Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:rpm/redhat/tfm-rubygem-journald-logger@2.0.4-1?arch=el7sat

Type rpm

Namespace redhat

Name tfm-rubygem-journald-logger

Version 2.0.4-1

Qualifiers

arch	el7sat

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url VCID-3hfs-cds8-yfcb

vulnerability_id VCID-3hfs-cds8-yfcb

summary foreman: stored XSS in success notification after entity creation

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16861.json

reference_id

reference_type

scores

value	7.6
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16861.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-16861

reference_id

reference_type

scores

value	0.00388
scoring_system	epss
scoring_elements	0.60144
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-16861

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1645201
reference_id	1645201
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1645201

fixed_packages

aliases CVE-2018-16861

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3hfs-cds8-yfcb

url VCID-76qp-dybj-5qg6

vulnerability_id VCID-76qp-dybj-5qg6

summary katello: stored XSS in subscriptions and repositories pages

references

reference_url

https://access.redhat.com/errata/RHSA-2019:1222

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:1222

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16887.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16887.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-16887

reference_id

reference_type

scores

value	0.00346
scoring_system	epss
scoring_elements	0.57333
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-16887

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16887

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16887

reference_url

https://github.com/Katello/katello

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/Katello/katello

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/katello/CVE-2018-16887.yml

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/katello/CVE-2018-16887.yml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-16887

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-16887

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1645190
reference_id	1645190
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1645190

fixed_packages

aliases CVE-2018-16887, GHSA-mhhc-r88h-2qrm

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-76qp-dybj-5qg6

url VCID-8z4k-h7jg-tyc7

vulnerability_id VCID-8z4k-h7jg-tyc7

summary foreman: Persisted XSS on all pages that use breadcrumbs

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14664.json

reference_id

reference_type

scores

value	7.6
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14664.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-14664

reference_id

reference_type

scores

value	0.00291
scoring_system	epss
scoring_elements	0.52718
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-14664

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1638130
reference_id	1638130
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1638130

fixed_packages

aliases CVE-2018-14664

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8z4k-h7jg-tyc7

url VCID-k8fr-uh4b-gqge

vulnerability_id VCID-k8fr-uh4b-gqge

summary

Withdrawn Advisory: Pulp Improper Path Parsing
## Withdrawn Advisory
This advisory has been withdrawn because the package [pulpcore](https://pypi.org/project/pulpcore/) deals with pulp 3 only. This advisory concerns [pulp 2](https://github.com/pulp/pulp), which is not in a [supported ecosystem](https://github.com/github/advisory-database/blob/main/README.md#supported-ecosystems).

## Original Description
pulp 2.16.x and possibly older is vulnerable to an improper path parsing. A malicious user or a malicious iso feed repository can write to locations accessible to the 'apache' user. This may lead to overwrite of published content on other iso repositories.

references

reference_url

https://access.redhat.com/errata/RHEA-2019:1283

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHEA-2019:1283

reference_url

https://access.redhat.com/errata/RHSA-2019:1222

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:1222

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10917.json

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10917.json

reference_url

https://access.redhat.com/security/cve/CVE-2018-10917

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2018-10917

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-10917

reference_id

reference_type

scores

value	0.00271
scoring_system	epss
scoring_elements	0.50708
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-10917

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1598928

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1598928

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10917

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10917

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-10917

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-10917

reference_url	https://github.com/advisories/GHSA-574p-6fw4-4hw8
reference_id	GHSA-574p-6fw4-4hw8
reference_type
scores
url	https://github.com/advisories/GHSA-574p-6fw4-4hw8

fixed_packages

aliases CVE-2018-10917, GHSA-574p-6fw4-4hw8

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k8fr-uh4b-gqge

url VCID-nbhp-uypk-h7g2

vulnerability_id VCID-nbhp-uypk-h7g2

summary

Denial of service in JBoss resteasy
RESTEasy enables GZIPInterceptor, which allows remote attackers to cause a denial of service via unspecified vectors.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6346.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6346.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-6346

reference_id

reference_type

scores

value	0.01184
scoring_system	epss
scoring_elements	0.79084
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-6346

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1372120

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1372120

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6346
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6346

reference_url

https://github.com/resteasy/Resteasy

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/resteasy/Resteasy

reference_url

https://github.com/resteasy/resteasy/pull/1303

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/resteasy/resteasy/pull/1303

reference_url

https://issues.jboss.org/browse/JBEAP-11180

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://issues.jboss.org/browse/JBEAP-11180

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-6346

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-6346

reference_url

http://www.securityfocus.com/bid/92744

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/92744

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837170
reference_id	837170
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837170

reference_url	https://access.redhat.com/errata/RHSA-2017:0517
reference_id	RHSA-2017:0517
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0517

reference_url	https://access.redhat.com/errata/RHSA-2017:0826
reference_id	RHSA-2017:0826
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0826

reference_url	https://access.redhat.com/errata/RHSA-2017:0827
reference_id	RHSA-2017:0827
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0827

reference_url	https://access.redhat.com/errata/RHSA-2017:0828
reference_id	RHSA-2017:0828
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0828

reference_url	https://access.redhat.com/errata/RHSA-2017:0829
reference_id	RHSA-2017:0829
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0829

reference_url	https://usn.ubuntu.com/7630-1/
reference_id	USN-7630-1
reference_type
scores
url	https://usn.ubuntu.com/7630-1/

fixed_packages

aliases CVE-2016-6346, GHSA-wxvr-vqfp-9cqw

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nbhp-uypk-h7g2

url VCID-ytwt-s1qe-u3am

vulnerability_id VCID-ytwt-s1qe-u3am

summary candlepin: credentials exposure through log files

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3891.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3891.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-3891

reference_id

reference_type

scores

value	0.00042
scoring_system	epss
scoring_elements	0.1319
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-3891

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1693867
reference_id	1693867
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1693867

fixed_packages

aliases CVE-2019-3891

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ytwt-s1qe-u3am

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tfm-rubygem-journald-logger@2.0.4-1%3Farch=el7sat

Package Instance