Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/17809?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/17809?format=api", "purl": "pkg:composer/contao/contao@4.9.6", "type": "composer", "namespace": "contao", "name": "contao", "version": "4.9.6", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "4.13.56", "latest_non_vulnerable_version": "5.6.1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/341907?format=api", "vulnerability_id": "VCID-3ryj-767z-87bq", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-37626", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00492", "scoring_system": "epss", "scoring_elements": "0.66109", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00492", "scoring_system": "epss", "scoring_elements": "0.66202", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00492", "scoring_system": "epss", "scoring_elements": "0.66217", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00492", "scoring_system": "epss", "scoring_elements": "0.66213", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-37626" }, { "reference_url": "https://contao.org/en/security-advisories/php-file-inclusion-via-insert-tags.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://contao.org/en/security-advisories/php-file-inclusion-via-insert-tags.html" }, { "reference_url": "https://github.com/contao/contao", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/contao/contao" }, { "reference_url": "https://github.com/contao/contao/security/advisories/GHSA-r6mv-ppjc-4hgr", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/contao/contao/security/advisories/GHSA-r6mv-ppjc-4hgr" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2021-37626.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2021-37626.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2021-37626.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2021-37626.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37626", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37626" }, { "reference_url": "https://github.com/advisories/GHSA-r6mv-ppjc-4hgr", "reference_id": "GHSA-r6mv-ppjc-4hgr", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r6mv-ppjc-4hgr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/382823?format=api", "purl": "pkg:composer/contao/contao@4.9.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9fgc-p6aq-vygh" }, { "vulnerability": "VCID-arpe-7th1-kuep" }, { "vulnerability": "VCID-bzd7-n1ak-mug7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/contao/contao@4.9.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/382824?format=api", "purl": "pkg:composer/contao/contao@4.11.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9fgc-p6aq-vygh" }, { "vulnerability": "VCID-arpe-7th1-kuep" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/contao/contao@4.11.7" } ], "aliases": [ "CVE-2021-37626", "GHSA-r6mv-ppjc-4hgr" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3ryj-767z-87bq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/341214?format=api", "vulnerability_id": "VCID-apv4-1x4w-kkcg", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-35955", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00364", "scoring_system": "epss", "scoring_elements": "0.58836", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00364", "scoring_system": "epss", "scoring_elements": "0.58948", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00364", "scoring_system": "epss", "scoring_elements": "0.58959", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00364", "scoring_system": "epss", "scoring_elements": "0.58949", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-35955" }, { "reference_url": "https://contao.org/en/news/contao-4-9-16-and-4-11-5-are-available.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://contao.org/en/news/contao-4-9-16-and-4-11-5-are-available.html" }, { "reference_url": "https://contao.org/en/security-advisories/cross-site-scripting-via-html-attributes-in-the-back-end.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://contao.org/en/security-advisories/cross-site-scripting-via-html-attributes-in-the-back-end.html" }, { "reference_url": "https://github.com/contao/contao", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/contao/contao" }, { "reference_url": "https://github.com/contao/contao/security/advisories/GHSA-hr3h-x6gq-rqcp", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/contao/contao/security/advisories/GHSA-hr3h-x6gq-rqcp" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2021-35955.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2021-35955.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2021-35955.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2021-35955.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35955", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35955" }, { "reference_url": "https://github.com/advisories/GHSA-hr3h-x6gq-rqcp", "reference_id": "GHSA-hr3h-x6gq-rqcp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hr3h-x6gq-rqcp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/382823?format=api", "purl": "pkg:composer/contao/contao@4.9.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9fgc-p6aq-vygh" }, { "vulnerability": "VCID-arpe-7th1-kuep" }, { "vulnerability": "VCID-bzd7-n1ak-mug7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/contao/contao@4.9.