Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.grails/grails-core@2.5.4

Type maven

Namespace org.grails

Name grails-core

Version 2.5.4

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 3.3.6

Latest_non_vulnerable_version 6.1.0

Affected_by_vulnerabilities

url VCID-fbhx-m96w-6ycw

vulnerability_id VCID-fbhx-m96w-6ycw

summary

MITM vulnerability
Grails uses cleartext HTTP to resolve the SDKMan notification service.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-12728

reference_id

reference_type

scores

value	0.00151
scoring_system	epss
scoring_elements	0.35412
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-12728

reference_url

https://github.com/grails/grails-core/issues/11250

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/grails/grails-core/issues/11250

reference_url

https://objectcomputing.com/news/2019/05/30/possible-grails-mitm-vulnerability

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://objectcomputing.com/news/2019/05/30/possible-grails-mitm-vulnerability

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-12728

reference_id

CVE-2019-12728

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-12728

fixed_packages

url	pkg:maven/org.grails/grails-core@3.3.10
purl	pkg:maven/org.grails/grails-core@3.3.10
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.grails/grails-core@3.3.10

aliases CVE-2019-12728, GHSA-pmxf-4v8c-rwr7

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fbhx-m96w-6ycw

url VCID-km5j-a2bt-hfhq

vulnerability_id VCID-km5j-a2bt-hfhq

summary

Stored Cross Site Scripting in Grails Fields Plugin
Grails Fields plugin version 2.2.7 contains a Cross Site Scripting (XSS) vulnerability in using the display tag that can result in XSS. This vulnerability has been fixed in version 2.2.8.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-1000529

reference_id

reference_type

scores

value	0.00345
scoring_system	epss
scoring_elements	0.5728
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-1000529

reference_url

https://github.com/grails-fields-plugin/grails-fields

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/grails-fields-plugin/grails-fields

reference_url

https://github.com/grails-fields-plugin/grails-fields/issues/278

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/grails-fields-plugin/grails-fields/issues/278

reference_url

https://github.com/martinfrancois/CVE-2018-1000529

reference_id

CVE-2018-1000529

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/martinfrancois/CVE-2018-1000529

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-1000529

reference_id

CVE-2018-1000529

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-1000529

reference_url

https://github.com/advisories/GHSA-q25j-gcmv-5qpp

reference_id

GHSA-q25j-gcmv-5qpp

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-q25j-gcmv-5qpp

fixed_packages

url	pkg:maven/org.grails/grails-core@3.3.6
purl	pkg:maven/org.grails/grails-core@3.3.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.grails/grails-core@3.3.6

url	pkg:maven/org.grails/grails-core@3.3.10
purl	pkg:maven/org.grails/grails-core@3.3.10
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.grails/grails-core@3.3.10

aliases CVE-2018-1000529, GHSA-q25j-gcmv-5qpp

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-km5j-a2bt-hfhq

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.grails/grails-core@2.5.4

Package Instance