This document describes the HTTP API endpoints of the Garden Linux Vulnerability Database (GLVD).
Find out more about GLVD at https://security.gardenlinux.org and https://github.com/gardenlinux/glvd.
This document provides real HTTP requests and responses captured from API tests. The data shown is based on unit tests and may differ from production data, but the structure of requests and responses remains consistent.
Triage Data
Triage is the process where the Garden Linux security team evaluates security vulnerabilities (CVEs) to determine their impact on Garden Linux releases. Getting Triage data is one of the main features of the GLVD API.
|
Understanding the 'resolved' Field
In GLVD, triage data gives extra context about a CVE for a specific Garden Linux release. For example, it can mark a CVE as a false positive or note that a fix is available upstream and will be included in a future release. Note that there may be multiple triages over time for the same CVE on the same Garden Linux version, as we go through the lifecycle of responding to the CVE. The The main field to check is Triages only exist for CVEs that were reported as 'vulnerable' by our upstream data sources. |
List Triages for a Garden Linux Release
Retrieve triaged security vulnerabilities for a Garden Linux release.
$ curl 'https://security.gardenlinux.org/v1/triage/gardenlinux/1592.9' -i -X GET \
-H 'Accept: application/json'Example response:
HTTP/1.1 200 OK
Content-Disposition: inline;filename=f.txt
Content-Type: application/json
Transfer-Encoding: chunked
Date: Fri, 19 Dec 2025 14:36:12 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Content-Length: 1678
[ {
"cveId" : "CVE-2005-2541",
"sourcePackageName" : "tar",
"sourcePackageVersion" : "1.35+dfsg-3",
"triageMarkedAsResolved" : true,
"triageDate" : "2024-12-06 11:25:25.922465+00",
"triageUseCase" : "UNIT_TEST",
"triageDescription" : "Unit test for https://github.com/gardenlinux/glvd/issues/155",
"triageGardenLinuxVersion" : "1592.9",
"nvdVulnerabilityStatus" : "\"Deferred\"",
"nvdCvePublishedDate" : "\"2005-08-10T04:00:00.000\"",
"nvdCveLastModifiedDate" : "\"2025-04-03T01:03:51.193\"",
"nvdCveDescription" : "\"Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.\"",
"nvdCveCvssBaseScore" : 10.0
}, {
"cveId" : "CVE-2019-1010022",
"sourcePackageName" : "glibc",
"sourcePackageVersion" : "2.39-6gl0~bp1592",
"triageMarkedAsResolved" : false,
"triageDate" : "2024-12-06 11:25:25.922465+00",
"triageUseCase" : "UNIT_TEST",
"triageDescription" : "Unit test for https://github.com/gardenlinux/glvd/issues/155",
"triageGardenLinuxVersion" : "1592.9",
"nvdVulnerabilityStatus" : "\"Modified\"",
"nvdCvePublishedDate" : "\"2019-07-15T04:15:13.317\"",
"nvdCveLastModifiedDate" : "\"2024-11-21T04:17:55.500\"",
"nvdCveDescription" : "\"GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \\\"this is being treated as a non-security bug and no real threat.\"",
"nvdCveCvssBaseScore" : 9.8
} ]Get Triages for a CVE
Retrieve triage information for a specific CVE by its ID.
$ curl 'https://security.gardenlinux.org/v1/triage/cve/CVE-2019-1010022' -i -X GET \
-H 'Accept: application/json'Example response:
HTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Date: Fri, 19 Dec 2025 14:36:13 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Content-Length: 949
[ {
"cveId" : "CVE-2019-1010022",
"sourcePackageName" : "glibc",
"sourcePackageVersion" : "2.39-6gl0~bp1592",
"triageMarkedAsResolved" : false,
"triageDate" : "2024-12-06 11:25:25.922465+00",
"triageUseCase" : "UNIT_TEST",
"triageDescription" : "Unit test for https://github.com/gardenlinux/glvd/issues/155",
"triageGardenLinuxVersion" : "1592.9",
"nvdVulnerabilityStatus" : "\"Modified\"",
"nvdCvePublishedDate" : "\"2019-07-15T04:15:13.317\"",
"nvdCveLastModifiedDate" : "\"2024-11-21T04:17:55.500\"",
"nvdCveDescription" : "\"GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \\\"this is being treated as a non-security bug and no real threat.\"",
"nvdCveCvssBaseScore" : 9.8
} ]Get Triages for a Debian Source Package
Retrieve triage information for all CVEs related to a Debian source package.
$ curl 'https://security.gardenlinux.org/v1/triage/sourcePackage/glibc' -i -X GET \
-H 'Accept: application/json'Example response:
HTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Date: Fri, 19 Dec 2025 14:36:11 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Content-Length: 949
[ {
"cveId" : "CVE-2019-1010022",
"sourcePackageName" : "glibc",
"sourcePackageVersion" : "2.39-6gl0~bp1592",
"triageMarkedAsResolved" : false,
"triageDate" : "2024-12-06 11:25:25.922465+00",
"triageUseCase" : "UNIT_TEST",
"triageDescription" : "Unit test for https://github.com/gardenlinux/glvd/issues/155",
"triageGardenLinuxVersion" : "1592.9",
"nvdVulnerabilityStatus" : "\"Modified\"",
"nvdCvePublishedDate" : "\"2019-07-15T04:15:13.317\"",
"nvdCveLastModifiedDate" : "\"2024-11-21T04:17:55.500\"",
"nvdCveDescription" : "\"GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \\\"this is being treated as a non-security bug and no real threat.\"",
"nvdCveCvssBaseScore" : 9.8
} ]List All Triages
Retrieve a list of triages regardless of the Garden Linux release.
