Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:apk/alpine/pdns@5.0.4-r0?arch=x86_64&distroversion=edge&reponame=community

Type apk

Namespace alpine

Name pdns

Version 5.0.4-r0

Qualifiers

arch	x86_64
distroversion	edge
reponame	community

Subpath

Is_vulnerable false

Next_non_vulnerable_version 4.0.5-r0

Latest_non_vulnerable_version 5.0.4-r0

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-6pjd-r9ca-rbgg

vulnerability_id VCID-6pjd-r9ca-rbgg

summary An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS or SVCB record data, which can in turn cause LMDB database corruption, if using the LMDB backend.

references

reference_url

https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-powerdns-2026-05.html

reference_id

powerdns-advisory-powerdns-2026-05.html

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:24:04Z/

url

https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-powerdns-2026-05.html

fixed_packages

url	pkg:apk/alpine/pdns@5.0.4-r0?arch=x86_64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/pdns@5.0.4-r0?arch=x86_64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/pdns@5.0.4-r0%3Farch=x86_64&distroversion=edge&reponame=community

aliases CVE-2026-33611

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6pjd-r9ca-rbgg

url VCID-6uz8-kz5m-8ya9

vulnerability_id VCID-6uz8-kz5m-8ya9

summary An attacker can send a notify request that causes a new secondary domain to be added to the bind backend, but causes said backend to update its configuration to an invalid one, leading to the backend no longer able to run on the next restart, requiring manual operation to fix it.

references

reference_url

https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-powerdns-2026-05.html

reference_id

powerdns-advisory-powerdns-2026-05.html

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:28:03Z/

url

https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-powerdns-2026-05.html

fixed_packages

url	pkg:apk/alpine/pdns@5.0.4-r0?arch=x86_64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/pdns@5.0.4-r0?arch=x86_64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/pdns@5.0.4-r0%3Farch=x86_64&distroversion=edge&reponame=community

aliases CVE-2026-33608

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6uz8-kz5m-8ya9

url VCID-chzq-qej6-rkdq

vulnerability_id VCID-chzq-qej6-rkdq

summary An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.

references

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2026-05.html

reference_id

powerdns-advisory-2026-05.html

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T17:54:48Z/

url

https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2026-05.html

reference_url

https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html

reference_id

powerdns-advisory-for-dnsdist-2026-04.html

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T17:54:48Z/

url

https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html

reference_url

https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html

reference_id

powerdns-advisory-powerdns-2026-03.html

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T17:54:48Z/

url

https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html

fixed_packages

url	pkg:apk/alpine/pdns@5.0.4-r0?arch=x86_64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/pdns@5.0.4-r0?arch=x86_64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/pdns@5.0.4-r0%3Farch=x86_64&distroversion=edge&reponame=community

aliases CVE-2026-33257

risk_score 1.3

exploitability 0.5

weighted_severity 2.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-chzq-qej6-rkdq

url VCID-g4df-vh2e-abch

vulnerability_id VCID-g4df-vh2e-abch

summary Incomplete escaping of LDAP queries when running with 8bit-dns enabled allows users to perform queries of internal domain subtrees.

references

reference_url

https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-powerdns-2026-05.html

reference_id

powerdns-advisory-powerdns-2026-05.html

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:26:43Z/

url

https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-powerdns-2026-05.html

fixed_packages

url	pkg:apk/alpine/pdns@5.0.4-r0?arch=x86_64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/pdns@5.0.4-r0?arch=x86_64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/pdns@5.0.4-r0%3Farch=x86_64&distroversion=edge&reponame=community

aliases CVE-2026-33609

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g4df-vh2e-abch

url VCID-pfhu-1qdf-p7d5

vulnerability_id VCID-pfhu-1qdf-p7d5

summary An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.

references

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2026-05.html

reference_id

powerdns-advisory-2026-05.html

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T17:54:50Z/

url

https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2026-05.html

reference_url

https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html

reference_id

powerdns-advisory-for-dnsdist-2026-04.html

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T17:54:50Z/

url

https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html

reference_url

https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html

reference_id

powerdns-advisory-powerdns-2026-03.html

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T17:54:50Z/

url

https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html

fixed_packages

url	pkg:apk/alpine/pdns@5.0.4-r0?arch=x86_64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/pdns@5.0.4-r0?arch=x86_64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/pdns@5.0.4-r0%3Farch=x86_64&distroversion=edge&reponame=community

aliases CVE-2026-33260

risk_score 1.3

exploitability 0.5

weighted_severity 2.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pfhu-1qdf-p7d5

url VCID-xa6z-cw1x-7qba

vulnerability_id VCID-xa6z-cw1x-7qba

summary A rogue primary server may cause file descriptor exhaustion and eventually a denial of service, when a PowerDNS secondary server forwards a DNS update request to it.

references

reference_url

https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-powerdns-2026-05.html

reference_id

powerdns-advisory-powerdns-2026-05.html

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:25:29Z/

url

https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-powerdns-2026-05.html

fixed_packages

url	pkg:apk/alpine/pdns@5.0.4-r0?arch=x86_64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/pdns@5.0.4-r0?arch=x86_64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/pdns@5.0.4-r0%3Farch=x86_64&distroversion=edge&reponame=community

aliases CVE-2026-33610

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xa6z-cw1x-7qba

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/pdns@5.0.4-r0%3Farch=x86_64&distroversion=edge&reponame=community

Package Instance