mercurial
Security Risk Profile
27
/100
lowSecurity Risk Score
Comprehensive risk assessment based on 21 vulnerabilities, EPSS scores, exploitation status, and remediation availability.
📅 Data spans from June 30, 2008 to present
21
Total CVEs
15
Critical+High
0
Exploited
0
Unpatched
Threat Assessment
Avg CVSS
8.2
Base severity
Avg EPSS
0%
Exploit probability
Unpatched
0
Critical/High
Risk Level
27/100
low
Severity Distribution
Critical
8High
7Medium
5Low
0Exploit Likelihood
>50% chance
020-50%
05-20%
0<5%
0Age Distribution
Common Weaknesses (CWE)
1
Input Validation
6
2
Path Traversal
2
3
OS Command Injection
2
4
XSS
1
5
Code Injection
1
Most Affected Products
1. Mercurial Mercurial21
2. pip/mercurial18
3. Debian Debian Linux18
4. redhat Enterprise Linux Server Eus12
5. git-scm Git10
Recent Vulnerabilities
See more →https://seclists.org/oss-sec/2025/q1/236
unknown
Mercurial 6.9.4 fixes CVE-2025-2361: XSS in hgweb
3/21/2025🔧 No Patch
CVE-2025-2361
CVSS 5.3medium
Mercurial SCM Web Interface cross site scripting
3/17/2025🔧 No Patch
CVE-2014-9390
CVSS 9.8critical
2/12/2020
CVE-2010-4237
CVSS 5.9medium
10/29/2019
CVE-2019-3902
CVSS 5.9medium
4/22/2019
CVE-2018-17983
CVSS 9.1critical
10/4/2018
CVE-2018-13348
CVSS 7.5high
7/6/2018
CVE-2018-13346
CVSS 7.5high
6/22/2018
CVE-2018-13347
CVSS 9.8critical
6/22/2018
CVE-2018-1000132
CVSS 9.1critical
3/8/2018
Monitor mercurial in Real-Time
Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.