$ curl 'https://security.gardenlinux.org/v1/triage' -i -X GET \
-H 'Accept: application/json'Example response:
HTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Date: Fri, 19 Dec 2025 14:36:13 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Content-Length: 1678
[ {
"cveId" : "CVE-2005-2541",
"sourcePackageName" : "tar",
"sourcePackageVersion" : "1.35+dfsg-3",
"triageMarkedAsResolved" : true,
"triageDate" : "2024-12-06 11:25:25.922465+00",
"triageUseCase" : "UNIT_TEST",
"triageDescription" : "Unit test for https://github.com/gardenlinux/glvd/issues/155",
"triageGardenLinuxVersion" : "1592.9",
"nvdVulnerabilityStatus" : "\"Deferred\"",
"nvdCvePublishedDate" : "\"2005-08-10T04:00:00.000\"",
"nvdCveLastModifiedDate" : "\"2025-04-03T01:03:51.193\"",
"nvdCveDescription" : "\"Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.\"",
"nvdCveCvssBaseScore" : 10.0
}, {
"cveId" : "CVE-2019-1010022",
"sourcePackageName" : "glibc",
"sourcePackageVersion" : "2.39-6gl0~bp1592",
"triageMarkedAsResolved" : false,
"triageDate" : "2024-12-06 11:25:25.922465+00",
"triageUseCase" : "UNIT_TEST",
"triageDescription" : "Unit test for https://github.com/gardenlinux/glvd/issues/155",
"triageGardenLinuxVersion" : "1592.9",
"nvdVulnerabilityStatus" : "\"Modified\"",
"nvdCvePublishedDate" : "\"2019-07-15T04:15:13.317\"",
"nvdCveLastModifiedDate" : "\"2024-11-21T04:17:55.500\"",
"nvdCveDescription" : "\"GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \\\"this is being treated as a non-security bug and no real threat.\"",
"nvdCveCvssBaseScore" : 9.8
} ]CVE Data
List CVEs by Distribution
Retrieve all CVEs for a given distribution and version:
$ curl 'https://security.gardenlinux.org/v1/cves/1592.4?sortBy=cveId&sortOrder=DESC' -i -X GET \
-H 'Accept: application/json'
The sortBy and sortOrder query parameters are optional. If omitted, default sorting is applied.
|
Example response:
HTTP/1.1 200 OK
Content-Disposition: inline;filename=f.txt
Content-Type: application/json
Transfer-Encoding: chunked
Date: Fri, 19 Dec 2025 14:36:12 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Content-Length: 7058
[ {
"cveId" : "CVE-2025-0938",
"sourcePackageName" : "python3.12",
"sourcePackageVersion" : "3.12.7-1gl1~bp1592",
"gardenlinuxVersion" : "1592.4",
"cvePublishedDate" : "2025-01-31T18:15:38.053",
"cveLastModifiedDate" : "2025-01-31T20:15:33.083",
"cveLastIngestedDate" : "2025-02-04 07:32:48.024849+00",
"vulnStatus" : "Received",
"baseScore" : 6.3,
"vectorString" : "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScoreV40" : 6.3,
"baseScoreV31" : null,
"baseScoreV30" : null,
"baseScoreV2" : null,
"vectorStringV40" : "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"vectorStringV31" : null,
"vectorStringV30" : null,
"vectorStringV2" : null,
"vulnerable" : true
}, {
"cveId" : "CVE-2024-9287",
"sourcePackageName" : "python3.12",
"sourcePackageVersion" : "3.12.7-1gl1~bp1592",
"gardenlinuxVersion" : "1592.4",
"cvePublishedDate" : "2024-10-22T17:15:06.697",
"cveLastModifiedDate" : "2025-01-31T20:15:32.580",
"cveLastIngestedDate" : "2025-02-04 07:32:48.024849+00",
"vulnStatus" : "Awaiting Analysis",
"baseScore" : 5.3,
"vectorString" : "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Green",
"baseScoreV40" : 5.3,
"baseScoreV31" : null,
"baseScoreV30" : null,
"baseScoreV2" : null,
"vectorStringV40" : "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Green",
"vectorStringV31" : null,
"vectorStringV30" : null,
"vectorStringV2" : null,
"vulnerable" : true
}, {
"cveId" : "CVE-2024-56326",
"sourcePackageName" : "jinja2",
"sourcePackageVersion" : "3.1.3-1",
"gardenlinuxVersion" : "1592.4",
"cvePublishedDate" : "2024-12-23T16:15:07.590",
"cveLastModifiedDate" : "2024-12-27T18:15:38.947",
"cveLastIngestedDate" : "2025-01-13 05:22:16.87863+00",
"vulnStatus" : "Awaiting Analysis",
"baseScore" : 7.8,
"vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScoreV40" : 5.4,
"baseScoreV31" : 7.8,
"baseScoreV30" : null,
"baseScoreV2" : null,
"vectorStringV40" : "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"vectorStringV31" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"vectorStringV30" : null,
