Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/varnish@1.0.2-2
Typedeb
Namespacedebian
Namevarnish
Version1.0.2-2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version7.7.3-2
Latest_non_vulnerable_version7.7.3-2
Affected_by_vulnerabilities
0
url VCID-4fbk-5fwk-efbd
vulnerability_id VCID-4fbk-5fwk-efbd
summary security update
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8807.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8807.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-8807
reference_id
reference_type
scores
0
value 0.01307
scoring_system epss
scoring_elements 0.79808
published_at 2026-04-21T12:55:00Z
1
value 0.01307
scoring_system epss
scoring_elements 0.79799
published_at 2026-04-11T12:55:00Z
2
value 0.01307
scoring_system epss
scoring_elements 0.79783
published_at 2026-04-12T12:55:00Z
3
value 0.01307
scoring_system epss
scoring_elements 0.79776
published_at 2026-04-13T12:55:00Z
4
value 0.01307
scoring_system epss
scoring_elements 0.79803
published_at 2026-04-16T12:55:00Z
5
value 0.01307
scoring_system epss
scoring_elements 0.79805
published_at 2026-04-18T12:55:00Z
6
value 0.01748
scoring_system epss
scoring_elements 0.825
published_at 2026-04-07T12:55:00Z
7
value 0.01748
scoring_system epss
scoring_elements 0.82527
published_at 2026-04-08T12:55:00Z
8
value 0.01748
scoring_system epss
scoring_elements 0.82534
published_at 2026-04-09T12:55:00Z
9
value 0.01748
scoring_system epss
scoring_elements 0.82472
published_at 2026-04-01T12:55:00Z
10
value 0.01748
scoring_system epss
scoring_elements 0.82486
published_at 2026-04-02T12:55:00Z
11
value 0.01748
scoring_system epss
scoring_elements 0.82503
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-8807
2
reference_url https://bugs.debian.org/881808
reference_id
reference_type
scores
url https://bugs.debian.org/881808
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8807
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8807
4
reference_url https://github.com/varnishcache/varnish-cache/commit/176f8a075a963ffbfa56f1c460c15f6a1a6af5a7
reference_id
reference_type
scores
url https://github.com/varnishcache/varnish-cache/commit/176f8a075a963ffbfa56f1c460c15f6a1a6af5a7
5
reference_url https://github.com/varnishcache/varnish-cache/pull/2429
reference_id
reference_type
scores
url https://github.com/varnishcache/varnish-cache/pull/2429
6
reference_url https://www.debian.org/security/2017/dsa-4034
reference_id
reference_type
scores
url https://www.debian.org/security/2017/dsa-4034
7
reference_url http://varnish-cache.org/security/VSV00002.html
reference_id
reference_type
scores
url http://varnish-cache.org/security/VSV00002.html
8
reference_url http://www.securityfocus.com/bid/101886
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/101886
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1513523
reference_id 1513523
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1513523
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881808
reference_id 881808
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881808
11
reference_url https://security.archlinux.org/ASA-201711-29
reference_id ASA-201711-29
reference_type
scores
url https://security.archlinux.org/ASA-201711-29
12
reference_url https://security.archlinux.org/AVG-502
reference_id AVG-502
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-502
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish_cache_project:varnish_cache:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:varnish_cache_project:varnish_cache:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish_cache_project:varnish_cache:*:*:*:*:*:*:*:*
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-cache:varnish:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:varnish-cache:varnish:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-cache:varnish:*:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-8807
reference_id CVE-2017-8807
reference_type
scores
0
value 6.4
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:N/A:P
1
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
url https://nvd.nist.gov/vuln/detail/CVE-2017-8807
17
reference_url https://usn.ubuntu.com/USN-4824-1/
reference_id USN-USN-4824-1
reference_type
scores
url https://usn.ubuntu.com/USN-4824-1/
fixed_packages
0
url pkg:deb/debian/varnish@5.0.0-7%2Bdeb9u2
purl pkg:deb/debian/varnish@5.0.0-7%2Bdeb9u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4fbk-5fwk-efbd
1
vulnerability VCID-hery-ps62-9kf5
2
vulnerability VCID-hpb7-1n1t-n3em
3
vulnerability VCID-j1qj-kj7k-v7fx
4
vulnerability VCID-mbcb-cn8g-zfgw
5
vulnerability VCID-pww8-5fsd-1kcz
6
vulnerability VCID-r7t1-a958-d7dg
7
vulnerability VCID-rn5t-3pup-kbbv
8
vulnerability VCID-tnwn-h2wc-q7c4
9
vulnerability VCID-wm39-aehq-cyfb
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@5.0.0-7%252Bdeb9u2
1
url pkg:deb/debian/varnish@6.1.1-1%2Bdeb10u3
purl pkg:deb/debian/varnish@6.1.1-1%2Bdeb10u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hery-ps62-9kf5
1
vulnerability VCID-hpb7-1n1t-n3em
2
vulnerability VCID-j1qj-kj7k-v7fx
3
vulnerability VCID-mbcb-cn8g-zfgw
4
vulnerability VCID-pww8-5fsd-1kcz
5
vulnerability VCID-r7t1-a958-d7dg
6
vulnerability VCID-rn5t-3pup-kbbv
7
vulnerability VCID-wm39-aehq-cyfb
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@6.1.1-1%252Bdeb10u3
aliases CVE-2017-8807
risk_score 4.1
exploitability 0.5
weighted_severity 8.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4fbk-5fwk-efbd
1
url VCID-fgjt-z1kd-nbct
vulnerability_id VCID-fgjt-z1kd-nbct
summary 
Improper input validation in Varnish allows remote attackers to
    conduct HTTP smuggling attacks, and possibly trigger a buffer overflow.
