Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/mercurial@4.6rc1
Typepypi
Namespace
Namemercurial
Version4.6rc1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.9
Latest_non_vulnerable_version4.9
Affected_by_vulnerabilities
0
url VCID-276p-r83g-9fce
vulnerability_id VCID-276p-r83g-9fce
summary cext/manifest.c in Mercurial before 4.7.2 has an out-of-bounds read during parsing of a malformed manifest entry.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-17983
reference_id
reference_type
scores
0
value 0.00425
scoring_system epss
scoring_elements 0.62497
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-17983
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-91.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-91.yaml
2
reference_url https://www.mercurial-scm.org/repo/hg/rev/5405cb1a7901
reference_id
reference_type
scores
url https://www.mercurial-scm.org/repo/hg/rev/5405cb1a7901
3
reference_url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.7.2_.282018-10-01.29
reference_id
reference_type
scores
url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.7.2_.282018-10-01.29
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-17983
reference_id CVE-2018-17983
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-17983
5
reference_url https://github.com/advisories/GHSA-p575-cf9h-wv42
reference_id GHSA-p575-cf9h-wv42
reference_type
scores
url https://github.com/advisories/GHSA-p575-cf9h-wv42
fixed_packages
0
url pkg:pypi/mercurial@4.7.2
purl pkg:pypi/mercurial@4.7.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ygk8-66cv-3qfk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@4.7.2
aliases CVE-2018-17983, GHSA-p575-cf9h-wv42, PYSEC-2018-91
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-276p-r83g-9fce
1
url VCID-cjyt-q73h-2kga
vulnerability_id VCID-cjyt-q73h-2kga
summary The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actually are not, aka OVE-20180430-0001.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-13348
reference_id
reference_type
scores
0
value 0.00662
scoring_system epss
scoring_elements 0.71501
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-13348
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-90.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-90.yaml
2
reference_url https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html
3
reference_url https://www.mercurial-scm.org/repo/hg/rev/90a274965de7
reference_id
reference_type
scores
url https://www.mercurial-scm.org/repo/hg/rev/90a274965de7
4
reference_url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29
reference_id
reference_type
scores
url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-13348
reference_id CVE-2018-13348
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-13348
6
reference_url https://github.com/advisories/GHSA-3v62-ww8w-758m
reference_id GHSA-3v62-ww8w-758m
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3v62-ww8w-758m
fixed_packages
0
url pkg:pypi/mercurial@4.6.1
purl pkg:pypi/mercurial@4.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-276p-r83g-9fce
1
vulnerability VCID-ygk8-66cv-3qfk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@4.6.1
aliases CVE-2018-13348, GHSA-3v62-ww8w-758m, PYSEC-2018-90
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cjyt-q73h-2kga
2
url VCID-nwr3-zjfg-bfgk
vulnerability_id VCID-nwr3-zjfg-bfgk
summary mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002.
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:2276
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:2276
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-13347
reference_id
reference_type
scores
0
value 0.0125
scoring_system epss
scoring_elements 0.79642
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-13347
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-89.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-89.yaml
3
reference_url https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html
4
reference_url https://www.mercurial-scm.org/repo/hg-committed/log?rev=modifies%28%22mercurial%2Fmpatch.c%22%29+and+4.5%3A%3A
reference_id
reference_type
scores
url https://www.mercurial-scm.org/repo/hg-committed/log?rev=modifies%28%22mercurial%2Fmpatch.c%22%29+and+4.5%3A%3A
5
reference_url https://www.mercurial-scm.org/repo/hg/rev/1acfc35d478c
reference_id
reference_type
scores
url https://www.mercurial-scm.org/repo/hg/rev/1acfc35d478c
6
reference_url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29
reference_id
reference_type
scores
url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-13347
reference_id CVE-2018-13347
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-13347
8
reference_url https://github.com/advisories/GHSA-3mjj-mr4f-qxmx
reference_id GHSA-3mjj-mr4f-qxmx
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3mjj-mr4f-qxmx
fixed_packages
0
url pkg:pypi/mercurial@4.6.1
purl pkg:pypi/mercurial@4.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-276p-r83g-9fce
1
vulnerability VCID-ygk8-66cv-3qfk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@4.6.1
aliases CVE-2018-13347, GHSA-3mjj-mr4f-qxmx, PYSEC-2018-89
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nwr3-zjfg-bfgk
3
url VCID-u1z6-pw66-z3c2
vulnerability_id VCID-u1z6-pw66-z3c2
summary The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data, aka OVE-20180430-0004.
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:2276
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:2276
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-13346
reference_id
reference_type
scores
0
value 0.00288
scoring_system epss
scoring_elements 0.52515
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-13346
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-88.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-88.yaml
3
reference_url https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html
4
reference_url https://www.mercurial-scm.org/repo/hg/rev/faa924469635
reference_id
reference_type
scores
url https://www.mercurial-scm.org/repo/hg/rev/faa924469635
5
reference_url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29
reference_id
reference_type
scores
url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-13346
reference_id CVE-2018-13346
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-13346
7
reference_url https://github.com/advisories/GHSA-9xv4-r2hf-26gh
reference_id GHSA-9xv4-r2hf-26gh
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9xv4-r2hf-26gh
fixed_packages
0
url pkg:pypi/mercurial@4.6.1
purl pkg:pypi/mercurial@4.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-276p-r83g-9fce
1
vulnerability VCID-ygk8-66cv-3qfk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@4.6.1
aliases CVE-2018-13346, GHSA-9xv4-r2hf-26gh, PYSEC-2018-88
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u1z6-pw66-z3c2
4
url VCID-ygk8-66cv-3qfk
vulnerability_id VCID-ygk8-66cv-3qfk
summary A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-3902
reference_id
reference_type
scores
0
value 0.00541
scoring_system epss
scoring_elements 0.67958
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-3902
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3902
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3902
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2019-188.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2019-188.yaml
3
reference_url https://lists.debian.org/debian-lts-announce/2019/04/msg00024.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2019/04/msg00024.html
4
reference_url https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html
5
reference_url https://usn.ubuntu.com/4086-1
reference_id
reference_type
scores
url https://usn.ubuntu.com/4086-1
6
reference_url https://usn.ubuntu.com/4086-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4086-1/
7
reference_url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.9_.282019-02-01.29
reference_id
reference_type
scores
url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.9_.282019-02-01.29
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-3902
reference_id CVE-2019-3902
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2019-3902
9
reference_url https://github.com/advisories/GHSA-mq66-vcfc-8246
reference_id GHSA-mq66-vcfc-8246
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mq66-vcfc-8246
fixed_packages
0
url pkg:pypi/mercurial@4.9
purl pkg:pypi/mercurial@4.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@4.9
aliases CVE-2019-3902, GHSA-mq66-vcfc-8246, PYSEC-2019-188
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ygk8-66cv-3qfk
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@4.6rc1