"vectorStringV2" : null,
"vulnerable" : true
}, {
"cveId" : "CVE-2024-12086",
"sourcePackageName" : "rsync",
"sourcePackageVersion" : "3.3.0-1",
"gardenlinuxVersion" : "1592.4",
"cvePublishedDate" : "2025-01-14T18:15:25.297",
"cveLastModifiedDate" : "2025-01-14T22:15:26.370",
"cveLastIngestedDate" : "2025-02-04 07:32:48.024849+00",
"vulnStatus" : "Awaiting Analysis",
"baseScore" : 6.1,
"vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"baseScoreV40" : null,
"baseScoreV31" : 6.1,
"baseScoreV30" : null,
"baseScoreV2" : null,
"vectorStringV40" : null,
"vectorStringV31" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"vectorStringV30" : null,
"vectorStringV2" : null,
"vulnerable" : true
}, {
"cveId" : "CVE-2024-12085",
"sourcePackageName" : "rsync",
"sourcePackageVersion" : "3.3.0-1",
"gardenlinuxVersion" : "1592.4",
"cvePublishedDate" : "2025-01-14T18:15:25.123",
"cveLastModifiedDate" : "2025-02-03T20:15:32.520",
"cveLastIngestedDate" : "2025-02-04 07:32:48.024849+00",
"vulnStatus" : "Awaiting Analysis",
"baseScore" : 7.5,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScoreV40" : null,
"baseScoreV31" : 7.5,
"baseScoreV30" : null,
"baseScoreV2" : null,
"vectorStringV40" : null,
"vectorStringV31" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"vectorStringV30" : null,
"vectorStringV2" : null,
"vulnerable" : true
}, {
"cveId" : "CVE-2024-11053",
"sourcePackageName" : "curl",
"sourcePackageVersion" : "8.11.0-1gl0",
"gardenlinuxVersion" : "1592.4",
"cvePublishedDate" : "2024-12-11T08:15:05.307",
"cveLastModifiedDate" : "2025-01-31T15:15:12.400",
"cveLastIngestedDate" : "2025-02-04 07:32:48.024849+00",
"vulnStatus" : "Awaiting Analysis",
"baseScore" : 3.4,
"vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N",
"baseScoreV40" : null,
"baseScoreV31" : 3.4,
"baseScoreV30" : null,
"baseScoreV2" : null,
"vectorStringV40" : null,
"vectorStringV31" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N",
"vectorStringV30" : null,
"vectorStringV2" : null,
"vulnerable" : true
}, {
"cveId" : "CVE-2022-0563",
"sourcePackageName" : "util-linux",
"sourcePackageVersion" : "2.40.2-1",
"gardenlinuxVersion" : "1592.4",
"cvePublishedDate" : "2022-02-21T19:15:08.393",
"cveLastModifiedDate" : "2025-06-09T16:15:33.237",
"cveLastIngestedDate" : "2025-07-07 06:33:43.153864+00",
"vulnStatus" : "Modified",
"baseScore" : 5.5,
"vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScoreV40" : null,
"baseScoreV31" : 5.5,
"baseScoreV30" : null,
"baseScoreV2" : 1.9,
"vectorStringV40" : null,
"vectorStringV31" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"vectorStringV30" : null,
"vectorStringV2" : "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"vulnerable" : true
}, {
"cveId" : "CVE-2025-21864",
"sourcePackageName" : "linux",
"sourcePackageVersion" : "6.6.63-0gl0~bp1592",
"gardenlinuxVersion" : "1592.4",
"cvePublishedDate" : "2025-03-12T10:15:19.520",
"cveLastModifiedDate" : "2025-03-13T21:13:34.190",
"cveLastIngestedDate" : "2025-03-13 21:13:34.19+00",
"vulnStatus" : "Analyzed",
"baseScore" : 5.5,
"vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScoreV40" : null,
"baseScoreV31" : 5.5,
"baseScoreV30" : null,
"baseScoreV2" : null,
"vectorStringV40" : null,
"vectorStringV31" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"vectorStringV30" : null,
"vectorStringV2" : null,
"vulnerable" : true
}, {
"cveId" : "CVE-2024-44953",
"sourcePackageName" : "linux",
"sourcePackageVersion" : "6.6.63-0gl0~bp1592",
"gardenlinuxVersion" : "1592.4",
"cvePublishedDate" : "2024-09-04T19:15:30.297",
"cveLastModifiedDate" : "2025-03-07T18:15:40.950",
"cveLastIngestedDate" : "2025-03-07 18:15:40.95+00",
"vulnStatus" : "Modified",
"baseScore" : 5.5,
"vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScoreV40" : null,
"baseScoreV31" : 5.5,
"baseScoreV30" : null,
"baseScoreV2" : null,
"vectorStringV40" : null,
"vectorStringV31" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"vectorStringV30" : null,
"vectorStringV2" : null,
"vulnerable" : true
} ]List CVEs by Image
Retrieve all CVEs for a given Garden Linux image and version. This applies a filter for the packages in the specified image.
