Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/pycsw@1.10.5
Typepypi
Namespace
Namepycsw
Version1.10.5
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version2.0.2
Latest_non_vulnerable_version2.0.2
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-4tca-fufm-qydy
vulnerability_id VCID-4tca-fufm-qydy
summary A SQL injection vulnerability in pycsw all versions before 2.0.2, 1.10.5 and 1.8.6 that leads to read and extract of any data from any table in the pycsw database that the database user has access to. Also on PostgreSQL (at least) it is possible to perform updates/inserts/deletes and database modifications to any table the database user has access to.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-8640
reference_id
reference_type
scores
0
value 0.00859
scoring_system epss
scoring_elements 0.75326
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-8640
1
reference_url http://seclists.org/oss-sec/2016/q4/406
reference_id
reference_type
scores
url http://seclists.org/oss-sec/2016/q4/406
2
reference_url https://github.com/advisories/GHSA-hg4c-rgvm-964g
reference_id
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hg4c-rgvm-964g
3
reference_url https://github.com/geopython/pycsw
reference_id
reference_type
scores
url https://github.com/geopython/pycsw
4
reference_url https://github.com/geopython/pycsw/commit/522873e5ce48bb9cbd4e7e8168ca881ce709c222
reference_id
reference_type
scores
url https://github.com/geopython/pycsw/commit/522873e5ce48bb9cbd4e7e8168ca881ce709c222
5
reference_url https://github.com/geopython/pycsw/commit/69546e13527c82e4f9191769215490381ad511b2
reference_id
reference_type
scores
url https://github.com/geopython/pycsw/commit/69546e13527c82e4f9191769215490381ad511b2
6
reference_url https://github.com/geopython/pycsw/commit/daaf09b4b920708a415be3c7f446739661ba3753
reference_id
reference_type
scores
url https://github.com/geopython/pycsw/commit/daaf09b4b920708a415be3c7f446739661ba3753
7
reference_url https://github.com/geopython/pycsw/pull/474/files
reference_id
reference_type
scores
url https://github.com/geopython/pycsw/pull/474/files
8
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pycsw/PYSEC-2018-98.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pycsw/PYSEC-2018-98.yaml
9
reference_url https://patch-diff.githubusercontent.com/raw/geopython/pycsw/pull/474.patch
reference_id
reference_type
scores
url https://patch-diff.githubusercontent.com/raw/geopython/pycsw/pull/474.patch
10
reference_url http://www.securityfocus.com/bid/94302
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/94302
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-8640
reference_id CVE-2016-8640
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2016-8640
fixed_packages
0
url pkg:pypi/pycsw@1.8.6
purl pkg:pypi/pycsw@1.8.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pycsw@1.8.6
1
url pkg:pypi/pycsw@1.10.5
purl pkg:pypi/pycsw@1.10.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pycsw@1.10.5
2
url pkg:pypi/pycsw@2.0.2
purl pkg:pypi/pycsw@2.0.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pycsw@2.0.2
aliases CVE-2016-8640, GHSA-hg4c-rgvm-964g, PYSEC-2018-98
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4tca-fufm-qydy
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/pycsw@1.10.5