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2016-05/msg00064.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2016-05/msg00064.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8852.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8852.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-8852
reference_id
reference_type
scores
0
value 0.0109
scoring_system epss
scoring_elements 0.7797
published_at 2026-04-21T12:55:00Z
1
value 0.0109
scoring_system epss
scoring_elements 0.77977
published_at 2026-04-18T12:55:00Z
2
value 0.0109
scoring_system epss
scoring_elements 0.77884
published_at 2026-04-01T12:55:00Z
3
value 0.0109
scoring_system epss
scoring_elements 0.7789
published_at 2026-04-02T12:55:00Z
4
value 0.0109
scoring_system epss
scoring_elements 0.77919
published_at 2026-04-04T12:55:00Z
5
value 0.0109
scoring_system epss
scoring_elements 0.77901
published_at 2026-04-07T12:55:00Z
6
value 0.0109
scoring_system epss
scoring_elements 0.77928
published_at 2026-04-08T12:55:00Z
7
value 0.0109
scoring_system epss
scoring_elements 0.77933
published_at 2026-04-09T12:55:00Z
8
value 0.0109
scoring_system epss
scoring_elements 0.77959
published_at 2026-04-11T12:55:00Z
9
value 0.0109
scoring_system epss
scoring_elements 0.77943
published_at 2026-04-13T12:55:00Z
10
value 0.0109
scoring_system epss
scoring_elements 0.77978
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-8852
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8852
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8852
4
reference_url https://github.com/varnish/Varnish-Cache/commit/29870c8fe95e4e8a672f6f28c5fbe692bea09e9c
reference_id
reference_type
scores
url https://github.com/varnish/Varnish-Cache/commit/29870c8fe95e4e8a672f6f28c5fbe692bea09e9c
5
reference_url https://github.com/varnish/Varnish-Cache/commit/85e8468bec9416bd7e16b0d80cb820ecd2b330c3
reference_id
reference_type
scores
url https://github.com/varnish/Varnish-Cache/commit/85e8468bec9416bd7e16b0d80cb820ecd2b330c3
6
reference_url https://www.varnish-cache.org/lists/pipermail/varnish-announce/2015-March/000701.html
reference_id
reference_type
scores
url https://www.varnish-cache.org/lists/pipermail/varnish-announce/2015-March/000701.html
7
reference_url http://www.debian.org/security/2016/dsa-3553
reference_id
reference_type
scores
url http://www.debian.org/security/2016/dsa-3553
8
reference_url http://www.openwall.com/lists/oss-security/2016/04/16/1
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2016/04/16/1
9
reference_url http://www.openwall.com/lists/oss-security/2016/04/18/7
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2016/04/18/7
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1328361
reference_id 1328361
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1328361
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783510
reference_id 783510
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783510
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.0:beta1:*:*:*:*:*:*
reference_id cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.0:beta1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.0:beta1:*:*:*:*:*:*
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.0:beta2:*:*:*:*:*:*
reference_id cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.0:beta2:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.0:beta2:*:*:*:*:*:*
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.1:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.2:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.3:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.4:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.5:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.6:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-8852
reference_id CVE-2015-8852
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:P/A:N
1
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://nvd.nist.gov/vuln/detail/CVE-2015-8852
22
reference_url https://security.gentoo.org/glsa/201607-10
reference_id GLSA-201607-10
reference_type
scores
url https://security.gentoo.org/glsa/201607-10
fixed_packages
0
url pkg:deb/debian/varnish@3.0.2-2%2Bdeb7u2
purl pkg:deb/debian/varnish@3.0.2-2%2Bdeb7u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4fbk-5fwk-efbd
1
vulnerability VCID-fgjt-z1kd-nbct
2
vulnerability VCID-hery-ps62-9kf5
3
vulnerability VCID-hpb7-1n1t-n3em
4
vulnerability VCID-j1qj-kj7k-v7fx
5
vulnerability VCID-mbcb-cn8g-zfgw
6
vulnerability VCID-ntj2-zryg-tubp
7
vulnerability VCID-pww8-5fsd-1kcz
8
vulnerability VCID-r7t1-a958-d7dg
9
vulnerability VCID-rn5t-3pup-kbbv
10
vulnerability VCID-tnwn-h2wc-q7c4
11
vulnerability VCID-wm39-aehq-cyfb
12
vulnerability VCID-z4zn-dpfs-j7cq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@3.0.2-2%252Bdeb7u2
1
url pkg:deb/debian/varnish@4.0.2-1
purl pkg:deb/debian/varnish@4.0.2-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4fbk-5fwk-efbd
1
vulnerability VCID-hery-ps62-9kf5
2
vulnerability VCID-hpb7-1n1t-n3em
3
vulnerability VCID-j1qj-kj7k-v7fx
4
vulnerability VCID-mbcb-cn8g-zfgw
5
vulnerability VCID-pww8-5fsd-1kcz
6
vulnerability VCID-r7t1-a958-d7dg
7
vulnerability VCID-rn5t-3pup-kbbv
8
vulnerability VCID-tnwn-h2wc-q7c4
9
vulnerability VCID-wm39-aehq-cyfb
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@4.0.2-1
aliases CVE-2015-8852
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fgjt-z1kd-nbct
2
url VCID-hery-ps62-9kf5
vulnerability_id VCID-hery-ps62-9kf5
summary varnish: denial of service handling certain crafted HTTP/1 requests
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00069.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00069.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00089.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00089.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15892.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15892.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-15892
reference_id
reference_type
scores
0
value 0.05554
scoring_system epss
scoring_elements 0.90232
published_at 2026-04-01T12:55:00Z
1
value 0.05554
scoring_system epss
scoring_elements 0.90289
published_at 2026-04-21T12:55:00Z
2
value 0.05554
scoring_system epss
scoring_elements 0.90276
published_at 2026-04-13T12:55:00Z
3
value 0.05554
scoring_system epss
scoring_elements 0.90292
published_at 2026-04-18T12:55:00Z
4
value 0.05554
scoring_system epss
scoring_elements 0.90234
published_at 2026-04-02T12:55:00Z
5
value 0.05554
scoring_system epss
scoring_elements 0.90247
published_at 2026-04-04T12:55:00Z
6
value 0.05554
scoring_system epss
scoring_elements 0.90252
published_at 2026-04-07T12:55:00Z
7
value 0.05554
scoring_system epss
scoring_elements 0.90267
published_at 2026-04-08T12:55:00Z
8
value 0.05554
scoring_system epss
scoring_elements 0.90274
published_at 2026-04-09T12:55:00Z
9
value 0.05554
scoring_system epss
scoring_elements 0.90283
published_at 2026-04-11T12:55:00Z
10
value 0.05554
scoring_system epss
scoring_elements 0.90282
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-15892
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15892
