Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/roundup@2.0.0a0

Type pypi

Namespace

Name roundup

Version 2.0.0a0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.5.0

Latest_non_vulnerable_version 2.5.0

Affected_by_vulnerabilities

url VCID-csmv-58s1-5bde

vulnerability_id VCID-csmv-58s1-5bde

summary Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and roundup/cgi/wsgi_handler.py mishandle 404 errors.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-10904

reference_id

reference_type

scores

value	0.00595
scoring_system	epss
scoring_elements	0.69649
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-10904

reference_url	https://bugs.python.org/issue36391
reference_id
reference_type
scores
url	https://bugs.python.org/issue36391

reference_url

https://github.com/advisories/GHSA-926q-wxr6-3crq

reference_id

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-926q-wxr6-3crq

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2019-201.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2019-201.yaml

reference_url	https://github.com/python/bugs.python.org/issues/34
reference_id
reference_type
scores
url	https://github.com/python/bugs.python.org/issues/34

reference_url	https://github.com/roundup-tracker/roundup
reference_id
reference_type
scores
url	https://github.com/roundup-tracker/roundup

reference_url	https://lists.debian.org/debian-lts-announce/2019/04/msg00009.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2019/04/msg00009.html

reference_url	https://pypi.org/project/roundup/2.0.0alpha0
reference_id
reference_type
scores
url	https://pypi.org/project/roundup/2.0.0alpha0

reference_url	https://www.openwall.com/lists/oss-security/2019/04/05/1
reference_id
reference_type
scores
url	https://www.openwall.com/lists/oss-security/2019/04/05/1

reference_url	http://www.openwall.com/lists/oss-security/2019/04/07/1
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2019/04/07/1

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2019-10904
reference_id	CVE-2019-10904
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2019-10904

fixed_packages

url pkg:pypi/roundup@2.0.0

purl pkg:pypi/roundup@2.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ntht-6gus-87cv

vulnerability	VCID-uk8q-2vzm-hbhu

vulnerability	VCID-wjqt-h4bh-gbgr

vulnerability	VCID-zk4h-xznt-n3c3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/roundup@2.0.0

aliases CVE-2019-10904, GHSA-926q-wxr6-3crq, PYSEC-2019-201

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-csmv-58s1-5bde

url VCID-ntht-6gus-87cv

vulnerability_id VCID-ntht-6gus-87cv

summary In Roundup before 2.5.0, XSS can occur via interaction between URLs and issue tracker templates (devel and responsive).

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-53865

reference_id

reference_type

scores

value	0.00172
scoring_system	epss
scoring_elements	0.38404
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-53865

reference_url	https://www.roundup-tracker.org/docs/security.html
reference_id
reference_type
scores
url	https://www.roundup-tracker.org/docs/security.html

reference_url	https://www.roundup-tracker.org/docs/upgrading.html#cve-2025-53865
reference_id
reference_type
scores
url	https://www.roundup-tracker.org/docs/upgrading.html#cve-2025-53865

fixed_packages

url	pkg:pypi/roundup@2.5.0
purl	pkg:pypi/roundup@2.5.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/roundup@2.5.0

aliases CVE-2025-53865, PYSEC-2025-69

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ntht-6gus-87cv

url VCID-uk8q-2vzm-hbhu

vulnerability_id VCID-uk8q-2vzm-hbhu

summary Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-39126

reference_id

reference_type

scores

value	0.00927
scoring_system	epss
scoring_elements	0.76407
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-39126

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2024-65.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2024-65.yaml

reference_url	https://github.com/roundup-tracker/roundup/commit/860e3c8d07b05b77c6cdf5d0b6e7dbfe51b11631
reference_id
reference_type
scores
url	https://github.com/roundup-tracker/roundup/commit/860e3c8d07b05b77c6cdf5d0b6e7dbfe51b11631

reference_url	https://www.roundup-tracker.org
reference_id
reference_type
scores
url	https://www.roundup-tracker.org

reference_url	https://www.roundup-tracker.org/docs/security.html#cve-announcements
reference_id
reference_type
scores
url	https://www.roundup-tracker.org/docs/security.html#cve-announcements

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2024-39126
reference_id	CVE-2024-39126
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2024-39126

reference_url

https://github.com/advisories/GHSA-x37x-qf4v-f54f

reference_id

GHSA-x37x-qf4v-f54f

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-x37x-qf4v-f54f

fixed_packages

url pkg:pypi/roundup@2.4.0

purl pkg:pypi/roundup@2.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ntht-6gus-87cv

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/roundup@2.4.0

aliases CVE-2024-39126, GHSA-x37x-qf4v-f54f, PYSEC-2024-65

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uk8q-2vzm-hbhu

url VCID-wjqt-h4bh-gbgr

vulnerability_id VCID-wjqt-h4bh-gbgr

summary In Roundup before 2.4.0, classhelpers (_generic.help.html) allow XSS.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-39124

reference_id

reference_type

scores

value	0.00729
scoring_system	epss
scoring_elements	0.7297
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-39124

