Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/apr-util@1.2.7-7.el5_3?arch=1
Typerpm
Namespaceredhat
Nameapr-util
Version1.2.7-7.el5_3
Qualifiers
arch 1
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-3kyb-4yvt-f7e1
vulnerability_id VCID-3kyb-4yvt-f7e1
summary A denial of service flaw was found in the bundled copy of the APR-util library Extensible Markup Language (XML) parser. A remote attacker could create a specially-crafted XML document that would cause excessive memory consumption when processed by the XML decoding engine.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1955.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1955.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2009-1955
reference_id
reference_type
scores
0
value 0.02329
scoring_system epss
scoring_elements 0.84846
published_at 2026-04-16T12:55:00Z
1
value 0.02329
scoring_system epss
scoring_elements 0.8475
published_at 2026-04-01T12:55:00Z
2
value 0.02329
scoring_system epss
scoring_elements 0.84765
published_at 2026-04-02T12:55:00Z
3
value 0.02329
scoring_system epss
scoring_elements 0.84784
published_at 2026-04-04T12:55:00Z
4
value 0.02329
scoring_system epss
scoring_elements 0.84785
published_at 2026-04-07T12:55:00Z
5
value 0.02329
scoring_system epss
scoring_elements 0.84808
published_at 2026-04-08T12:55:00Z
6
value 0.02329
scoring_system epss
scoring_elements 0.84814
published_at 2026-04-09T12:55:00Z
7
value 0.02329
scoring_system epss
scoring_elements 0.84833
published_at 2026-04-11T12:55:00Z
8
value 0.02329
scoring_system epss
scoring_elements 0.84829
published_at 2026-04-12T12:55:00Z
9
value 0.02329
scoring_system epss
scoring_elements 0.84824
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2009-1955
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1955
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1955
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=504555
reference_id 504555
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=504555
4
reference_url https://httpd.apache.org/security/json/CVE-2009-1955.json
reference_id CVE-2009-1955
reference_type
scores
0
value moderate
scoring_system apache_httpd
scoring_elements
url https://httpd.apache.org/security/json/CVE-2009-1955.json
5
reference_url https://security.gentoo.org/glsa/200907-03
reference_id GLSA-200907-03
reference_type
scores
url https://security.gentoo.org/glsa/200907-03
6
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/8842.pl
reference_id OSVDB-55057;CVE-2009-1955
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/8842.pl
7
reference_url https://access.redhat.com/errata/RHSA-2009:1107
reference_id RHSA-2009:1107
reference_type
scores
url https://access.redhat.com/errata/RHSA-2009:1107
8
reference_url https://access.redhat.com/errata/RHSA-2009:1108
reference_id RHSA-2009:1108
reference_type
scores
url https://access.redhat.com/errata/RHSA-2009:1108
9
reference_url https://access.redhat.com/errata/RHSA-2009:1160
reference_id RHSA-2009:1160
reference_type
scores
url https://access.redhat.com/errata/RHSA-2009:1160
10
reference_url https://usn.ubuntu.com/786-1/
reference_id USN-786-1
reference_type
scores
url https://usn.ubuntu.com/786-1/
11
reference_url https://usn.ubuntu.com/787-1/
reference_id USN-787-1
reference_type
scores
url https://usn.ubuntu.com/787-1/
fixed_packages
aliases CVE-2009-1955
risk_score 9.6
exploitability 2.0
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3kyb-4yvt-f7e1
1
url VCID-7ftk-sajb-akh4
vulnerability_id VCID-7ftk-sajb-akh4
summary A heap-based underwrite flaw was found in the way the bundled copy of the APR-util library created compiled forms of particular search patterns. An attacker could formulate a specially-crafted search keyword, that would overwrite arbitrary heap memory locations when processed by the pattern preparation engine.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0023.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0023.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2009-0023
reference_id
reference_type
scores
0
value 0.14793
scoring_system epss
scoring_elements 0.94517
published_at 2026-04-16T12:55:00Z
1
value 0.14793
scoring_system epss
scoring_elements 0.94469
published_at 2026-04-01T12:55:00Z
2
value 0.14793
scoring_system epss
scoring_elements 0.94476
published_at 2026-04-02T12:55:00Z
3
value 0.14793
scoring_system epss
scoring_elements 0.94483
published_at 2026-04-04T12:55:00Z
4
value 0.14793
scoring_system epss
scoring_elements 0.94485
published_at 2026-04-07T12:55:00Z
5
value 0.14793
scoring_system epss
scoring_elements 0.94495
published_at 2026-04-08T12:55:00Z
6
value 0.14793
scoring_system epss
scoring_elements 0.94499
published_at 2026-04-09T12:55:00Z
7
value 0.14793
scoring_system epss
scoring_elements 0.94502