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/382824?format=api", "purl": "pkg:composer/contao/contao@4.11.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9fgc-p6aq-vygh" }, { "vulnerability": "VCID-arpe-7th1-kuep" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/contao/contao@4.11.7" } ], "aliases": [ "CVE-2021-35955", "GHSA-hr3h-x6gq-rqcp" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-apv4-1x4w-kkcg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40358?format=api", "vulnerability_id": "VCID-arpe-7th1-kuep", "summary": "Contao before 5.5.6 allows XSS via an SVG document. This affects (in contao/core-bundle in Composer) 4.x before 4.13.54, 5.0.x through 5.3.x before 5.3.30, and 5.4.x and 5.5..x before 5.5.6.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45965", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.57432", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.5744", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.57425", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.57307", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45965" }, { "reference_url": "https://github.com/contao/contao", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "1.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/contao/contao" }, { "reference_url": "https://grimthereaperteam.medium.com/contao-5-4-1-malicious-file-upload-xss-in-svg-30edb8820ecb", "reference_id": "contao-5-4-1-malicious-file-upload-xss-in-svg-30edb8820ecb", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "1.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T20:29:10Z/" } ], "url": "https://grimthereaperteam.medium.com/contao-5-4-1-malicious-file-upload-xss-in-svg-30edb8820ecb" }, { "reference_url": "https://contao.org/en/security-advisories/cross-site-scripting-through-svg-uploads", "reference_id": "cross-site-scripting-through-svg-uploads", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "1.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T20:29:10Z/" } ], "url": "https://contao.org/en/security-advisories/cross-site-scripting-through-svg-uploads" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45965", "reference_id": "CVE-2024-45965", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "1.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45965" }, { "reference_url": "https://github.com/advisories/GHSA-mrw8-5368-phm3", "reference_id": "GHSA-mrw8-5368-phm3", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mrw8-5368-phm3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/749651?format=api", "purl": "pkg:composer/contao/contao@5.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4s26-ndpg-jkcy" }, { "vulnerability": "VCID-9fgc-p6aq-vygh" }, { "vulnerability": "VCID-bmg9-saw6-efhd" }, { "vulnerability": "VCID-w65y-66s4-qbgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/contao/contao@5.4.2" } ], "aliases": [ "CVE-2024-45965", "GHSA-mrw8-5368-phm3" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-arpe-7th1-kuep" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/341908?format=api", "vulnerability_id": "VCID-baa6-3fxe-4udp", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-37627", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00485", "scoring_system": "epss", "scoring_elements": "0.65807", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00485", "scoring_system": "epss", "scoring_elements": "0.65903", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00485", "scoring_system": "epss", "scoring_elements": "0.65916", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00485", "scoring_system": "epss", "scoring_elements": "0.65912", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-37627" }, { "reference_url": "https://contao.org/en/security-advisories/privilege-escalation-with-the-form-generator.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://contao.org/en/security-advisories/privilege-escalation-with-the-form-generator.html" }, { "reference_url": "https://github.com/contao/contao", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/contao/contao" }, { "reference_url": "https://github.com/contao/contao/security/advisories/GHSA-hq5m-mqmx-fw6m", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/contao/contao/security/advisories/GHSA-hq5m-mqmx-fw6m" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2021-37627.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2021-37627.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2021-37627.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2021-37627.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37627", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37627" }, { "reference_url": "https://github.com/advisories/GHSA-hq5m-mqmx-fw6m", "reference_id": "GHSA-hq5m-mqmx-fw6m", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hq5m-mqmx-fw6m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/382823?format=api", "purl": "pkg:composer/contao/contao@4.9.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9fgc-p6aq-vygh" }, { "vulnerability": "VCID-arpe-7th1-kuep" }, { "vulnerability": "VCID-bzd7-n1ak-mug7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/contao/contao@4.9.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/382824?format=api", "purl": "pkg:composer/contao/contao@4.11.