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15892
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3OEOCYRU43TWEU2C65F3D6GK64MSWNNK/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3OEOCYRU43TWEU2C65F3D6GK64MSWNNK/
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DBAQF6UDRSTURGINIMSMLJR4PTDYWA7C/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DBAQF6UDRSTURGINIMSMLJR4PTDYWA7C/
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KLSF54TDJWJLINIFEW5V5BKDNY5EQRR3/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KLSF54TDJWJLINIFEW5V5BKDNY5EQRR3/
8
reference_url https://seclists.org/bugtraq/2019/Sep/5
reference_id
reference_type
scores
url https://seclists.org/bugtraq/2019/Sep/5
9
reference_url https://varnish-cache.org/security/VSV00003.html
reference_id
reference_type
scores
url https://varnish-cache.org/security/VSV00003.html
10
reference_url https://www.debian.org/security/2019/dsa-4514
reference_id
reference_type
scores
url https://www.debian.org/security/2019/dsa-4514
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1756079
reference_id 1756079
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1756079
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939333
reference_id 939333
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939333
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish_cache_project:varnish_cache:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:varnish_cache_project:varnish_cache:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish_cache_project:varnish_cache:*:*:*:*:*:*:*:*
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:lts:*:*:*
reference_id cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:lts:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:lts:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-15892
reference_id CVE-2019-15892
reference_type
scores
0
value 7.8
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:N/A:C
1
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://nvd.nist.gov/vuln/detail/CVE-2019-15892
17
reference_url https://access.redhat.com/errata/RHSA-2020:4756
reference_id RHSA-2020:4756
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4756
fixed_packages
0
url pkg:deb/debian/varnish@6.1.1-1%2Bdeb10u3
purl pkg:deb/debian/varnish@6.1.1-1%2Bdeb10u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hery-ps62-9kf5
1
vulnerability VCID-hpb7-1n1t-n3em
2
vulnerability VCID-j1qj-kj7k-v7fx
3
vulnerability VCID-mbcb-cn8g-zfgw
4
vulnerability VCID-pww8-5fsd-1kcz
5
vulnerability VCID-r7t1-a958-d7dg
6
vulnerability VCID-rn5t-3pup-kbbv
7
vulnerability VCID-wm39-aehq-cyfb
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@6.1.1-1%252Bdeb10u3
1
url pkg:deb/debian/varnish@6.5.1-1%2Bdeb11u3
purl pkg:deb/debian/varnish@6.5.1-1%2Bdeb11u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5781-s1ny-q7ey
1
vulnerability VCID-cmeu-b3fh-hkaf
2
vulnerability VCID-djsh-vmzh-sbe7
3
vulnerability VCID-j1qj-kj7k-v7fx
4
vulnerability VCID-pww8-5fsd-1kcz
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@6.5.1-1%252Bdeb11u3
aliases CVE-2019-15892
risk_score 3.5
exploitability 0.5
weighted_severity 7.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hery-ps62-9kf5
3
url VCID-hpb7-1n1t-n3em
vulnerability_id VCID-hpb7-1n1t-n3em
summary varnish: Request Forgery Vulnerability
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45060.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45060.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-45060
reference_id
reference_type
scores
0
value 0.00952
scoring_system epss
scoring_elements 0.76339
published_at 2026-04-02T12:55:00Z
1
value 0.00952
scoring_system epss
scoring_elements 0.76424
published_at 2026-04-21T12:55:00Z
2
value 0.00952
scoring_system epss
scoring_elements 0.76369
published_at 2026-04-04T12:55:00Z
3
value 0.00952
scoring_system epss
scoring_elements 0.76349
published_at 2026-04-07T12:55:00Z
4
value 0.00952
scoring_system epss
scoring_elements 0.76381
published_at 2026-04-08T12:55:00Z
5
value 0.00952
scoring_system epss
scoring_elements 0.76395
published_at 2026-04-09T12:55:00Z
6
value 0.00952
scoring_system epss
scoring_elements 0.7642
published_at 2026-04-11T12:55:00Z
7
value 0.00952
scoring_system epss
scoring_elements 0.76398
published_at 2026-04-12T12:55:00Z
8
value 0.00952
scoring_system epss
scoring_elements 0.76393
published_at 2026-04-13T12:55:00Z
9
value 0.00952
scoring_system epss
scoring_elements 0.76433
published_at 2026-04-16T12:55:00Z
10
value 0.00952
scoring_system epss
scoring_elements 0.76439
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-45060
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45060
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45060
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023751
reference_id 1023751
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023751
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2141844
reference_id 2141844
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2141844
5
reference_url https://www.debian.org/security/2023/dsa-5334
reference_id dsa-5334
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:28:14Z/
url https://www.debian.org/security/2023/dsa-5334
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6ZMOZVBLZXHEV5VRW4I4SOWLQEK5OF5/
reference_id G6ZMOZVBLZXHEV5VRW4I4SOWLQEK5OF5
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:28:14Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6ZMOZVBLZXHEV5VRW4I4SOWLQEK5OF5/
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M4KVVCIQVINQQ2D7ORNARSYALMJUMP3I/
reference_id M4KVVCIQVINQQ2D7ORNARSYALMJUMP3I
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:28:14Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M4KVVCIQVINQQ2D7ORNARSYALMJUMP3I/
8
reference_url https://access.redhat.com/errata/RHSA-2022:8643
reference_id RHSA-2022:8643
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8643
9
reference_url https://access.redhat.com/errata/RHSA-2022:8644
reference_id RHSA-2022:8644
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8644
10
reference_url https://access.redhat.com/errata/RHSA-2022:8645
reference_id RHSA-2022:8645
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8645
11
reference_url https://access.redhat.com/errata/RHSA-2022:8646
reference_id RHSA-2022:8646
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8646
12
reference_url https://access.redhat.com/errata/RHSA-2022:8647
reference_id RHSA-2022:8647
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8647
13
reference_url https://access.redhat.com/errata/RHSA-2022:8649
reference_id RHSA-2022:8649
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8649
14
reference_url https://access.redhat.com/errata/RHSA-2022:8650
reference_id RHSA-2022:8650
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8650
15
reference_url https://access.redhat.com/errata/RHSA-2023:0673
reference_id RHSA-2023:0673
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0673
16
reference_url https://usn.ubuntu.com/7372-1/
reference_id USN-7372-1
reference_type
scores
