Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:rpm/redhat/skopeo@1:0.1.32-6.git1715c90?arch=el8_0

Type rpm

Namespace redhat

Name skopeo

Version 1:0.1.32-6.git1715c90

Qualifiers

arch	el8_0

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-rus3-fvn9-53h9

vulnerability_id

VCID-rus3-fvn9-53h9

summary

Improper Neutralization of Special Elements used in an OS Command in Jenkins Git Client Plugin
Jenkins Git Client Plugin 2.8.4 and earlier did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10392.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10392.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-10392

reference_id

reference_type

scores

value	0.80819
scoring_system	epss
scoring_elements	0.99153
published_at	2026-04-29T12:55:00Z

value	0.80819
scoring_system	epss
scoring_elements	0.99146
published_at	2026-04-12T12:55:00Z

value	0.80819
scoring_system	epss
scoring_elements	0.99145
published_at	2026-04-13T12:55:00Z

value	0.80819
scoring_system	epss
scoring_elements	0.99139
published_at	2026-04-02T12:55:00Z

value	0.80819
scoring_system	epss
scoring_elements	0.99141
published_at	2026-04-04T12:55:00Z

value	0.80819
scoring_system	epss
scoring_elements	0.99144
published_at	2026-04-07T12:55:00Z

value	0.80819
scoring_system	epss
scoring_elements	0.99147
published_at	2026-04-16T12:55:00Z

value	0.80819
scoring_system	epss
scoring_elements	0.99149
published_at	2026-04-21T12:55:00Z

value	0.80819
scoring_system	epss
scoring_elements	0.99148
published_at	2026-04-18T12:55:00Z

value	0.80819
scoring_system	epss
scoring_elements	0.99137
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-10392

reference_url

https://github.com/jenkinsci/git-client-plugin/commit/899123fa2eb9dd2c37137aae630c47c6be6b4b02

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/git-client-plugin/commit/899123fa2eb9dd2c37137aae630c47c6be6b4b02

reference_url

https://jenkins.io/security/advisory/2019-09-12/#SECURITY-1534

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://jenkins.io/security/advisory/2019-09-12/#SECURITY-1534

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-10392

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:P/I:P/A:P

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-10392

reference_url

http://www.openwall.com/lists/oss-security/2019/09/12/2

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2019/09/12/2

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1819704
reference_id	1819704
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1819704

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:git_client:3.0.0:rc::::jenkins::*
reference_id	cpe:2.3:a:jenkins:git_client:3.0.0:rc::::jenkins::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:git_client:3.0.0:rc::::jenkins::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:git_client::::::jenkins::*
reference_id	cpe:2.3:a:jenkins:git_client::::::jenkins::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:git_client::::::jenkins::*

reference_url

https://github.com/advisories/GHSA-hw6x-2qwv-rxr7

reference_id

GHSA-hw6x-2qwv-rxr7

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-hw6x-2qwv-rxr7

reference_url	https://access.redhat.com/errata/RHSA-2020:2478
reference_id	RHSA-2020:2478
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2478

fixed_packages

aliases

CVE-2019-10392, GHSA-hw6x-2qwv-rxr7

risk_score

10.0

exploitability

2.0

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-rus3-fvn9-53h9

url

VCID-vfxz-vfmr-w3d1

vulnerability_id

VCID-vfxz-vfmr-w3d1

summary

GPGME Go wrapper contains Use After Free
The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification.

references

reference_url

https://access.redhat.com/errata/RHSA-2020:0679

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2020:0679

reference_url

https://access.redhat.com/errata/RHSA-2020:0689

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2020:0689

reference_url

https://access.redhat.com/errata/RHSA-2020:0697

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2020:0697

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8945.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8945.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-8945

reference_id

reference_type

scores

value	0.01939
scoring_system	epss
scoring_elements	0.8342
published_at	2026-04-13T12:55:00Z

value	0.01939
scoring_system	epss
scoring_elements	0.83456
published_at	2026-04-16T12:55:00Z

value	0.01939
scoring_system	epss
scoring_elements	0.83457
published_at	2026-04-21T12:55:00Z

value	0.01939
scoring_system	epss
scoring_elements	0.83382
published_at	2026-04-04T12:55:00Z

value	0.01939
scoring_system	epss
scoring_elements	0.83367
published_at	2026-04-02T12:55:00Z

value	0.01939
scoring_system	epss
scoring_elements	0.83354
published_at	2026-04-01T12:55:00Z

value	0.01939
scoring_system	epss
scoring_elements	0.8348
published_at	2026-04-24T12:55:00Z

