Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/nova@18.2.1
Typepypi
Namespace
Namenova
Version18.2.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version19.3.1
Latest_non_vulnerable_version2015.1.2
Affected_by_vulnerabilities
0
url VCID-2ba7-wb9n-q3d8
vulnerability_id VCID-2ba7-wb9n-q3d8
summary An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response, and could include sensitive configuration or other data.
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:2622
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:2622
1
reference_url https://access.redhat.com/errata/RHSA-2019:2631
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:2631
2
reference_url https://access.redhat.com/errata/RHSA-2019:2652
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:2652
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14433
reference_id
reference_type
scores
0
value 0.01301
scoring_system epss
scoring_elements 0.80053
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14433
4
reference_url https://launchpad.net/bugs/1837877
reference_id
reference_type
scores
url https://launchpad.net/bugs/1837877
5
reference_url https://security.openstack.org/ossa/OSSA-2019-003.html
reference_id
reference_type
scores
url https://security.openstack.org/ossa/OSSA-2019-003.html
6
reference_url https://usn.ubuntu.com/4104-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4104-1/
7
reference_url http://www.openwall.com/lists/oss-security/2019/08/06/6
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2019/08/06/6
fixed_packages
0
url pkg:pypi/nova@18.2.2
purl pkg:pypi/nova@18.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ywya-kfum-mke1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nova@18.2.2
1
url pkg:pypi/nova@19.0.2
purl pkg:pypi/nova@19.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ywya-kfum-mke1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nova@19.0.2
aliases CVE-2019-14433, PYSEC-2019-191
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2ba7-wb9n-q3d8
1
url VCID-ywya-kfum-mke1
vulnerability_id VCID-ywya-kfum-mke1
summary An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. By performing a soft reboot of an instance that has previously undergone live migration, a user may gain access to destination host devices that share the same paths as host devices previously referenced by the virtual machine on the source host. This can include block devices that map to different Cinder volumes at the destination than at the source. Only deployments allowing host-based connections (for instance, root and ephemeral devices) are affected.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-17376
reference_id
reference_type
scores
0
value 0.00385
scoring_system epss
scoring_elements 0.60027
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-17376
1
reference_url https://launchpad.net/bugs/1890501
reference_id
reference_type
scores
url https://launchpad.net/bugs/1890501
2
reference_url https://security.openstack.org/ossa/OSSA-2020-006.html
reference_id
reference_type
scores
url https://security.openstack.org/ossa/OSSA-2020-006.html
3
reference_url http://www.openwall.com/lists/oss-security/2020/08/25/4
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2020/08/25/4
fixed_packages
0
url pkg:pypi/nova@19.3.1
purl pkg:pypi/nova@19.3.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nova@19.3.1
1
url pkg:pypi/nova@20.3.1
purl pkg:pypi/nova@20.3.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nova@20.3.1
2
url pkg:pypi/nova@21.1.0
purl pkg:pypi/nova@21.1.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nova@21.1.0
aliases CVE-2020-17376, PYSEC-2020-243
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ywya-kfum-mke1
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/nova@18.2.1