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9fgc-p6aq-vygh" }, { "vulnerability": "VCID-arpe-7th1-kuep" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/contao/contao@4.11.7" } ], "aliases": [ "CVE-2021-37627", "GHSA-hq5m-mqmx-fw6m" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-baa6-3fxe-4udp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/140509?format=api", "vulnerability_id": "VCID-bzd7-n1ak-mug7", "summary": "Contao is an open source content management system. Prior to versions 4.9.40, 4.13.21, and 5.1.4, logged in users can list arbitrary system files in the file manager by manipulating the Ajax request. However, it is not possible to read the contents of these files. Users should update to Contao 4.9.40, 4.13.21 or 5.1.4 to receive a patch. There are no known workarounds.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29200", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00578", "scoring_system": "epss", "scoring_elements": "0.69331", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00578", "scoring_system": "epss", "scoring_elements": "0.69433", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00578", "scoring_system": "epss", "scoring_elements": "0.69435", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00578", "scoring_system": "epss", "scoring_elements": "0.69422", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29200" }, { "reference_url": "https://contao.org/en/security-advisories/directory-traversal-in-the-file-manager.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://contao.org/en/security-advisories/directory-traversal-in-the-file-manager.html" }, { "reference_url": "https://github.com/contao/contao", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/contao/contao" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2023-29200.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2023-29200.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29200", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29200" }, { "reference_url": "https://github.com/contao/contao/commit/6f3e705f4ff23f4419563d09d8485793569f31df", "reference_id": "6f3e705f4ff23f4419563d09d8485793569f31df", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-03T19:37:07Z/" } ], "url": "https://github.com/contao/contao/commit/6f3e705f4ff23f4419563d09d8485793569f31df" }, { "reference_url": "https://contao.org/en/security-advisories/directory-traversal-in-the-file-manager", "reference_id": "directory-traversal-in-the-file-manager", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-03T19:37:07Z/" } ], "url": "https://contao.org/en/security-advisories/directory-traversal-in-the-file-manager" }, { "reference_url": "https://github.com/advisories/GHSA-fp7q-xhhw-6rj3", "reference_id": "GHSA-fp7q-xhhw-6rj3", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fp7q-xhhw-6rj3" }, { "reference_url": "https://github.com/contao/contao/security/advisories/GHSA-fp7q-xhhw-6rj3", "reference_id": "GHSA-fp7q-xhhw-6rj3", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-03T19:37:07Z/" } ], "url": "https://github.com/contao/contao/security/advisories/GHSA-fp7q-xhhw-6rj3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379536?format=api", "purl": "pkg:composer/contao/contao@4.9.40", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9fgc-p6aq-vygh" }, { "vulnerability": "VCID-arpe-7th1-kuep" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/contao/contao@4.9.40" }, { "url": "http://public2.vulnerablecode.io/api/packages/379537?format=api", "purl": "pkg:composer/contao/contao@4.13.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9fgc-p6aq-vygh" }, { "vulnerability": "VCID-arpe-7th1-kuep" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/contao/contao@4.13.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/379538?format=api", "purl": "pkg:composer/contao/contao@5.1.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9fgc-p6aq-vygh" }, { "vulnerability": "VCID-arpe-7th1-kuep" }, { "vulnerability": "VCID-bmg9-saw6-efhd" }, { "vulnerability": "VCID-w65y-66s4-qbgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/contao/contao@5.1.4" } ], "aliases": [ "CVE-2023-29200", "GHSA-fp7q-xhhw-6rj3" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bzd7-n1ak-mug7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/341084?format=api", "vulnerability_id": "VCID-tsys-ek4k-z7aw", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-35210", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.5933", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.5944", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.59452", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.59443", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-35210" }, { "reference_url": "https://contao.org/en/security-advisories/cross-site-scripting-in-the-system-log-2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://contao.org/en/security-advisories/cross-site-scripting-in-the-system-log-2021.html" }, { "reference_url": "https://github.com/contao/contao", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/contao/contao" }, { "reference_url": "https://github.com/contao/contao/security/advisories/GHSA-h58v-c6rf-g9f7", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/contao/contao/security/advisories/GHSA-h58v-c6rf-g9f7" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2021-35210.