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2024-63.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2024-63.yaml

reference_url	https://github.com/roundup-tracker/roundup/commit/860e3c8d07b05b77c6cdf5d0b6e7dbfe51b11631
reference_id
reference_type
scores
url	https://github.com/roundup-tracker/roundup/commit/860e3c8d07b05b77c6cdf5d0b6e7dbfe51b11631

reference_url	https://www.roundup-tracker.org
reference_id
reference_type
scores
url	https://www.roundup-tracker.org

reference_url	https://www.roundup-tracker.org/
reference_id
reference_type
scores
url	https://www.roundup-tracker.org/

reference_url	https://www.roundup-tracker.org/docs/security.html#cve-announcements
reference_id
reference_type
scores
url	https://www.roundup-tracker.org/docs/security.html#cve-announcements

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2024-39124
reference_id	CVE-2024-39124
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2024-39124

reference_url

https://github.com/advisories/GHSA-w8vc-cwv9-wx67

reference_id

GHSA-w8vc-cwv9-wx67

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-w8vc-cwv9-wx67

fixed_packages

url pkg:pypi/roundup@2.4.0

purl pkg:pypi/roundup@2.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ntht-6gus-87cv

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/roundup@2.4.0

aliases CVE-2024-39124, GHSA-w8vc-cwv9-wx67, PYSEC-2024-63

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wjqt-h4bh-gbgr

url VCID-zk4h-xznt-n3c3

vulnerability_id VCID-zk4h-xznt-n3c3

summary Roundup before 2.4.0 allows XSS via a SCRIPT element in an HTTP Referer header.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-39125

reference_id

reference_type

scores

value	0.00729
scoring_system	epss
scoring_elements	0.7297
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-39125

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2024-64.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2024-64.yaml

reference_url	https://github.com/roundup-tracker/roundup/commit/860e3c8d07b05b77c6cdf5d0b6e7dbfe51b11631
reference_id
reference_type
scores
url	https://github.com/roundup-tracker/roundup/commit/860e3c8d07b05b77c6cdf5d0b6e7dbfe51b11631

reference_url	https://www.roundup-tracker.org
reference_id
reference_type
scores
url	https://www.roundup-tracker.org

reference_url	https://www.roundup-tracker.org/docs/security.html#cve-announcements
reference_id
reference_type
scores
url	https://www.roundup-tracker.org/docs/security.html#cve-announcements

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2024-39125
reference_id	CVE-2024-39125
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2024-39125

reference_url

https://github.com/advisories/GHSA-xjgw-ghrx-wfff

reference_id

GHSA-xjgw-ghrx-wfff

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-xjgw-ghrx-wfff

fixed_packages

url pkg:pypi/roundup@2.4.0

purl pkg:pypi/roundup@2.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ntht-6gus-87cv

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/roundup@2.4.0

aliases CVE-2024-39125, GHSA-xjgw-ghrx-wfff, PYSEC-2024-64

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zk4h-xznt-n3c3

Fixing_vulnerabilities

url VCID-csmv-58s1-5bde

vulnerability_id VCID-csmv-58s1-5bde

summary Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and roundup/cgi/wsgi_handler.py mishandle 404 errors.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-10904

reference_id

reference_type

scores

value	0.00595
scoring_system	epss
scoring_elements	0.69649
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-10904

reference_url	https://bugs.python.org/issue36391
reference_id
reference_type
scores
url	https://bugs.python.org/issue36391

reference_url

https://github.com/advisories/GHSA-926q-wxr6-3crq

reference_id

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-926q-wxr6-3crq

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2019-201.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2019-201.yaml

reference_url	https://github.com/python/bugs.python.org/issues/34
reference_id
reference_type
scores
url	https://github.com/python/bugs.python.org/issues/34

reference_url	https://github.com/roundup-tracker/roundup
reference_id
reference_type
scores
url	https://github.com/roundup-tracker/roundup

reference_url	https://lists.debian.org/debian-lts-announce/2019/04/msg00009.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2019/04/msg00009.html

reference_url	https://pypi.org/project/roundup/2.0.0alpha0
reference_id
reference_type
scores
url	https://pypi.org/project/roundup/2.0.0alpha0

reference_url	https://www.openwall.com/lists/oss-security/2019/04/05/1
reference_id
reference_type
scores
url	https://www.openwall.com/lists/oss-security/2019/04/05/1

reference_url	http://www.openwall.com/lists/oss-security/2019/04/07/1
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2019/04/07/1

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2019-10904
reference_id	CVE-2019-10904
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2019-10904

fixed_packages

url pkg:pypi/roundup@2.0.0a0

purl pkg:pypi/roundup@2.0.0a0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-csmv-58s1-5bde

vulnerability	VCID-ntht-6gus-87cv

vulnerability	VCID-uk8q-2vzm-hbhu

vulnerability	VCID-wjqt-h4bh-gbgr

vulnerability	VCID-zk4h-xznt-n3c3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/roundup@2.0.0a0

url pkg:pypi/roundup@2.0.0

purl pkg:pypi/roundup@2.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ntht-6gus-87cv

vulnerability	VCID-uk8q-2vzm-hbhu

vulnerability	VCID-wjqt-h4bh-gbgr

vulnerability	VCID-zk4h-xznt-n3c3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/roundup@2.0.0

aliases CVE-2019-10904, GHSA-926q-wxr6-3crq, PYSEC-2019-201

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-csmv-58s1-5bde

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/roundup@2.0.0a0

Package Instance