url https://usn.ubuntu.com/7372-1/
17
reference_url https://docs.varnish-software.com/security/VSV00011
reference_id VSV00011
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:28:14Z/
url https://docs.varnish-software.com/security/VSV00011
18
reference_url https://varnish-cache.org/security/VSV00011.html
reference_id VSV00011.html
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:28:14Z/
url https://varnish-cache.org/security/VSV00011.html
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XGF6LFTHXCSYMYUX5HLMVXQH3WHCSFLU/
reference_id XGF6LFTHXCSYMYUX5HLMVXQH3WHCSFLU
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:28:14Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XGF6LFTHXCSYMYUX5HLMVXQH3WHCSFLU/
fixed_packages
0
url pkg:deb/debian/varnish@6.5.1-1%2Bdeb11u3
purl pkg:deb/debian/varnish@6.5.1-1%2Bdeb11u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5781-s1ny-q7ey
1
vulnerability VCID-cmeu-b3fh-hkaf
2
vulnerability VCID-djsh-vmzh-sbe7
3
vulnerability VCID-j1qj-kj7k-v7fx
4
vulnerability VCID-pww8-5fsd-1kcz
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@6.5.1-1%252Bdeb11u3
aliases CVE-2022-45060, VSV00011
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hpb7-1n1t-n3em
4
url VCID-j1qj-kj7k-v7fx
vulnerability_id VCID-j1qj-kj7k-v7fx
summary varnish: request smuggling attacks
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47905.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47905.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-47905
reference_id
reference_type
scores
0
value 0.0029
scoring_system epss
scoring_elements 0.5241
published_at 2026-04-02T12:55:00Z
1
value 0.0029
scoring_system epss
scoring_elements 0.52499
published_at 2026-04-21T12:55:00Z
2
value 0.0029
scoring_system epss
scoring_elements 0.52468
published_at 2026-04-13T12:55:00Z
3
value 0.0029
scoring_system epss
scoring_elements 0.52508
published_at 2026-04-16T12:55:00Z
4
value 0.0029
scoring_system epss
scoring_elements 0.52514
published_at 2026-04-18T12:55:00Z
5
value 0.0029
scoring_system epss
scoring_elements 0.52438
published_at 2026-04-04T12:55:00Z
6
value 0.0029
scoring_system epss
scoring_elements 0.52402
published_at 2026-04-07T12:55:00Z
7
value 0.0029
scoring_system epss
scoring_elements 0.52455
published_at 2026-04-08T12:55:00Z
8
value 0.0029
scoring_system epss
scoring_elements 0.52449
published_at 2026-04-09T12:55:00Z
9
value 0.0029
scoring_system epss
scoring_elements 0.52501
published_at 2026-04-11T12:55:00Z
10
value 0.0029
scoring_system epss
scoring_elements 0.52485
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-47905
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47905
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47905
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2364235
reference_id 2364235
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2364235
4
reference_url https://security.archlinux.org/ASA-202505-13
reference_id ASA-202505-13
reference_type
scores
url https://security.archlinux.org/ASA-202505-13
5
reference_url https://security.archlinux.org/AVG-2879
reference_id AVG-2879
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2879
6
reference_url https://access.redhat.com/errata/RHSA-2025:8294
reference_id RHSA-2025:8294
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8294
7
reference_url https://access.redhat.com/errata/RHSA-2025:8310
reference_id RHSA-2025:8310
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8310
8
reference_url https://access.redhat.com/errata/RHSA-2025:8336
reference_id RHSA-2025:8336
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8336
9
reference_url https://access.redhat.com/errata/RHSA-2025:8337
reference_id RHSA-2025:8337
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8337
10
reference_url https://access.redhat.com/errata/RHSA-2025:8339
reference_id RHSA-2025:8339
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8339
11
reference_url https://access.redhat.com/errata/RHSA-2025:8340
reference_id RHSA-2025:8340
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8340
12
reference_url https://access.redhat.com/errata/RHSA-2025:8349
reference_id RHSA-2025:8349
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8349
13
reference_url https://access.redhat.com/errata/RHSA-2025:8350
reference_id RHSA-2025:8350
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8350
14
reference_url https://access.redhat.com/errata/RHSA-2025:8351
reference_id RHSA-2025:8351
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8351
15
reference_url https://access.redhat.com/errata/RHSA-2025:8550
reference_id RHSA-2025:8550
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8550
16
reference_url https://varnish-cache.org/security/VSV00016.html
reference_id VSV00016.html
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-14T14:15:16Z/
url https://varnish-cache.org/security/VSV00016.html
fixed_packages
0
url pkg:deb/debian/varnish@7.1.1-2%2Bdeb12u1
purl pkg:deb/debian/varnish@7.1.1-2%2Bdeb12u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5781-s1ny-q7ey
1
vulnerability VCID-cmeu-b3fh-hkaf
2
vulnerability VCID-djsh-vmzh-sbe7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@7.1.1-2%252Bdeb12u1
aliases CVE-2025-47905, VSV00016
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j1qj-kj7k-v7fx
5
url VCID-mbcb-cn8g-zfgw
vulnerability_id VCID-mbcb-cn8g-zfgw
summary varnish: HTTP/1 request smuggling vulnerability
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23959.json
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23959.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-23959
reference_id
reference_type
scores
0
value 0.00346
scoring_system epss
scoring_elements 0.57151
published_at 2026-04-02T12:55:00Z
1
value 0.00346
scoring_system epss
scoring_elements 0.57174
published_at 2026-04-04T12:55:00Z
2
value 0.00346
scoring_system epss
scoring_elements 0.57152
published_at 2026-04-07T12:55:00Z
3
value 0.00346
scoring_system epss
scoring_elements 0.57203
published_at 2026-04-08T12:55:00Z
4
value 0.00346
scoring_system epss
scoring_elements 0.57205
published_at 2026-04-16T12:55:00Z
5
value 0.00346
scoring_system epss
scoring_elements 0.57217
published_at 2026-04-11T12:55:00Z
6
value 0.00346
scoring_system epss
scoring_elements 0.57198
published_at 2026-04-12T12:55:00Z
7
value 0.00346
scoring_system epss
scoring_elements 0.57178
published_at 2026-04-13T12:55:00Z
8
value 0.00346
scoring_system epss
scoring_elements 0.57202
published_at 2026-04-18T12:55:00Z
9
value 0.00346
scoring_system epss
scoring_elements 0.57182
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-23959
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36740
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36740
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23959
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23959
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004433
reference_id 1004433
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004433
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2045031
reference_id 2045031
