Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/xmlsec1@1.2.14-1.1?distro=trixie

Type deb

Namespace debian

Name xmlsec1

Version 1.2.14-1.1

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 1.2.24-1

Latest_non_vulnerable_version 1.3.10-2

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-be4a-5sff-u3ac

vulnerability_id VCID-be4a-5sff-u3ac

summary xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1425.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1425.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2011-1425

reference_id

reference_type

scores

value	0.0931
scoring_system	epss
scoring_elements	0.92904
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2011-1425

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=620560
reference_id	620560
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=620560

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=692133
reference_id	692133
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=692133

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17993.rb
reference_id	CVE-2011-1774;OSVDB-74017;CVE-2011-1425;OSVDB-72303
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17993.rb

reference_url	https://security.gentoo.org/glsa/201412-09
reference_id	GLSA-201412-09
reference_type
scores
url	https://security.gentoo.org/glsa/201412-09

reference_url	https://access.redhat.com/errata/RHSA-2011:0486
reference_id	RHSA-2011:0486
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2011:0486

fixed_packages

url	pkg:deb/debian/xmlsec1@1.2.14-1.1?distro=trixie
purl	pkg:deb/debian/xmlsec1@1.2.14-1.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/xmlsec1@1.2.14-1.1%3Fdistro=trixie

url	pkg:deb/debian/xmlsec1@1.2.31-1?distro=trixie
purl	pkg:deb/debian/xmlsec1@1.2.31-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/xmlsec1@1.2.31-1%3Fdistro=trixie

url	pkg:deb/debian/xmlsec1@1.2.37-2?distro=trixie
purl	pkg:deb/debian/xmlsec1@1.2.37-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/xmlsec1@1.2.37-2%3Fdistro=trixie

url	pkg:deb/debian/xmlsec1@1.2.41-1?distro=trixie
purl	pkg:deb/debian/xmlsec1@1.2.41-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/xmlsec1@1.2.41-1%3Fdistro=trixie

url	pkg:deb/debian/xmlsec1@1.3.10-2?distro=trixie
purl	pkg:deb/debian/xmlsec1@1.3.10-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/xmlsec1@1.3.10-2%3Fdistro=trixie

aliases CVE-2011-1425

risk_score 0.2

exploitability 2.0

weighted_severity 0.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-be4a-5sff-u3ac

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/xmlsec1@1.2.14-1.1%3Fdistro=trixie

Package Instance