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2021-35210.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2021-35210.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2021-35210.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35210", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35210" }, { "reference_url": "https://github.com/advisories/GHSA-h58v-c6rf-g9f7", "reference_id": "GHSA-h58v-c6rf-g9f7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h58v-c6rf-g9f7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/383210?format=api", "purl": "pkg:composer/contao/contao@4.9.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3ryj-767z-87bq" }, { "vulnerability": "VCID-9fgc-p6aq-vygh" }, { "vulnerability": "VCID-apv4-1x4w-kkcg" }, { "vulnerability": "VCID-arpe-7th1-kuep" }, { "vulnerability": "VCID-baa6-3fxe-4udp" }, { "vulnerability": "VCID-bzd7-n1ak-mug7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/contao/contao@4.9.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/383211?format=api", "purl": "pkg:composer/contao/contao@4.11.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3ryj-767z-87bq" }, { "vulnerability": "VCID-9fgc-p6aq-vygh" }, { "vulnerability": "VCID-apv4-1x4w-kkcg" }, { "vulnerability": "VCID-arpe-7th1-kuep" }, { "vulnerability": "VCID-baa6-3fxe-4udp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/contao/contao@4.11.5" } ], "aliases": [ "CVE-2021-35210", "GHSA-h58v-c6rf-g9f7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tsys-ek4k-z7aw" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/206271?format=api", "vulnerability_id": "VCID-48eq-peme-jyh7", "summary": "Contao Insert tag injection in forms", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25768", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54732", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54591", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54716", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25768" }, { "reference_url": "https://community.contao.org/en/forumdisplay.php?4-Announcements", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://community.contao.org/en/forumdisplay.php?4-Announcements" }, { "reference_url": "https://contao.org/en/security-advisories/insert-tag-injection-in-forms.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://contao.org/en/security-advisories/insert-tag-injection-in-forms.html" }, { "reference_url": "https://github.com/contao/contao", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/contao/contao" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25768", "reference_id": "CVE-2020-25768", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25768" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2020-25768.yaml", "reference_id": "CVE-2020-25768.YAML", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2020-25768.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2020-25768.yaml", "reference_id": "CVE-2020-25768.YAML", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2020-25768.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-f7wm-x4gw-6m23", "reference_id": "GHSA-f7wm-x4gw-6m23", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f7wm-x4gw-6m23" }, { "reference_url": "https://github.com/contao/contao/security/advisories/GHSA-f7wm-x4gw-6m23", "reference_id": "GHSA-f7wm-x4gw-6m23", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/contao/contao/security/advisories/GHSA-f7wm-x4gw-6m23" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/17812?format=api", "purl": "pkg:composer/contao/contao@4.4.52", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3ryj-767z-87bq" }, { "vulnerability": "VCID-apv4-1x4w-kkcg" }, { "vulnerability": "VCID-arpe-7th1-kuep" }, { "vulnerability": "VCID-baa6-3fxe-4udp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/contao/contao@4.4.52" }, { "url": "http://public2.vulnerablecode.io/api/packages/17809?format=api", "purl": "pkg:composer/contao/contao@4.9.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3ryj-767z-87bq" }, { "vulnerability": "VCID-apv4-1x4w-kkcg" }, { "vulnerability": "VCID-arpe-7th1-kuep" }, { "vulnerability": "VCID-baa6-3fxe-4udp" }, { "vulnerability": "VCID-bzd7-n1ak-mug7" }, { "vulnerability": "VCID-tsys-ek4k-z7aw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/contao/contao@4.9.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/469623?format=api", "purl": "pkg:composer/contao/contao@4.10.0-RC1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9fgc-p6aq-vygh" }, { "vulnerability": "VCID-arpe-7th1-kuep" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/contao/contao@4.10.0-RC1" }, { "url": "http://public2.vulnerablecode.io/api/packages/17808?format=api", "purl": "pkg:composer/contao/contao@4.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3ryj-767z-87bq" }, { "vulnerability": "VCID-9fgc-p6aq-vygh" }, { "vulnerability": "VCID-apv4-1x4w-kkcg" }, { "vulnerability": "VCID-arpe-7th1-kuep" }, { "vulnerability": "VCID-baa6-3fxe-4udp" }, { "vulnerability": "VCID-tsys-ek4k-z7aw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/contao/contao@4.10.1" } ], "aliases": [ "CVE-2020-25768", "GHSA-f7wm-x4gw-6m23" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-48eq-peme-jyh7" } ], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/contao/contao@4.9.6" }