published_at 2026-04-11T12:55:00Z
8
value 0.14793
scoring_system epss
scoring_elements 0.94504
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2009-0023
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0023
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0023
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=503928
reference_id 503928
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=503928
4
reference_url https://httpd.apache.org/security/json/CVE-2009-0023.json
reference_id CVE-2009-0023
reference_type
scores
0
value moderate
scoring_system apache_httpd
scoring_elements
url https://httpd.apache.org/security/json/CVE-2009-0023.json
5
reference_url https://security.gentoo.org/glsa/200907-03
reference_id GLSA-200907-03
reference_type
scores
url https://security.gentoo.org/glsa/200907-03
6
reference_url https://access.redhat.com/errata/RHSA-2009:1107
reference_id RHSA-2009:1107
reference_type
scores
url https://access.redhat.com/errata/RHSA-2009:1107
7
reference_url https://access.redhat.com/errata/RHSA-2009:1108
reference_id RHSA-2009:1108
reference_type
scores
url https://access.redhat.com/errata/RHSA-2009:1108
8
reference_url https://access.redhat.com/errata/RHSA-2009:1160
reference_id RHSA-2009:1160
reference_type
scores
url https://access.redhat.com/errata/RHSA-2009:1160
9
reference_url https://usn.ubuntu.com/786-1/
reference_id USN-786-1
reference_type
scores
url https://usn.ubuntu.com/786-1/
10
reference_url https://usn.ubuntu.com/787-1/
reference_id USN-787-1
reference_type
scores
url https://usn.ubuntu.com/787-1/
fixed_packages
aliases CVE-2009-0023
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7ftk-sajb-akh4
2
url VCID-pj4f-awuq-73g6
vulnerability_id VCID-pj4f-awuq-73g6
summary An off-by-one overflow flaw was found in the way the bundled copy of the APR-util library processed a variable list of arguments. An attacker could provide a specially-crafted string as input for the formatted output conversion routine, which could, on big-endian platforms, potentially lead to the disclosure of sensitive information or a denial of service.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1956.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1956.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2009-1956
reference_id
reference_type
scores
0
value 0.05415
scoring_system epss
scoring_elements 0.90162
published_at 2026-04-16T12:55:00Z
1
value 0.05415
scoring_system epss
scoring_elements 0.90102
published_at 2026-04-01T12:55:00Z
2
value 0.05415
scoring_system epss
scoring_elements 0.90105
published_at 2026-04-02T12:55:00Z
3
value 0.05415
scoring_system epss
scoring_elements 0.90117
published_at 2026-04-04T12:55:00Z
4
value 0.05415
scoring_system epss
scoring_elements 0.90121
published_at 2026-04-07T12:55:00Z
5
value 0.05415
scoring_system epss
scoring_elements 0.90137
published_at 2026-04-08T12:55:00Z
6
value 0.05415
scoring_system epss
scoring_elements 0.90143
published_at 2026-04-09T12:55:00Z
7
value 0.05415
scoring_system epss
scoring_elements 0.90151
published_at 2026-04-11T12:55:00Z
8
value 0.05415
scoring_system epss
scoring_elements 0.9015
published_at 2026-04-12T12:55:00Z
9
value 0.05415
scoring_system epss
scoring_elements 0.90145
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2009-1956
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1956
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1956
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=504390
reference_id 504390
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=504390
4
reference_url https://httpd.apache.org/security/json/CVE-2009-1956.json
reference_id CVE-2009-1956
reference_type
scores
0
value moderate
scoring_system apache_httpd
scoring_elements
url https://httpd.apache.org/security/json/CVE-2009-1956.json
5
reference_url https://security.gentoo.org/glsa/200907-03
reference_id GLSA-200907-03
reference_type
scores
url https://security.gentoo.org/glsa/200907-03
6
reference_url https://access.redhat.com/errata/RHSA-2009:1107
reference_id RHSA-2009:1107
reference_type
scores
url https://access.redhat.com/errata/RHSA-2009:1107
7
reference_url https://access.redhat.com/errata/RHSA-2009:1108
reference_id RHSA-2009:1108
reference_type
scores
url https://access.redhat.com/errata/RHSA-2009:1108
8
reference_url https://usn.ubuntu.com/786-1/
reference_id USN-786-1
reference_type
scores
url https://usn.ubuntu.com/786-1/
9
reference_url https://usn.ubuntu.com/787-1/
reference_id USN-787-1
reference_type
scores
url https://usn.ubuntu.com/787-1/
fixed_packages
aliases CVE-2009-1956
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pj4f-awuq-73g6
Fixing_vulnerabilities
Risk_score9.6
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/apr-util@1.2.7-7.el5_3%3Farch=1