Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/nystudio107/craft-seomatic@3.0.0-beta.23
Typecomposer
Namespacenystudio107
Namecraft-seomatic
Version3.0.0-beta.23
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.4.13
Latest_non_vulnerable_version3.4.13
Affected_by_vulnerabilities
0
url VCID-fckq-tjnx-ubhm
vulnerability_id VCID-fckq-tjnx-ubhm
summary 
Injection Vulnerability
In the SEOmatic plugin for Craft CMS, `helpers/DynamicMeta.php` does not properly sanitize the URL. This leads to Server-Side Template Injection and credentials disclosure via a crafted Twig template after a semicolon.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-12790
reference_id
reference_type
scores
0
value 0.00458
scoring_system epss
scoring_elements 0.64375
published_at 2026-06-05T12:55:00Z
1
value 0.00458
scoring_system epss
scoring_elements 0.6433
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-12790
1
reference_url https://github.com/nystudio107/craft-seomatic
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/nystudio107/craft-seomatic
2
reference_url https://github.com/nystudio107/craft-seomatic/blob/v3/CHANGELOG.md#3249---20200324
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/nystudio107/craft-seomatic/blob/v3/CHANGELOG.md#3249---20200324
3
reference_url https://github.com/nystudio107/craft-seomatic/commit/82f4a25b28fd622393da6592dc9e5ccee7fc5be3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/nystudio107/craft-seomatic/commit/82f4a25b28fd622393da6592dc9e5ccee7fc5be3
4
reference_url https://github.com/nystudio107/craft-seomatic/commit/82f4a25b28fd622393da6592dc9e5ccee7fc5be3#diff-52fd042c50432133a00a8f840f4a6165
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/nystudio107/craft-seomatic/commit/82f4a25b28fd622393da6592dc9e5ccee7fc5be3#diff-52fd042c50432133a00a8f840f4a6165
5
reference_url https://github.com/nystudio107/craft-seomatic/releases/tag/3.2.49
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/nystudio107/craft-seomatic/releases/tag/3.2.49
6
reference_url https://isec.pl/en/vulnerabilities/isec-0028-seomatic-ssti-23032020.txt
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://isec.pl/en/vulnerabilities/isec-0028-seomatic-ssti-23032020.txt
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-12790
reference_id CVE-2020-12790
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-12790
fixed_packages
0
url pkg:composer/nystudio107/craft-seomatic@3.2.49
purl pkg:composer/nystudio107/craft-seomatic@3.2.49
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qjyr-4hen-gbhm
1
vulnerability VCID-xv52-rc7v-yba8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/nystudio107/craft-seomatic@3.2.49
aliases CVE-2020-12790, GHSA-23q7-59jj-2pj4
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fckq-tjnx-ubhm
1
url VCID-qjyr-4hen-gbhm
vulnerability_id VCID-qjyr-4hen-gbhm
summary 
Code Injection in SEOmatic
In the SEOmatic plugin up to 3.4.11 for Craft CMS 3, it is possible for unauthenticated attackers to perform a Server-Side Template Injection, allowing for remote code execution.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-41749
reference_id
reference_type
scores
0
value 0.85815
scoring_system epss
scoring_elements 0.99398
published_at 2026-06-04T12:55:00Z
1
value 0.85815
scoring_system epss
scoring_elements 0.99399
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-41749
1
reference_url https://github.com/nystudio107/craft-seomatic
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/nystudio107/craft-seomatic
2
reference_url https://github.com/nystudio107/craft-seomatic/blob/develop/CHANGELOG.md
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/nystudio107/craft-seomatic/blob/develop/CHANGELOG.md
3
reference_url https://github.com/nystudio107/craft-seomatic/commit/3fee7d50147cdf3f999cfc1e04cbc3fb3d9f2f7d
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/nystudio107/craft-seomatic/commit/3fee7d50147cdf3f999cfc1e04cbc3fb3d9f2f7d
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41749
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-41749
5
reference_url https://github.com/advisories/GHSA-g7xr-v82w-qggq
reference_id GHSA-g7xr-v82w-qggq
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g7xr-v82w-qggq
fixed_packages
0
url pkg:composer/nystudio107/craft-seomatic@3.4.11
purl pkg:composer/nystudio107/craft-seomatic@3.4.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qjyr-4hen-gbhm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/nystudio107/craft-seomatic@3.4.11
1
url pkg:composer/nystudio107/craft-seomatic@3.4.12
purl pkg:composer/nystudio107/craft-seomatic@3.4.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pnen-ufkp-pqct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/nystudio107/craft-seomatic@3.4.12
aliases CVE-2021-41749, GHSA-g7xr-v82w-qggq
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qjyr-4hen-gbhm
2
url VCID-xf4e-31e2-5yd4
vulnerability_id VCID-xf4e-31e2-5yd4
summary 
Injection Vulnerability
A Server Side Template Injection (SSTI) was discovered in the SEOmatic plug for Craft CMS, because requests that don't match any elements incorrectly generate the canonicalUrl, and can lead to execution of Twig code.