Supported images are currently:
-
ali-gardener_prod -
aws-gardener_prod -
azure-gardener_prod -
gcp-gardener_prod -
openstack-gardener_prod
$ curl 'https://security.gardenlinux.org/v1/cves/1592.4/image/azure-gardener_prod' -i -X GET \
-H 'Accept: application/json'Example response:
HTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Date: Fri, 19 Dec 2025 14:36:12 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Content-Length: 8168
[ {
"cveId" : "CVE-2022-0563",
"sourcePackageName" : "util-linux",
"sourcePackageVersion" : "2.40.2-1",
"gardenlinuxVersion" : "1592.4",
"gardenlinuxImageName" : "azure-gardener_prod",
"gardenlinuxImageVersion" : "1592.4",
"gardenlinuxImageCommitId" : "local",
"cvePublishedDate" : "2022-02-21T19:15:08.393",
"cveLastModifiedDate" : "2025-06-09T16:15:33.237",
"cveLastIngestedDate" : "2025-07-07 06:33:43.153864+00",
"vulnStatus" : "Modified",
"baseScore" : 5.5,
"vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScoreV40" : null,
"baseScoreV31" : 5.5,
"baseScoreV30" : null,
"baseScoreV2" : 1.9,
"vectorStringV40" : null,
"vectorStringV31" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"vectorStringV30" : null,
"vectorStringV2" : "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"vulnerable" : true
}, {
"cveId" : "CVE-2024-11053",
"sourcePackageName" : "curl",
"sourcePackageVersion" : "8.11.0-1gl0",
"gardenlinuxVersion" : "1592.4",
"gardenlinuxImageName" : "azure-gardener_prod",
"gardenlinuxImageVersion" : "1592.4",
"gardenlinuxImageCommitId" : "local",
"cvePublishedDate" : "2024-12-11T08:15:05.307",
"cveLastModifiedDate" : "2025-01-31T15:15:12.400",
"cveLastIngestedDate" : "2025-02-04 07:32:48.024849+00",
"vulnStatus" : "Awaiting Analysis",
"baseScore" : 3.4,
"vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N",
"baseScoreV40" : null,
"baseScoreV31" : 3.4,
"baseScoreV30" : null,
"baseScoreV2" : null,
"vectorStringV40" : null,
"vectorStringV31" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N",
"vectorStringV30" : null,
"vectorStringV2" : null,
"vulnerable" : true
}, {
"cveId" : "CVE-2024-12085",
"sourcePackageName" : "rsync",
"sourcePackageVersion" : "3.3.0-1",
"gardenlinuxVersion" : "1592.4",
"gardenlinuxImageName" : "azure-gardener_prod",
"gardenlinuxImageVersion" : "1592.4",
"gardenlinuxImageCommitId" : "local",
"cvePublishedDate" : "2025-01-14T18:15:25.123",
"cveLastModifiedDate" : "2025-02-03T20:15:32.520",
"cveLastIngestedDate" : "2025-02-04 07:32:48.024849+00",
"vulnStatus" : "Awaiting Analysis",
"baseScore" : 7.5,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScoreV40" : null,
"baseScoreV31" : 7.5,
"baseScoreV30" : null,
"baseScoreV2" : null,
"vectorStringV40" : null,
"vectorStringV31" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"vectorStringV30" : null,
"vectorStringV2" : null,
"vulnerable" : true
}, {
"cveId" : "CVE-2024-12086",
"sourcePackageName" : "rsync",
"sourcePackageVersion" : "3.3.0-1",
"gardenlinuxVersion" : "1592.4",
"gardenlinuxImageName" : "azure-gardener_prod",
"gardenlinuxImageVersion" : "1592.4",
"gardenlinuxImageCommitId" : "local",
"cvePublishedDate" : "2025-01-14T18:15:25.297",
"cveLastModifiedDate" : "2025-01-14T22:15:26.370",
"cveLastIngestedDate" : "2025-02-04 07:32:48.024849+00",
"vulnStatus" : "Awaiting Analysis",
"baseScore" : 6.1,
"vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"baseScoreV40" : null,
"baseScoreV31" : 6.1,
"baseScoreV30" : null,
"baseScoreV2" : null,
"vectorStringV40" : null,
"vectorStringV31" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"vectorStringV30" : null,
"vectorStringV2" : null,
"vulnerable" : true
}, {
"cveId" : "CVE-2024-56326",
"sourcePackageName" : "jinja2",
"sourcePackageVersion" : "3.1.3-1",
"gardenlinuxVersion" : "1592.4",
"gardenlinuxImageName" : "azure-gardener_prod",
"gardenlinuxImageVersion" : "1592.4",
"gardenlinuxImageCommitId" : "local",
"cvePublishedDate" : "2024-12-23T16:15:07.590",
"cveLastModifiedDate" : "2024-12-27T18:15:38.947",
"cveLastIngestedDate" : "2025-01-13 05:22:16.87863+00",
"vulnStatus" : "Awaiting Analysis",
"baseScore" : 7.8,
"vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScoreV40" : 5.4,
"baseScoreV31" : 7.8,
"baseScoreV30" : null,
"baseScoreV2" : null,
"vectorStringV40" : "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"vectorStringV31" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"vectorStringV30" : null,
"vectorStringV2" : null,
"vulnerable" : true
}, {
"cveId" : "CVE-2024-9287",
"sourcePackageName" : "python3.12",
"sourcePackageVersion" : "3.12.7-1gl1~bp1592",
"gardenlinuxVersion" : "1592.4",
"gardenlinuxImageName" : "azure-gardener_prod",
"gardenlinuxImageVersion" : "1592.4",
"gardenlinuxImageCommitId" : "local",
"cvePublishedDate" : "2024-10-22T17:15:06.697",
"cveLastModifiedDate" : "2025-01-31T20:15:32.580",
"cveLastIngestedDate" : "2025-02-04 07:32:48.024849+00",
"vulnStatus" : "Awaiting Analysis",
"baseScore" : 5.3,
"vectorString" : "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Green",
"baseScoreV40" : 5.3,
"baseScoreV31" : null,
"baseScoreV30" : null,
"baseScoreV2" : null,
"vectorStringV40" : "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Green",
"vectorStringV31" : null,
"vectorStringV30" : null,
"vectorStringV2" : null,
"vulnerable" : true
}, {
"cveId" : "CVE-2025-0938",
"sourcePackageName" : "python3.12",
"sourcePackageVersion" : "3.12.7-1gl1~bp1592",