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2045031
7
reference_url https://access.redhat.com/errata/RHSA-2022:0418
reference_id RHSA-2022:0418
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0418
8
reference_url https://access.redhat.com/errata/RHSA-2022:0420
reference_id RHSA-2022:0420
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0420
9
reference_url https://access.redhat.com/errata/RHSA-2022:0421
reference_id RHSA-2022:0421
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0421
10
reference_url https://access.redhat.com/errata/RHSA-2022:0422
reference_id RHSA-2022:0422
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0422
11
reference_url https://access.redhat.com/errata/RHSA-2022:4745
reference_id RHSA-2022:4745
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4745
12
reference_url https://usn.ubuntu.com/5474-1/
reference_id USN-5474-1
reference_type
scores
url https://usn.ubuntu.com/5474-1/
fixed_packages
0
url pkg:deb/debian/varnish@6.1.1-1%2Bdeb10u3
purl pkg:deb/debian/varnish@6.1.1-1%2Bdeb10u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hery-ps62-9kf5
1
vulnerability VCID-hpb7-1n1t-n3em
2
vulnerability VCID-j1qj-kj7k-v7fx
3
vulnerability VCID-mbcb-cn8g-zfgw
4
vulnerability VCID-pww8-5fsd-1kcz
5
vulnerability VCID-r7t1-a958-d7dg
6
vulnerability VCID-rn5t-3pup-kbbv
7
vulnerability VCID-wm39-aehq-cyfb
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@6.1.1-1%252Bdeb10u3
1
url pkg:deb/debian/varnish@6.5.1-1%2Bdeb11u3
purl pkg:deb/debian/varnish@6.5.1-1%2Bdeb11u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5781-s1ny-q7ey
1
vulnerability VCID-cmeu-b3fh-hkaf
2
vulnerability VCID-djsh-vmzh-sbe7
3
vulnerability VCID-j1qj-kj7k-v7fx
4
vulnerability VCID-pww8-5fsd-1kcz
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@6.5.1-1%252Bdeb11u3
aliases CVE-2022-23959
risk_score 4.1
exploitability 0.5
weighted_severity 8.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mbcb-cn8g-zfgw
6
url VCID-nrzf-yt7d-x7dh
vulnerability_id VCID-nrzf-yt7d-x7dh
summary The Command Line Interface (aka Server CLI or administration interface) in the master process in the reverse proxy server in Varnish before 2.1.0 does not require authentication for commands received through a TCP port, which allows remote attackers to (1) execute arbitrary code via a vcl.inline directive that provides a VCL configuration file containing inline C code; (2) change the ownership of the master process via param.set, stop, and start directives; (3) read the initial line of an arbitrary file via a vcl.load directive; or (4) conduct cross-site request forgery (CSRF) attacks that leverage a victim's location on a trusted network and improper input validation of directives. NOTE: the vendor disputes this report, saying that it is "fundamentally misguided and pointless.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2009-2936
reference_id
reference_type
scores
0
value 0.6839
scoring_system epss
scoring_elements 0.98594
published_at 2026-04-01T12:55:00Z
1
value 0.6839
scoring_system epss
scoring_elements 0.98596
published_at 2026-04-02T12:55:00Z
2
value 0.6839
scoring_system epss
scoring_elements 0.98599
published_at 2026-04-04T12:55:00Z
3
value 0.6839
scoring_system epss
scoring_elements 0.98601
published_at 2026-04-07T12:55:00Z
4
value 0.6839
scoring_system epss
scoring_elements 0.98603
published_at 2026-04-08T12:55:00Z
5
value 0.6839
scoring_system epss
scoring_elements 0.98605
published_at 2026-04-09T12:55:00Z
6
value 0.6839
scoring_system epss
scoring_elements 0.98607
published_at 2026-04-12T12:55:00Z
7
value 0.6839
scoring_system epss
scoring_elements 0.98608
published_at 2026-04-13T12:55:00Z
8
value 0.6839
scoring_system epss
scoring_elements 0.98613
published_at 2026-04-21T12:55:00Z
9
value 0.6839
scoring_system epss
scoring_elements 0.98614
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2009-2936
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2936
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2936
2
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/35581.rb
reference_id CVE-2009-2936;OSVDB-67670
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/35581.rb
fixed_packages
0
url pkg:deb/debian/varnish@2.1.3-8%2Bdeb6u2
purl pkg:deb/debian/varnish@2.1.3-8%2Bdeb6u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4fbk-5fwk-efbd
1
vulnerability VCID-fgjt-z1kd-nbct
2
vulnerability VCID-hery-ps62-9kf5
3
vulnerability VCID-hpb7-1n1t-n3em
4
vulnerability VCID-j1qj-kj7k-v7fx
5
vulnerability VCID-mbcb-cn8g-zfgw
6
vulnerability VCID-ntj2-zryg-tubp
7
vulnerability VCID-pww8-5fsd-1kcz
8
vulnerability VCID-r7t1-a958-d7dg
9
vulnerability VCID-rn5t-3pup-kbbv
10
vulnerability VCID-tnwn-h2wc-q7c4
11
vulnerability VCID-wm39-aehq-cyfb
12
vulnerability VCID-z4zn-dpfs-j7cq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@2.1.3-8%252Bdeb6u2
aliases CVE-2009-2936
risk_score 1.2
exploitability 2.0
weighted_severity 0.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nrzf-yt7d-x7dh
7
url VCID-ntj2-zryg-tubp
vulnerability_id VCID-ntj2-zryg-tubp
summary Varnish HTTP cache before 3.0.4: ACL bug
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-4090
reference_id
reference_type
scores
0
value 0.00351
scoring_system epss
scoring_elements 0.57446
published_at 2026-04-01T12:55:00Z
1
value 0.00351
scoring_system epss
scoring_elements 0.57529
published_at 2026-04-02T12:55:00Z
2
value 0.00351
scoring_system epss
scoring_elements 0.57551
published_at 2026-04-04T12:55:00Z
3
value 0.00351
scoring_system epss
scoring_elements 0.57526
published_at 2026-04-07T12:55:00Z
4
value 0.00351
scoring_system epss
scoring_elements 0.57579
published_at 2026-04-08T12:55:00Z
5
value 0.00351
scoring_system epss
scoring_elements 0.57583
published_at 2026-04-09T12:55:00Z
6
value 0.00351
scoring_system epss
scoring_elements 0.57598
published_at 2026-04-11T12:55:00Z
7
value 0.00351
scoring_system epss
scoring_elements 0.57578
published_at 2026-04-12T12:55:00Z
8
value 0.00351
scoring_system epss
scoring_elements 0.57556
published_at 2026-04-13T12:55:00Z
9
value 0.00351
scoring_system epss
scoring_elements 0.57584
published_at 2026-04-16T12:55:00Z
10
value 0.00351
scoring_system epss
scoring_elements 0.5758
published_at 2026-04-18T12:55:00Z
11
value 0.00351
scoring_system epss
scoring_elements 0.5756
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-4090
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4090
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4090
fixed_packages
0
url pkg:deb/debian/varnish@4.0.2-1
purl pkg:deb/debian/varnish@4.0.2-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4fbk-5fwk-efbd
1
vulnerability VCID-hery-ps62-9kf5
2
vulnerability VCID-hpb7-1n1t-n3em
3
vulnerability VCID-j1qj-kj7k-v7fx
4
vulnerability VCID-mbcb-cn8g-zfgw
5
vulnerability VCID-pww8-5fsd-1kcz
6
vulnerability VCID-r7t1-a958-d7dg
7
vulnerability VCID-rn5t-3pup-kbbv
8
vulnerability VCID-tnwn-h2wc-q7c4
9
vulnerability VCID-wm39-aehq-cyfb
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@4.0.2-1
aliases CVE-2013-4090
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ntj2-zryg-tubp
8