value	0.01939
scoring_system	epss
scoring_elements	0.83487
published_at	2026-04-26T12:55:00Z

value	0.01939
scoring_system	epss
scoring_elements	0.83489
published_at	2026-04-29T12:55:00Z

value	0.01939
scoring_system	epss
scoring_elements	0.83425
published_at	2026-04-12T12:55:00Z

value	0.01939
scoring_system	epss
scoring_elements	0.8343
published_at	2026-04-11T12:55:00Z

value	0.01939
scoring_system	epss
scoring_elements	0.83416
published_at	2026-04-09T12:55:00Z

value	0.01939
scoring_system	epss
scoring_elements	0.83406
published_at	2026-04-08T12:55:00Z

value	0.01939
scoring_system	epss
scoring_elements	0.83381
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-8945

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1795838

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1795838

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8945
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8945

reference_url

https://github.com/containers/image/commit/4c7a23f82ef09127b0ff28366d1cf31316dd6cc1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/containers/image/commit/4c7a23f82ef09127b0ff28366d1cf31316dd6cc1

reference_url

https://github.com/proglottis/gpgme

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/proglottis/gpgme

reference_url

https://github.com/proglottis/gpgme/commit/92153bcb59bd2f511e502262c46c7bd660e21733

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/proglottis/gpgme/commit/92153bcb59bd2f511e502262c46c7bd660e21733

reference_url

https://github.com/proglottis/gpgme/compare/v0.1.0...v0.1.1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/proglottis/gpgme/compare/v0.1.0...v0.1.1

reference_url

https://github.com/proglottis/gpgme/pull/23

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/proglottis/gpgme/pull/23

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H6P6SSNKN4H6GSEVROHBDXA64PX7EOED

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H6P6SSNKN4H6GSEVROHBDXA64PX7EOED

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KDBT77KV3U7BESJX3P4S4MPVDGRTAQA2

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KDBT77KV3U7BESJX3P4S4MPVDGRTAQA2

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WXV7NZELYWRRCXATXU3FYD3G3WJT3WYM

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WXV7NZELYWRRCXATXU3FYD3G3WJT3WYM

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-8945

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-8945

reference_url

https://pkg.go.dev/vuln/GO-2021-0096

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://pkg.go.dev/vuln/GO-2021-0096

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951372
reference_id	951372
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951372

reference_url	https://access.redhat.com/errata/RHSA-2020:0863
reference_id	RHSA-2020:0863
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0863

reference_url	https://access.redhat.com/errata/RHSA-2020:0928
reference_id	RHSA-2020:0928
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0928

reference_url	https://access.redhat.com/errata/RHSA-2020:0934
reference_id	RHSA-2020:0934
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0934

reference_url	https://access.redhat.com/errata/RHSA-2020:1230
reference_id	RHSA-2020:1230
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1230

reference_url	https://access.redhat.com/errata/RHSA-2020:1231
reference_id	RHSA-2020:1231
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1231

reference_url	https://access.redhat.com/errata/RHSA-2020:1234
reference_id	RHSA-2020:1234
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1234

reference_url	https://access.redhat.com/errata/RHSA-2020:1396
reference_id	RHSA-2020:1396
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1396

reference_url	https://access.redhat.com/errata/RHSA-2020:1402
reference_id	RHSA-2020:1402
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1402

reference_url	https://access.redhat.com/errata/RHSA-2020:1937
reference_id	RHSA-2020:1937
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1937

reference_url	https://access.redhat.com/errata/RHSA-2020:1940
reference_id	RHSA-2020:1940
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1940

reference_url	https://access.redhat.com/errata/RHSA-2020:2027
reference_id	RHSA-2020:2027
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2027

reference_url	https://access.redhat.com/errata/RHSA-2020:2117
reference_id	RHSA-2020:2117
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2117

reference_url	https://access.redhat.com/errata/RHSA-2020:2413
reference_id	RHSA-2020:2413
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2413

reference_url	https://access.redhat.com/errata/RHSA-2020:2927
reference_id	RHSA-2020:2927
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2927

reference_url	https://access.redhat.com/errata/RHSA-2020:2992
reference_id	RHSA-2020:2992
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2992

reference_url	https://access.redhat.com/errata/RHSA-2020:3167
reference_id	RHSA-2020:3167
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3167

fixed_packages

aliases

CVE-2020-8945, GHSA-m6wg-2mwg-4rfq

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-vfxz-vfmr-w3d1

Fixing_vulnerabilities

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/skopeo@1:0.1.32-6.git1715c90%3Farch=el8_0

Package Instance