"gardenlinuxVersion" : "1592.4",
"gardenlinuxImageName" : "azure-gardener_prod",
"gardenlinuxImageVersion" : "1592.4",
"gardenlinuxImageCommitId" : "local",
"cvePublishedDate" : "2025-01-31T18:15:38.053",
"cveLastModifiedDate" : "2025-01-31T20:15:33.083",
"cveLastIngestedDate" : "2025-02-04 07:32:48.024849+00",
"vulnStatus" : "Received",
"baseScore" : 6.3,
"vectorString" : "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScoreV40" : 6.3,
"baseScoreV31" : null,
"baseScoreV30" : null,
"baseScoreV2" : null,
"vectorStringV40" : "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"vectorStringV31" : null,
"vectorStringV30" : null,
"vectorStringV2" : null,
"vulnerable" : true
}, {
"cveId" : "CVE-2025-21864",
"sourcePackageName" : "linux",
"sourcePackageVersion" : "6.6.63-0gl0~bp1592",
"gardenlinuxVersion" : "1592.4",
"gardenlinuxImageName" : "",
"gardenlinuxImageVersion" : "",
"gardenlinuxImageCommitId" : "",
"cvePublishedDate" : "2025-03-12T10:15:19.520",
"cveLastModifiedDate" : "2025-03-13T21:13:34.190",
"cveLastIngestedDate" : "2025-03-13 21:13:34.19+00",
"vulnStatus" : "Analyzed",
"baseScore" : 5.5,
"vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScoreV40" : null,
"baseScoreV31" : 5.5,
"baseScoreV30" : null,
"baseScoreV2" : null,
"vectorStringV40" : null,
"vectorStringV31" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"vectorStringV30" : null,
"vectorStringV2" : null,
"vulnerable" : true
}, {
"cveId" : "CVE-2024-44953",
"sourcePackageName" : "linux",
"sourcePackageVersion" : "6.6.63-0gl0~bp1592",
"gardenlinuxVersion" : "1592.4",
"gardenlinuxImageName" : "",
"gardenlinuxImageVersion" : "",
"gardenlinuxImageCommitId" : "",
"cvePublishedDate" : "2024-09-04T19:15:30.297",
"cveLastModifiedDate" : "2025-03-07T18:15:40.950",
"cveLastIngestedDate" : "2025-03-07 18:15:40.95+00",
"vulnStatus" : "Modified",
"baseScore" : 5.5,
"vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScoreV40" : null,
"baseScoreV31" : 5.5,
"baseScoreV30" : null,
"baseScoreV2" : null,
"vectorStringV40" : null,
"vectorStringV31" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"vectorStringV30" : null,
"vectorStringV2" : null,
"vulnerable" : true
} ]List CVEs for Packages by Distribution
Retrieve all CVEs for a list of packages in a specified distribution. Package names are comma-separated (URL-encoding may be required).
$ curl 'https://security.gardenlinux.org/v1/cves/1592.4/packages/jinja2%2Cvim' -i -X GET \
-H 'Accept: application/json'Example response:
HTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Date: Fri, 19 Dec 2025 14:36:11 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Content-Length: 875
[ {
"cveId" : "CVE-2024-56326",
"sourcePackageName" : "jinja2",
"sourcePackageVersion" : "3.1.3-1",
"gardenlinuxVersion" : "1592.4",
"cvePublishedDate" : "2024-12-23T16:15:07.590",
"cveLastModifiedDate" : "2024-12-27T18:15:38.947",
"cveLastIngestedDate" : "2025-01-13 05:22:16.87863+00",
"vulnStatus" : "Awaiting Analysis",
"baseScore" : 7.8,
"vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScoreV40" : 5.4,
"baseScoreV31" : 7.8,
"baseScoreV30" : null,
"baseScoreV2" : null,
"vectorStringV40" : "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"vectorStringV31" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"vectorStringV30" : null,
"vectorStringV2" : null,
"vulnerable" : true
} ]List CVEs for Packages by Distribution (PUT)
Retrieve all CVEs for a list of packages in a specified distribution. Package names are provided in the request body as JSON.
$ curl 'https://security.gardenlinux.org/v1/cves/1592.4/packages' -i -X PUT \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-d ' {
"packageNames": [
"vim",
"bash",
"python3",
"curl",
"jinja2"
]
}'Example response:
HTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Date: Fri, 19 Dec 2025 14:36:13 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Content-Length: 1580
[ {
"cveId" : "CVE-2024-56326",
"sourcePackageName" : "jinja2",
"sourcePackageVersion" : "3.1.3-1",
"gardenlinuxVersion" : "1592.4",
"cvePublishedDate" : "2024-12-23T16:15:07.590",
"cveLastModifiedDate" : "2024-12-27T18:15:38.947",
"cveLastIngestedDate" : "2025-01-13 05:22:16.87863+00",
"vulnStatus" : "Awaiting Analysis",
"baseScore" : 7.8,
"vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScoreV40" : 5.4,
"baseScoreV31" : 7.8,
"baseScoreV30" : null,
"baseScoreV2" : null,
"vectorStringV40" : "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"vectorStringV31" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"vectorStringV30" : null,
"vectorStringV2" : null,
"vulnerable" : true
}, {
"cveId" : "CVE-2024-11053",
"sourcePackageName" : "curl",
"sourcePackageVersion" : "8.11.0-1gl0",
"gardenlinuxVersion" : "1592.4",
"cvePublishedDate" : "2024-12-11T08:15:05.307",
"cveLastModifiedDate" : "2025-01-31T15:15:12.400",
"cveLastIngestedDate" : "2025-02-04 07:32:48.024849+00",
"vulnStatus" : "Awaiting Analysis",
"baseScore" : 3.4,
"vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N",
"baseScoreV40" : null,
"baseScoreV31" : 3.4,
"baseScoreV30" : null,
"baseScoreV2" : null,
"vectorStringV40" : null,
"vectorStringV31" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N",
"vectorStringV30" : null,
"vectorStringV2" : null,
"vulnerable" : true
} ]Get Vulnerabilities for a Package
Retrieve vulnerabilities for a specific package.