url VCID-pww8-5fsd-1kcz
vulnerability_id VCID-pww8-5fsd-1kcz
summary varnish: Client-Side Desynchronization in Varnish Cache
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-30346.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-30346.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-30346
reference_id
reference_type
scores
0
value 0.00168
scoring_system epss
scoring_elements 0.38043
published_at 2026-04-02T12:55:00Z
1
value 0.00168
scoring_system epss
scoring_elements 0.37927
published_at 2026-04-21T12:55:00Z
2
value 0.00168
scoring_system epss
scoring_elements 0.37964
published_at 2026-04-13T12:55:00Z
3
value 0.00168
scoring_system epss
scoring_elements 0.38009
published_at 2026-04-16T12:55:00Z
4
value 0.00168
scoring_system epss
scoring_elements 0.38067
published_at 2026-04-04T12:55:00Z
5
value 0.00168
scoring_system epss
scoring_elements 0.37947
published_at 2026-04-07T12:55:00Z
6
value 0.00168
scoring_system epss
scoring_elements 0.37998
published_at 2026-04-08T12:55:00Z
7
value 0.00168
scoring_system epss
scoring_elements 0.38008
published_at 2026-04-09T12:55:00Z
8
value 0.00168
scoring_system epss
scoring_elements 0.38025
published_at 2026-04-11T12:55:00Z
9
value 0.00168
scoring_system epss
scoring_elements 0.37989
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-30346
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30346
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30346
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2354008
reference_id 2354008
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2354008
4
reference_url https://varnish-cache.org/security/VSV00015.html
reference_id VSV00015.html
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T14:00:05Z/
url https://varnish-cache.org/security/VSV00015.html
fixed_packages
0
url pkg:deb/debian/varnish@7.1.1-2%2Bdeb12u1
purl pkg:deb/debian/varnish@7.1.1-2%2Bdeb12u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5781-s1ny-q7ey
1
vulnerability VCID-cmeu-b3fh-hkaf
2
vulnerability VCID-djsh-vmzh-sbe7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@7.1.1-2%252Bdeb12u1
aliases CVE-2025-30346, VSV00015
risk_score 2.5
exploitability 0.5
weighted_severity 4.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pww8-5fsd-1kcz
9
url VCID-r7t1-a958-d7dg
vulnerability_id VCID-r7t1-a958-d7dg
summary varnish: HTTP/2 request smuggling attack via a large Content-Length header for a POST request
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36740.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36740.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-36740
reference_id
reference_type
scores
0
value 0.00708
scoring_system epss
scoring_elements 0.72142
published_at 2026-04-01T12:55:00Z
1
value 0.00708
scoring_system epss
scoring_elements 0.72224
published_at 2026-04-21T12:55:00Z
2
value 0.00708
scoring_system epss
scoring_elements 0.72228
published_at 2026-04-16T12:55:00Z
3
value 0.00708
scoring_system epss
scoring_elements 0.72238
published_at 2026-04-18T12:55:00Z
4
value 0.00708
scoring_system epss
scoring_elements 0.72147
published_at 2026-04-02T12:55:00Z
5
value 0.00708
scoring_system epss
scoring_elements 0.72167
published_at 2026-04-04T12:55:00Z
6
value 0.00708
scoring_system epss
scoring_elements 0.72145
published_at 2026-04-07T12:55:00Z
7
value 0.00708
scoring_system epss
scoring_elements 0.72182
published_at 2026-04-08T12:55:00Z
8
value 0.00708
scoring_system epss
scoring_elements 0.72194
published_at 2026-04-09T12:55:00Z
9
value 0.00708
scoring_system epss
scoring_elements 0.72216
published_at 2026-04-11T12:55:00Z
10
value 0.00708
scoring_system epss
scoring_elements 0.722
published_at 2026-04-12T12:55:00Z
11
value 0.00708
scoring_system epss
scoring_elements 0.72186
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-36740
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36740
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36740
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23959
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23959
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1982409
reference_id 1982409
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1982409
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991040
reference_id 991040
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991040
7
reference_url https://security.archlinux.org/ASA-202107-28
reference_id ASA-202107-28
reference_type
scores
url https://security.archlinux.org/ASA-202107-28
8
reference_url https://security.archlinux.org/AVG-2154
reference_id AVG-2154
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2154
9
reference_url https://access.redhat.com/errata/RHSA-2021:2988
reference_id RHSA-2021:2988
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2988
10
reference_url https://access.redhat.com/errata/RHSA-2021:2993
reference_id RHSA-2021:2993
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2993
11
reference_url https://usn.ubuntu.com/5474-1/
reference_id USN-5474-1
reference_type
scores
url https://usn.ubuntu.com/5474-1/
fixed_packages
0
url pkg:deb/debian/varnish@6.1.1-1%2Bdeb10u3
purl pkg:deb/debian/varnish@6.1.1-1%2Bdeb10u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hery-ps62-9kf5
1
vulnerability VCID-hpb7-1n1t-n3em
2
vulnerability VCID-j1qj-kj7k-v7fx
3
vulnerability VCID-mbcb-cn8g-zfgw
4
vulnerability VCID-pww8-5fsd-1kcz
5
vulnerability VCID-r7t1-a958-d7dg
6
vulnerability VCID-rn5t-3pup-kbbv
7
vulnerability VCID-wm39-aehq-cyfb
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@6.1.1-1%252Bdeb10u3
1
url pkg:deb/debian/varnish@6.5.1-1%2Bdeb11u3
purl pkg:deb/debian/varnish@6.5.1-1%2Bdeb11u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5781-s1ny-q7ey
1
vulnerability VCID-cmeu-b3fh-hkaf
2
vulnerability VCID-djsh-vmzh-sbe7
3
vulnerability VCID-j1qj-kj7k-v7fx
4
vulnerability VCID-pww8-5fsd-1kcz
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@6.5.1-1%252Bdeb11u3
aliases CVE-2021-36740
risk_score 3.6
exploitability 0.5
weighted_severity 7.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r7t1-a958-d7dg
10
url VCID-rn5t-3pup-kbbv
vulnerability_id VCID-rn5t-3pup-kbbv
summary varnish: not clearing pointer between two client requests leads to information disclosure
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00026.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00026.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00031.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00031.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20637.json
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20637.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-20637
reference_id
reference_type
scores
0
value 0.00478
scoring_system epss
scoring_elements 0.64878
published_at 2026-04-01T12:55:00Z
1
value 0.00478
scoring_system epss
scoring_elements 0.64994
published_at 2026-04-21T12:55:00Z
2
value 0.00478
scoring_system epss
scoring_elements 0.64999
published_at 2026-04-16T12:55:00Z
3
value 0.00478
scoring_system epss
scoring_elements 0.6501
published_at 2026-04-18T12:55:00Z
4
value 0.00478
scoring_system epss
