 0 }, { "name": "gettext-base", "ecosystem": "debian", "version": "0.23.1-2", "upstream_version": null, "description": "GNU Internationalization utilities for the base system", "homepage": "https://www.gnu.org/software/gettext/", "upstream_repo": null, "download_count": 281513, "reverse_dep_count": 0, "cve_ids": [], "minor_cve_count": 0, "fix_refs": [], "dependents": [], "score": 0.51, "dependencies": [], "max_cvss": 0.0, "max_epss": 0.0, "transitive_rdep_count": 405, "betweenness": 0.0, "version_source": "packages.gz", "patch_safety_score": 0.547, "patch_regression_risk": "medium", "exposure_days": 0, "cve_disclosed_at": "", "distro_lag_days": 0, "distro_versions": {}, "distro_patch_dates": {}, "exploit_maturity": "none", "has_public_exploit": false, "exploit_urls": [], "in_cisa_kev": false, "epss_delta": 0.0, "epss_prev": 0.0, "ossfuzz_covered": false, "ossfuzz_project": "", "sla_days_overdue": 0, "sla_band": "", "vendor_advisory_ids": [], "changelog_summary": "", "reachable": false, "reachability_source": "", "reachable_cves": [], "unreachable_cves": [], "confusion_risks": [], "slsa_level": 0, "slsa_builder": "", "slsa_verified": false, "slsa_source_ref": "", "runtime_loaded": false, "runtime_pids": [], "runtime_procs": [], "score_uncertainty": 3.43, "score_lower": 0, "score_upper": 3.94, "health_state": "INTACT", "score_confidence": "moderate", "is_outdated": false, "cve_count": 0 }, { "name": "base-files", "ecosystem": "debian", "version": "13.8+deb13u4", "upstream_version": null, "description": "Debian base system miscellaneous files", "homepage": null, "upstream_repo": null, "download_count": 281886, "reverse_dep_count": 0, "cve_ids": [], "minor_cve_count": 0, "fix_refs": [], "dependents": [], "score": 0.43, "dependencies": [], "max_cvss": 0.0, "max_epss": 0.0, "transitive_rdep_count": 222, "betweenness": 0.0, "version_source": "packages.gz", "patch_safety_score": 0.547, "patch_regression_risk": "medium", "exposure_days": 0, "cve_disclosed_at": "", "distro_lag_days": 0, "distro_versions": {}, "distro_patch_dates": {}, "exploit_maturity": "none", "has_public_exploit": false, "exploit_urls": [], "in_cisa_kev": false, "epss_delta": 0.0, "epss_prev": 0.0, "ossfuzz_covered": false, "ossfuzz_project": "", "sla_days_overdue": 0, "sla_band": "", "vendor_advisory_ids": [], "changelog_summary": "", "reachable": false, "reachability_source": "", "reachable_cves": [], "unreachable_cves": [], "confusion_risks": [], "slsa_level": 0, "slsa_builder": "", "slsa_verified": false, "slsa_source_ref": "", "runtime_loaded": false, "runtime_pids": [], "runtime_procs": [], "score_uncertainty": 3.43, "score_lower": 0, "score_upper": 3.86, "health_state": "INTACT", "score_confidence": "moderate", "is_outdated": false, "cve_count": 0 }, { "name": "popularity-contest", "ecosystem": "debian", "version": "1.79", "upstream_version": null, "description": "Vote for your favourite packages automatically", "homepage": "https://popcon.debian.org/", "upstream_repo": null, "download_count": 281665, "reverse_dep_count": 0, "cve_ids": [], "minor_cve_count": 0, "fix_refs": [], "dependents": [], "score": 0.37, "dependencies": [], "max_cvss": 0.0, "max_epss": 0.0, "transitive_rdep_count": 5, "betweenness": 0.0026165593926949786, "version_source": "repology", "patch_safety_score": 0.547, "patch_regression_risk": "medium", "exposure_days": 0, "cve_disclosed_at": "", "distro_lag_days": 0, "distro_versions": { "debian_12": "1.76", "debian_13": "1.78", "debian_14": "1.79", "ubuntu_22_04": "1.71ubuntu3", "ubuntu_24_04": "1.77ubuntu1", "ubuntu_25_04": "1.77ubuntu1" }, "distro_patch_dates": {}, "exploit_maturity": "none", "has_public_exploit": false, "exploit_urls": [], "in_cisa_kev": false, "epss_delta": 0.0, "epss_prev": 0.0, "ossfuzz_covered": false, "ossfuzz_project": "", "sla_days_overdue": 0, "sla_band": "", "vendor_advisory_ids": [], "changelog_summary": "", "reachable": false, "reachability_source": "", "reachable_cves": [], "unreachable_cves": [], "confusion_risks": [], "slsa_level": 0, "slsa_builder": "", "slsa_verified": false, "slsa_source_ref": "", "runtime_loaded": false, "runtime_pids": [], "runtime_procs": [], "score_uncertainty": 3.43, "score_lower": 0, "score_upper": 3.8, "health_state": "INTACT", "score_confidence": "moderate", "is_outdated": false, "cve_count": 0 }, { "name": "dash", "ecosystem": "debian,arch,alpine", "version": "0.5.12-12", "upstream_version": null, "description": "POSIX-compliant shell", "homepage": "http://gondor.apana.org.au/~herbert/dash/", "upstream_repo": null, "download_count": 281533, "reverse_dep_count": 0, "cve_ids": [], "minor_cve_count": 0, "fix_refs": [], "dependents": [], "score": 0.35, "dependencies": [], "max_cvss": 0.0, "max_epss": 0.0, "transitive_rdep_count": 38, "betweenness": 0.0, "version_source": "packages.gz", "patch_safety_score": 0.547, "patch_regression_risk": "medium", "exposure_days": 0, "cve_disclosed_at": "", "distro_lag_days": 0, "distro_versions": {}, "distro_patch_dates": {}, "exploit_maturity": "none", "has_public_exploit": false, "exploit_urls": [], "in_cisa_kev": false, "epss_delta": 0.0, "epss_prev": 0.0, "ossfuzz_covered": false, "ossfuzz_project": "", "sla_days_overdue": 0, "sla_band": "", "vendor_advisory_ids": [], "changelog_summary": "", "reachable": false, "reachability_source": "", "reachable_cves": [], "unreachable_cves": [], "confusion_risks": [], "slsa_level": 0, "slsa_builder": "", "slsa_verified": false, "slsa_source_ref": "", "runtime_loaded": false, "runtime_pids": [], "runtime_procs": [], "score_uncertainty": 3.43, "score_lower": 0, "score_upper": 3.78, "health_state": "INTACT", "score_confidence": "moderate", "is_outdated": false, "cve_count": 0 } ] }