$ curl 'https://security.gardenlinux.org/v1/packages/jinja2' -i -X GET \
-H 'Accept: application/json'Example response:
HTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Date: Fri, 19 Dec 2025 14:36:13 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Content-Length: 1748
[ {
"cveId" : "CVE-2024-56326",
"sourcePackageName" : "jinja2",
"sourcePackageVersion" : "3.1.3-1",
"gardenlinuxVersion" : "1592.4",
"cvePublishedDate" : "2024-12-23T16:15:07.590",
"cveLastModifiedDate" : "2024-12-27T18:15:38.947",
"cveLastIngestedDate" : "2025-01-13 05:22:16.87863+00",
"vulnStatus" : "Awaiting Analysis",
"baseScore" : 7.8,
"vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScoreV40" : 5.4,
"baseScoreV31" : 7.8,
"baseScoreV30" : null,
"baseScoreV2" : null,
"vectorStringV40" : "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"vectorStringV31" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"vectorStringV30" : null,
"vectorStringV2" : null,
"vulnerable" : true
}, {
"cveId" : "CVE-2024-56326",
"sourcePackageName" : "jinja2",
"sourcePackageVersion" : "3.1.3-1",
"gardenlinuxVersion" : "1592.4",
"cvePublishedDate" : "2024-12-23T16:15:07.590",
"cveLastModifiedDate" : "2024-12-27T18:15:38.947",
"cveLastIngestedDate" : "2025-01-13 05:22:16.87863+00",
"vulnStatus" : "Awaiting Analysis",
"baseScore" : 7.8,
"vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScoreV40" : 5.4,
"baseScoreV31" : 7.8,
"baseScoreV30" : null,
"baseScoreV2" : null,
"vectorStringV40" : "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"vectorStringV31" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"vectorStringV30" : null,
"vectorStringV2" : null,
"vulnerable" : true
} ]Get Vulnerabilities for a Package by Version
Retrieve vulnerabilities for a specific package and version.
$ curl 'https://security.gardenlinux.org/v1/packages/jinja2/3.1.3-1' -i -X GET \
-H 'Accept: application/json'Example response:
HTTP/1.1 200 OK
Content-Disposition: inline;filename=f.txt
Content-Type: application/json
Transfer-Encoding: chunked
Date: Fri, 19 Dec 2025 14:36:12 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Content-Length: 875
[ {
"cveId" : "CVE-2024-56326",
"sourcePackageName" : "jinja2",
"sourcePackageVersion" : "3.1.3-1",
"gardenlinuxVersion" : "1592.4",
"cvePublishedDate" : "2024-12-23T16:15:07.590",
"cveLastModifiedDate" : "2024-12-27T18:15:38.947",
"cveLastIngestedDate" : "2025-01-13 05:22:16.87863+00",
"vulnStatus" : "Awaiting Analysis",
"baseScore" : 7.8,
"vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScoreV40" : 5.4,
"baseScoreV31" : 7.8,
"baseScoreV30" : null,
"baseScoreV2" : null,
"vectorStringV40" : "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"vectorStringV31" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"vectorStringV30" : null,
"vectorStringV2" : null,
"vulnerable" : true
} ]List Packages Affected by a Vulnerability
Retrieve a list of packages affected by a specific vulnerability.
$ curl 'https://security.gardenlinux.org/v1/distro/1592.4/CVE-2024-56326' -i -X GET \
-H 'Accept: application/json'Example response:
HTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Date: Fri, 19 Dec 2025 14:36:11 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Content-Length: 875
[ {
"cveId" : "CVE-2024-56326",
"sourcePackageName" : "jinja2",
"sourcePackageVersion" : "3.1.3-1",
"gardenlinuxVersion" : "1592.4",
"cvePublishedDate" : "2024-12-23T16:15:07.590",
"cveLastModifiedDate" : "2024-12-27T18:15:38.947",
"cveLastIngestedDate" : "2025-01-13 05:22:16.87863+00",
"vulnStatus" : "Awaiting Analysis",
"baseScore" : 7.8,
"vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScoreV40" : 5.4,
"baseScoreV31" : 7.8,
"baseScoreV30" : null,
"baseScoreV2" : null,
"vectorStringV40" : "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"vectorStringV31" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"vectorStringV30" : null,
"vectorStringV2" : null,
"vulnerable" : true
} ]Get CVE Details with Triage Data
Retrieve information about a CVE by its ID. If triage data is available for this CVE, it is included in the response.