scoring_elements 0.64927
published_at 2026-04-02T12:55:00Z
5
value 0.00478
scoring_system epss
scoring_elements 0.64955
published_at 2026-04-04T12:55:00Z
6
value 0.00478
scoring_system epss
scoring_elements 0.64918
published_at 2026-04-07T12:55:00Z
7
value 0.00478
scoring_system epss
scoring_elements 0.64968
published_at 2026-04-08T12:55:00Z
8
value 0.00478
scoring_system epss
scoring_elements 0.64982
published_at 2026-04-09T12:55:00Z
9
value 0.00478
scoring_system epss
scoring_elements 0.65
published_at 2026-04-11T12:55:00Z
10
value 0.00478
scoring_system epss
scoring_elements 0.6499
published_at 2026-04-12T12:55:00Z
11
value 0.00478
scoring_system epss
scoring_elements 0.64962
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-20637
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20637
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20637
5
reference_url http://varnish-cache.org/security/VSV00004.html#vsv00004
reference_id
reference_type
scores
url http://varnish-cache.org/security/VSV00004.html#vsv00004
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1772362
reference_id 1772362
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1772362
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=956305
reference_id 956305
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=956305
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*
reference_id cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-cache:varnish_cache:*:*:*:*:-:*:*:*
reference_id cpe:2.3:a:varnish-cache:varnish_cache:*:*:*:*:-:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-cache:varnish_cache:*:*:*:*:-:*:*:*
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:lts:*:*:*
reference_id cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:lts:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:lts:*:*:*
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
reference_id cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-20637
reference_id CVE-2019-20637
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://nvd.nist.gov/vuln/detail/CVE-2019-20637
13
reference_url https://access.redhat.com/errata/RHSA-2020:4756
reference_id RHSA-2020:4756
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4756
14
reference_url https://usn.ubuntu.com/5474-1/
reference_id USN-5474-1
reference_type
scores
url https://usn.ubuntu.com/5474-1/
fixed_packages
0
url pkg:deb/debian/varnish@6.5.1-1%2Bdeb11u3
purl pkg:deb/debian/varnish@6.5.1-1%2Bdeb11u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5781-s1ny-q7ey
1
vulnerability VCID-cmeu-b3fh-hkaf
2
vulnerability VCID-djsh-vmzh-sbe7
3
vulnerability VCID-j1qj-kj7k-v7fx
4
vulnerability VCID-pww8-5fsd-1kcz
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@6.5.1-1%252Bdeb11u3
aliases CVE-2019-20637
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rn5t-3pup-kbbv
11
url VCID-tnwn-h2wc-q7c4
vulnerability_id VCID-tnwn-h2wc-q7c4
summary security update
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12425.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12425.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-12425
reference_id
reference_type
scores
0
value 0.01046
scoring_system epss
scoring_elements 0.77435
published_at 2026-04-01T12:55:00Z
1
value 0.01046
scoring_system epss
scoring_elements 0.77441
published_at 2026-04-02T12:55:00Z
2
value 0.01046
scoring_system epss
scoring_elements 0.77467
published_at 2026-04-04T12:55:00Z
3
value 0.01046
scoring_system epss
scoring_elements 0.77447
published_at 2026-04-07T12:55:00Z
4
value 0.01046
scoring_system epss
scoring_elements 0.77476
published_at 2026-04-08T12:55:00Z
5
value 0.01046
scoring_system epss
scoring_elements 0.77486
published_at 2026-04-09T12:55:00Z
6
value 0.01046
scoring_system epss
scoring_elements 0.77512
published_at 2026-04-11T12:55:00Z
7
value 0.01046
scoring_system epss
scoring_elements 0.77492
published_at 2026-04-12T12:55:00Z
8
value 0.01046
scoring_system epss
scoring_elements 0.77489
published_at 2026-04-13T12:55:00Z
9
value 0.01046
scoring_system epss
scoring_elements 0.77528
published_at 2026-04-16T12:55:00Z
10
value 0.01046
scoring_system epss
scoring_elements 0.77525
published_at 2026-04-18T12:55:00Z
11
value 0.01046
scoring_system epss
scoring_elements 0.77517
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-12425
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12425
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12425
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1477222
reference_id 1477222
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1477222
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870467
reference_id 870467
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870467
5
reference_url https://security.archlinux.org/ASA-201708-4
reference_id ASA-201708-4
reference_type
scores
url https://security.archlinux.org/ASA-201708-4
6
reference_url https://security.archlinux.org/AVG-374
reference_id AVG-374
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-374
fixed_packages
0
url pkg:deb/debian/varnish@4.0.2-1%2Bdeb8u1
purl pkg:deb/debian/varnish@4.0.2-1%2Bdeb8u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4fbk-5fwk-efbd
1
vulnerability VCID-hery-ps62-9kf5
2
vulnerability VCID-hpb7-1n1t-n3em
3
vulnerability VCID-j1qj-kj7k-v7fx
4
vulnerability VCID-mbcb-cn8g-zfgw
5
vulnerability VCID-pww8-5fsd-1kcz
6
vulnerability VCID-r7t1-a958-d7dg
7
vulnerability VCID-rn5t-3pup-kbbv
8
vulnerability VCID-tnwn-h2wc-q7c4
9
vulnerability VCID-wm39-aehq-cyfb
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@4.0.2-1%252Bdeb8u1
1
url pkg:deb/debian/varnish@5.0.0-7%2Bdeb9u2
purl pkg:deb/debian/varnish@5.0.0-7%2Bdeb9u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4fbk-5fwk-efbd
1
vulnerability VCID-hery-ps62-9kf5
2
vulnerability VCID-hpb7-1n1t-n3em
3
vulnerability VCID-j1qj-kj7k-v7fx
4
vulnerability VCID-mbcb-cn8g-zfgw
5
vulnerability VCID-pww8-5fsd-1kcz
6
vulnerability VCID-r7t1-a958-d7dg
7
vulnerability VCID-rn5t-3pup-kbbv
8
vulnerability VCID-tnwn-h2wc-q7c4
9
vulnerability VCID-wm39-aehq-cyfb
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@5.0.0-7%252Bdeb9u2
2
url pkg:deb/debian/varnish@6.1.1-1%2Bdeb10u3
purl pkg:deb/debian/varnish@6.1.1-1%2Bdeb10u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hery-ps62-9kf5
1
vulnerability VCID-hpb7-1n1t-n3em
2
vulnerability VCID-j1qj-kj7k-v7fx
3
vulnerability VCID-mbcb-cn8g-zfgw
4
vulnerability VCID-pww8-5fsd-1kcz
5
vulnerability VCID-r7t1-a958-d7dg
6
vulnerability VCID-rn5t-3pup-kbbv
7
vulnerability VCID-wm39-aehq-cyfb
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@6.1.1-1%252Bdeb10u3
aliases CVE-2017-12425
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tnwn-h2wc-q7c4
12
url VCID-wm39-aehq-cyfb
vulnerability_id VCID-wm39-aehq-cyfb
summary varnish: remote clients may cause Varnish to assert and restart which could result in DoS
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00026.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00026.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00031.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00031.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11653.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11653.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-11653
