Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.grails/grails-core@1.2.4

Type maven

Namespace org.grails

Name grails-core

Version 1.2.4

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 3.3.10

Latest_non_vulnerable_version 6.1.0

Affected_by_vulnerabilities

url VCID-fbhx-m96w-6ycw

vulnerability_id VCID-fbhx-m96w-6ycw

summary

MITM vulnerability
Grails uses cleartext HTTP to resolve the SDKMan notification service.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-12728

reference_id

reference_type

scores

value	0.00151
scoring_system	epss
scoring_elements	0.35412
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-12728

reference_url

https://github.com/grails/grails-core/issues/11250

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/grails/grails-core/issues/11250

reference_url

https://objectcomputing.com/news/2019/05/30/possible-grails-mitm-vulnerability

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://objectcomputing.com/news/2019/05/30/possible-grails-mitm-vulnerability

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-12728

reference_id

CVE-2019-12728

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-12728

fixed_packages

url	pkg:maven/org.grails/grails-core@3.3.10
purl	pkg:maven/org.grails/grails-core@3.3.10
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.grails/grails-core@3.3.10

aliases CVE-2019-12728, GHSA-pmxf-4v8c-rwr7

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fbhx-m96w-6ycw

url VCID-km5j-a2bt-hfhq

vulnerability_id VCID-km5j-a2bt-hfhq

summary

Stored Cross Site Scripting in Grails Fields Plugin
Grails Fields plugin version 2.2.7 contains a Cross Site Scripting (XSS) vulnerability in using the display tag that can result in XSS. This vulnerability has been fixed in version 2.2.8.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-1000529

reference_id

reference_type

scores

value	0.00345
scoring_system	epss
scoring_elements	0.5728
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-1000529

reference_url

https://github.com/grails-fields-plugin/grails-fields

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/grails-fields-plugin/grails-fields

reference_url

https://github.com/grails-fields-plugin/grails-fields/issues/278

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/grails-fields-plugin/grails-fields/issues/278

reference_url

https://github.com/martinfrancois/CVE-2018-1000529

reference_id

CVE-2018-1000529

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/martinfrancois/CVE-2018-1000529

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-1000529

reference_id

CVE-2018-1000529

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-1000529

reference_url

https://github.com/advisories/GHSA-q25j-gcmv-5qpp

reference_id

GHSA-q25j-gcmv-5qpp

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-q25j-gcmv-5qpp

fixed_packages

url	pkg:maven/org.grails/grails-core@3.3.6
purl	pkg:maven/org.grails/grails-core@3.3.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.grails/grails-core@3.3.6

url	pkg:maven/org.grails/grails-core@3.3.10
purl	pkg:maven/org.grails/grails-core@3.3.10
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.grails/grails-core@3.3.10

aliases CVE-2018-1000529, GHSA-q25j-gcmv-5qpp

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-km5j-a2bt-hfhq

url VCID-p1x6-tbtm-kueg

vulnerability_id VCID-p1x6-tbtm-kueg

summary

Cross-Site Request Forgery (CSRF)
Cross-site request forgery (CSRF) vulnerability in Grails console (aka Grails Debug Console and Grails Web Console) allows remote attackers to hijack the authentication of users for requests that execute arbitrary Groovy code via unspecified vectors.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-6521

reference_id

reference_type

scores

value	0.00286
scoring_system	epss
scoring_elements	0.52251
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-6521

reference_url	https://github.com/sheehan/grails-console/issues/54
reference_id
reference_type
scores
url	https://github.com/sheehan/grails-console/issues/54

reference_url	https://github.com/sheehan/grails-console/issues/55
reference_id
reference_type
scores
url	https://github.com/sheehan/grails-console/issues/55

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2016-6521
reference_id	CVE-2016-6521
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2016-6521

fixed_packages

url pkg:maven/org.grails/grails-core@2.0.1

purl pkg:maven/org.grails/grails-core@2.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fbhx-m96w-6ycw

vulnerability	VCID-km5j-a2bt-hfhq

vulnerability	VCID-q12x-zezy-6qg9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.grails/grails-core@2.0.1

url pkg:maven/org.grails/grails-core@2.1.0

purl pkg:maven/org.grails/grails-core@2.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fbhx-m96w-6ycw

vulnerability	VCID-km5j-a2bt-hfhq

vulnerability	VCID-q12x-zezy-6qg9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.grails/grails-core@2.1.0

aliases CVE-2016-6521

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p1x6-tbtm-kueg

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.grails/grails-core@1.2.4

Package Instance