$ curl 'https://security.gardenlinux.org/v1/cveDetails/CVE-2023-50387' -i -X GET \
-H 'Accept: application/json'Example response:
HTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Date: Fri, 19 Dec 2025 14:36:11 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Content-Length: 2279
{
"details" : {
"cveId" : "CVE-2023-50387",
"vulnStatus" : "\"Modified\"",
"description" : "\"Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the \\\"KeyTrap\\\" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.\"",
"cvePublishedDate" : "\"2024-02-14T16:15:45.300\"",
"cveModifiedDate" : "\"2024-11-21T08:36:56.937\"",
"cveIngestedDate" : "2024-11-21 08:36:56.937+00",
"kernelLtsVersion" : null,
"kernelFixedVersion" : null,
"kernelIsFixed" : null,
"kernelIsRelevantSubsystem" : null,
"distro" : [ "gardenlinux", "gardenlinux", "gardenlinux", "gardenlinux", "gardenlinux", "gardenlinux", "gardenlinux", "gardenlinux", "gardenlinux", "gardenlinux", "gardenlinux" ],
"distroVersion" : [ "today", "today", "today", "today", "1592.4", "1592.4", "1592.4", "1592.4", "1592.5", "1592.5", "1592.5" ],
"isVulnerable" : [ false, false, false, false, false, false, false, false, false, false, false ],
"sourcePackageName" : [ "bind9", "dnsmasq", "systemd", "unbound", "bind9", "dnsmasq", "systemd", "unbound", "dnsmasq", "systemd", "unbound" ],
"sourcePackageVersion" : [ "1:9.19.24-2gl0", "2.90-5", "256.8-0gl0", "1.22.0-1", "1:9.20.0-2", "2.90-4", "256.4-2gardenlinux0", "1.20.0-1", "2.90-4", "256.4-2gardenlinux0", "1.20.0-1" ],
"versionFixed" : [ "1:9.19.21-1", "2.90-1", "255.4-1", "1.19.1-1", "1:9.19.21-1", "2.90-1", "255.4-1", "1.19.1-1", "2.90-1", "255.4-1", "1.19.1-1" ],
"baseScoreV40" : null,
"baseScoreV31" : 7.5,
"baseScoreV30" : null,
"baseScoreV2" : null,
"vectorStringV40" : null,
"vectorStringV31" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"vectorStringV30" : null,
"vectorStringV2" : null
},
"contexts" : [ {
"id" : 1,
"cveId" : "CVE-2023-50387",
"distId" : 14,
"createDate" : "2024-12-06 11:25:25.922465+00",
"useCase" : "dummy",
"scoreOverride" : null,
"description" : "automated dummy data",
"resolved" : true
} ]
}Linux Kernel CVEs
For CVEs affecting the Linux kernel, the response structure differs. Data is sourced from upstream kernel developers for LTS kernel versions in Garden Linux.
| For the Linux kernel, Garden Linux always builds LTS kernels directly from the upstream source, applying both Debian patches and custom patches as needed. Therefore, CVEs reported by Debian for the kernel do not directly apply. Instead, kernel vulnerability information is sourced from upstream kernel developers, and Debian kernel CVEs are ignored in Garden Linux. |
$ curl 'https://security.gardenlinux.org/v1/cveDetails/CVE-2025-21864' -i -X GET \
-H 'Accept: application/json'Example response:
HTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Date: Fri, 19 Dec 2025 14:36:13 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Content-Length: 3049
{
"details" : {
"cveId" : "CVE-2025-21864",
"vulnStatus" : "\"Analyzed\"",
"description" : "\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ntcp: drop secpath at the same time as we currently drop dst\\n\\nXiumei reported hitting the WARN in xfrm6_tunnel_net_exit while\\nrunning tests that boil down to:\\n - create a pair of netns\\n - run a basic TCP test over ipcomp6\\n - delete the pair of netns\\n\\nThe xfrm_state found on spi_byaddr was not deleted at the time we\\ndelete the netns, because we still have a reference on it. This\\nlingering reference comes from a secpath (which holds a ref on the\\nxfrm_state), which is still attached to an skb. This skb is not\\nleaked, it ends up on sk_receive_queue and then gets defer-free'd by\\nskb_attempt_defer_free.\\n\\nThe problem happens when we defer freeing an skb (push it on one CPU's\\ndefer_list), and don't flush that list before the netns is deleted. In\\nthat case, we still have a reference on the xfrm_state that we don't\\nexpect at this point.\\n\\nWe already drop the skb's dst in the TCP receive path when it's no\\nlonger needed, so let's also drop the secpath. At this point,\\ntcp_filter has already called into the LSM hooks that may require the\\nsecpath, so it should not be needed anymore. However, in some of those\\nplaces, the MPTCP extension has just been attached to the skb, so we\\ncannot simply drop all extensions.\"",
"cvePublishedDate" : "\"2025-03-12T10:15:19.520\"",
"cveModifiedDate" : "\"2025-03-13T21:13:34.190\"",
"cveIngestedDate" : "2025-03-13 21:13:34.19+00",
"kernelLtsVersion" : [ "6.6", "6.12" ],
"kernelFixedVersion" : [ "6.6.80", "6.12.17" ],
"kernelIsFixed" : [ true, true ],
"kernelIsRelevantSubsystem" : [ true, true ],
"distro" : [ "gardenlinux", "gardenlinux", "gardenlinux", "gardenlinux", "gardenlinux", "gardenlinux", "gardenlinux", "gardenlinux" ],
"distroVersion" : [ "today", "1592.4", "1592.5", "1592.6", "1592.7", "1443.18", "1443.19", "1592.8" ],
"isVulnerable" : [ false, true, true, true, false, false, false, false ],
"sourcePackageName" : [ "linux", "linux", "linux", "linux", "linux", "linux", "linux", "linux" ],
"sourcePackageVersion" : [ "6.12.23-1gl0", "6.6.63-0gl0~bp1592", "6.6.71-0gl0~bp1592", "6.6.78-0gl0~bp1592", "6.6.83-0gl0~bp1592", "6.6.80-0gl0~bp1443", "6.6.83-0gl0~bp1443", "6.6.84-0gl0~bp1592" ],
"versionFixed" : [ "6.6.80", "6.12.17" ],
"baseScoreV40" : null,
"baseScoreV31" : 5.5,
"baseScoreV30" : null,
"baseScoreV2" : null,
"vectorStringV40" : null,
"vectorStringV31" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"vectorStringV30" : null,
"vectorStringV2" : null
},
"contexts" : [ {
"id" : 3,
"cveId" : "CVE-2025-21864",
"distId" : 16,
"createDate" : "2024-12-06 11:25:25.922465+00",
"useCase" : "UNIT_TEST",
"scoreOverride" : null,
"description" : "Unit test for https://github.com/gardenlinux/glvd/issues/122",
"resolved" : false
} ]
}Get CVE Details for Non-Debian CVEs
For CVEs not present in the Debian Security Tracker, only basic information is provided.