reference_id
reference_type
scores
0
value 0.0126
scoring_system epss
scoring_elements 0.79358
published_at 2026-04-01T12:55:00Z
1
value 0.0126
scoring_system epss
scoring_elements 0.79438
published_at 2026-04-21T12:55:00Z
2
value 0.0126
scoring_system epss
scoring_elements 0.79436
published_at 2026-04-16T12:55:00Z
3
value 0.0126
scoring_system epss
scoring_elements 0.79435
published_at 2026-04-18T12:55:00Z
4
value 0.0126
scoring_system epss
scoring_elements 0.79364
published_at 2026-04-02T12:55:00Z
5
value 0.0126
scoring_system epss
scoring_elements 0.79387
published_at 2026-04-04T12:55:00Z
6
value 0.0126
scoring_system epss
scoring_elements 0.79373
published_at 2026-04-07T12:55:00Z
7
value 0.0126
scoring_system epss
scoring_elements 0.794
published_at 2026-04-08T12:55:00Z
8
value 0.0126
scoring_system epss
scoring_elements 0.79409
published_at 2026-04-09T12:55:00Z
9
value 0.0126
scoring_system epss
scoring_elements 0.79433
published_at 2026-04-11T12:55:00Z
10
value 0.0126
scoring_system epss
scoring_elements 0.79416
published_at 2026-04-12T12:55:00Z
11
value 0.0126
scoring_system epss
scoring_elements 0.79405
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-11653
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11653
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11653
5
reference_url https://lists.debian.org/debian-lts-announce/2022/11/msg00036.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2022/11/msg00036.html
6
reference_url https://varnish-cache.org/security/VSV00005.html#vsv00005
reference_id
reference_type
scores
url https://varnish-cache.org/security/VSV00005.html#vsv00005
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1813867
reference_id 1813867
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1813867
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=956307
reference_id 956307
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=956307
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*
reference_id cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-cache:varnish_cache:*:*:*:*:-:*:*:*
reference_id cpe:2.3:a:varnish-cache:varnish_cache:*:*:*:*:-:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-cache:varnish_cache:*:*:*:*:-:*:*:*
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:lts:*:*:*
reference_id cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:lts:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:lts:*:*:*
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
reference_id cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-11653
reference_id CVE-2020-11653
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:N/A:P
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://nvd.nist.gov/vuln/detail/CVE-2020-11653
15
reference_url https://access.redhat.com/errata/RHSA-2020:4756
reference_id RHSA-2020:4756
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4756
16
reference_url https://usn.ubuntu.com/5474-1/
reference_id USN-5474-1
reference_type
scores
url https://usn.ubuntu.com/5474-1/
17
reference_url https://usn.ubuntu.com/5474-2/
reference_id USN-5474-2
reference_type
scores
url https://usn.ubuntu.com/5474-2/
fixed_packages
0
url pkg:deb/debian/varnish@6.5.1-1%2Bdeb11u3
purl pkg:deb/debian/varnish@6.5.1-1%2Bdeb11u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5781-s1ny-q7ey
1
vulnerability VCID-cmeu-b3fh-hkaf
2
vulnerability VCID-djsh-vmzh-sbe7
3
vulnerability VCID-j1qj-kj7k-v7fx
4
vulnerability VCID-pww8-5fsd-1kcz
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@6.5.1-1%252Bdeb11u3
aliases CVE-2020-11653
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wm39-aehq-cyfb
13
url VCID-z4zn-dpfs-j7cq
vulnerability_id VCID-z4zn-dpfs-j7cq
summary 
Multiple vulnerabilities have been found in Varnish, the worst of
    which could allow a remote attacker to create a Denial of Service
    condition.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-4484
reference_id
reference_type
scores
0
value 0.01554
scoring_system epss
scoring_elements 0.81368
published_at 2026-04-01T12:55:00Z
1
value 0.01554
scoring_system epss
scoring_elements 0.81377
published_at 2026-04-02T12:55:00Z
2
value 0.01554
scoring_system epss
scoring_elements 0.814
published_at 2026-04-04T12:55:00Z
3
value 0.01554
scoring_system epss
scoring_elements 0.81399
published_at 2026-04-07T12:55:00Z
4
value 0.01554
scoring_system epss
scoring_elements 0.81427
published_at 2026-04-08T12:55:00Z
5
value 0.01554
scoring_system epss
scoring_elements 0.81432
published_at 2026-04-09T12:55:00Z
6
value 0.01554
scoring_system epss
scoring_elements 0.81454
published_at 2026-04-11T12:55:00Z
7
value 0.01554
scoring_system epss
scoring_elements 0.81441
published_at 2026-04-12T12:55:00Z
8
value 0.01554
scoring_system epss
scoring_elements 0.81435
published_at 2026-04-13T12:55:00Z
9
value 0.01554
scoring_system epss
scoring_elements 0.81471
published_at 2026-04-16T12:55:00Z
10
value 0.01554
scoring_system epss
scoring_elements 0.81473
published_at 2026-04-18T12:55:00Z
11
value 0.01554
scoring_system epss
scoring_elements 0.81474
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-4484
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4484
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4484
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728989
reference_id 728989
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728989
3
reference_url https://security.gentoo.org/glsa/201412-30
reference_id GLSA-201412-30
reference_type
scores
url https://security.gentoo.org/glsa/201412-30
fixed_packages
0
url pkg:deb/debian/varnish@3.0.2-2%2Bdeb7u2
purl pkg:deb/debian/varnish@3.0.2-2%2Bdeb7u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4fbk-5fwk-efbd
1
vulnerability VCID-fgjt-z1kd-nbct
2
vulnerability VCID-hery-ps62-9kf5
3
vulnerability VCID-hpb7-1n1t-n3em
4
vulnerability VCID-j1qj-kj7k-v7fx
5
vulnerability VCID-mbcb-cn8g-zfgw
6
vulnerability VCID-ntj2-zryg-tubp
7
vulnerability VCID-pww8-5fsd-1kcz
8
vulnerability VCID-r7t1-a958-d7dg
9
vulnerability VCID-rn5t-3pup-kbbv
10
vulnerability VCID-tnwn-h2wc-q7c4
11
vulnerability VCID-wm39-aehq-cyfb
12
vulnerability VCID-z4zn-dpfs-j7cq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@3.0.2-2%252Bdeb7u2
1
url pkg:deb/debian/varnish@4.0.2-1
purl pkg:deb/debian/varnish@4.0.2-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4fbk-5fwk-efbd
1
vulnerability VCID-hery-ps62-9kf5
2
vulnerability VCID-hpb7-1n1t-n3em
3
vulnerability VCID-j1qj-kj7k-v7fx
4
vulnerability VCID-mbcb-cn8g-zfgw
5
vulnerability VCID-pww8-5fsd-1kcz
6
vulnerability VCID-r7t1-a958-d7dg
7
vulnerability VCID-rn5t-3pup-kbbv
8
vulnerability VCID-tnwn-h2wc-q7c4
9
vulnerability VCID-wm39-aehq-cyfb
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@4.0.2-1
aliases CVE-2013-4484
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z4zn-dpfs-j7cq
Fixing_vulnerabilities
Risk_score4.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@1.0.2-2