$ curl 'https://security.gardenlinux.org/v1/cveDetails/CVE-2024-7344' -i -X GET \
-H 'Accept: application/json'Example response:
HTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Date: Fri, 19 Dec 2025 14:36:13 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Content-Length: 981
{
"details" : {
"cveId" : "CVE-2024-7344",
"vulnStatus" : "Analyzed",
"description" : "Howyar UEFI Application \"Reloader\" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path.",
"cvePublishedDate" : "2025-01-14T14:15:34.930",
"cveModifiedDate" : "2025-01-22T15:41:04.577",
"cveIngestedDate" : "2025-01-22 15:41:04.577+00",
"kernelLtsVersion" : null,
"kernelFixedVersion" : null,
"kernelIsFixed" : null,
"kernelIsRelevantSubsystem" : null,
"distro" : null,
"distroVersion" : null,
"isVulnerable" : null,
"sourcePackageName" : null,
"sourcePackageVersion" : null,
"versionFixed" : null,
"baseScoreV40" : null,
"baseScoreV31" : 8.2,
"baseScoreV30" : null,
"baseScoreV2" : null,
"vectorStringV40" : null,
"vectorStringV31" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"vectorStringV30" : null,
"vectorStringV2" : null
},
"contexts" : [ ]
}Garden Linux Release Data
List All Garden Linux Releases
Retrieve all known Garden Linux releases in GLVD.
$ curl 'https://security.gardenlinux.org/v1/gardenlinuxVersions' -i -X GET \
-H 'Accept: application/json'Example response:
HTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Date: Fri, 19 Dec 2025 14:36:12 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Content-Length: 181
[ "1443.18", "1443.19", "1443.20", "1443.21", "1592.10", "1592.11", "1592.4", "1592.5", "1592.6", "1592.7", "1592.8", "1592.9", "1877.0", "1877.1", "2000.0.0", "2000.1.0", "today" ]List Packages in a Distribution
Retrieve a list of packages for a given distribution.
$ curl 'https://security.gardenlinux.org/v1/distro/1592.4' -i -X GET \
-H 'Accept: application/json'Example response:
HTTP/1.1 200 OK
Content-Disposition: inline;filename=f.txt
Content-Type: application/json
Transfer-Encoding: chunked
Date: Fri, 19 Dec 2025 14:36:13 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Content-Length: 1294
[ {
"sourcePackageName" : "bind9",
"sourcePackageVersion" : "1:9.20.0-2",
"gardenlinuxVersion" : "1592.4"
}, {
"sourcePackageName" : "curl",
"sourcePackageVersion" : "8.11.0-1gl0",
"gardenlinuxVersion" : "1592.4"
}, {
"sourcePackageName" : "dnsmasq",
"sourcePackageVersion" : "2.90-4",
"gardenlinuxVersion" : "1592.4"
}, {
"sourcePackageName" : "golang-github-coreos-go-systemd",
"sourcePackageVersion" : "22.5.0-1",
"gardenlinuxVersion" : "1592.4"
}, {
"sourcePackageName" : "jinja2",
"sourcePackageVersion" : "3.1.3-1",
"gardenlinuxVersion" : "1592.4"
}, {
"sourcePackageName" : "python3.12",
"sourcePackageVersion" : "3.12.7-1gl1~bp1592",
"gardenlinuxVersion" : "1592.4"
}, {
"sourcePackageName" : "python-systemd",
"sourcePackageVersion" : "235-1",
"gardenlinuxVersion" : "1592.4"
}, {
"sourcePackageName" : "rsync",
"sourcePackageVersion" : "3.3.0-1",
"gardenlinuxVersion" : "1592.4"
}, {
"sourcePackageName" : "systemd",
"sourcePackageVersion" : "256.4-2gardenlinux0",
"gardenlinuxVersion" : "1592.4"
}, {
"sourcePackageName" : "systemd-cron",
"sourcePackageVersion" : "2.4.0-1",
"gardenlinuxVersion" : "1592.4"
}, {
"sourcePackageName" : "unbound",
"sourcePackageVersion" : "1.20.0-1",
"gardenlinuxVersion" : "1592.4"
} ]Get Release Notes
Retrieve information about fixed security vulnerabilities in a minor release of Garden Linux.
$ curl 'https://security.gardenlinux.org/v1/releaseNotes/2000.1.0' -i -X GET \
-H 'Accept: application/json'Example response:
HTTP/1.1 200 OK
Content-Disposition: inline;filename=f.txt
Content-Type: application/json
Transfer-Encoding: chunked
Date: Fri, 19 Dec 2025 14:36:13 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Content-Length: 195
{
"version" : "2000.1.0",
"packageList" : [ {
"sourcePackageName" : "util-linux",
"oldVersion" : "2.40.2-1",
"newVersion" : "2.42.0",
"fixedCves" : [ "CVE-2022-0563" ]
} ]
}