references
0
reference_url http://ha.cker.info/exploitation-of-server-side-template-injection-with-craft-cms-plguin-seomatic
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://ha.cker.info/exploitation-of-server-side-template-injection-with-craft-cms-plguin-seomatic
1
reference_url http://ha.cker.info/exploitation-of-server-side-template-injection-with-craft-cms-plguin-seomatic/
reference_id
reference_type
scores
url http://ha.cker.info/exploitation-of-server-side-template-injection-with-craft-cms-plguin-seomatic/
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-14716
reference_id
reference_type
scores
0
value 0.60612
scoring_system epss
scoring_elements 0.98318
published_at 2026-06-05T12:55:00Z
1
value 0.60612
scoring_system epss
scoring_elements 0.98315
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-14716
3
reference_url https://github.com/nystudio107/craft-seomatic
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/nystudio107/craft-seomatic
4
reference_url https://github.com/nystudio107/craft-seomatic/commit/1e7d1d084ac3a89e7ec70620f2749110508d1ce1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/nystudio107/craft-seomatic/commit/1e7d1d084ac3a89e7ec70620f2749110508d1ce1
5
reference_url https://github.com/nystudio107/craft-seomatic/releases/tag/3.1.4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/nystudio107/craft-seomatic/releases/tag/3.1.4
6
reference_url https://twitter.com/nystudio107/status/1021847835418009605
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://twitter.com/nystudio107/status/1021847835418009605
7
reference_url https://twitter.com/nystudio107/status/1021855169515057152
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://twitter.com/nystudio107/status/1021855169515057152
8
reference_url https://www.exploit-db.com/exploits/45108
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/45108
9
reference_url https://www.exploit-db.com/exploits/45108/
reference_id
reference_type
scores
url https://www.exploit-db.com/exploits/45108/
10
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/webapps/45108.txt
reference_id CVE-2018-14716
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/webapps/45108.txt
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-14716
reference_id CVE-2018-14716
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-14716
12
reference_url https://github.com/advisories/GHSA-6j9m-rp7m-3gfg
reference_id GHSA-6j9m-rp7m-3gfg
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6j9m-rp7m-3gfg
fixed_packages
0
url pkg:composer/nystudio107/craft-seomatic@3.1.4
purl pkg:composer/nystudio107/craft-seomatic@3.1.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fckq-tjnx-ubhm
1
vulnerability VCID-qjyr-4hen-gbhm
2
vulnerability VCID-xv52-rc7v-yba8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/nystudio107/craft-seomatic@3.1.4
aliases CVE-2018-14716, GHSA-6j9m-rp7m-3gfg
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xf4e-31e2-5yd4
3
url VCID-xv52-rc7v-yba8
vulnerability_id VCID-xv52-rc7v-yba8
summary 
Injection Vulnerability
The `SEOmatic` component for Craft CMS allows Server-Side Template Injection that leads to RCE via malformed data to the `metacontainers` controller.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-9757
reference_id
reference_type
scores
0
value 0.94276
scoring_system epss
scoring_elements 0.99941
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-9757
1
reference_url https://github.com/giany/CVE/blob/master/CVE-2020-9757.txt
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/giany/CVE/blob/master/CVE-2020-9757.txt
2
reference_url https://github.com/nystudio107/craft-seomatic
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/nystudio107/craft-seomatic
3
reference_url https://github.com/nystudio107/craft-seomatic/blob/v3/CHANGELOG.md
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/nystudio107/craft-seomatic/blob/v3/CHANGELOG.md
4
reference_url https://github.com/nystudio107/craft-seomatic/commit/65ab659cb6c914c7ad671af1e417c0da2431f79b
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/nystudio107/craft-seomatic/commit/65ab659cb6c914c7ad671af1e417c0da2431f79b
5
reference_url https://github.com/nystudio107/craft-seomatic/commit/a1c2cad7e126132d2442ec8ec8e9ab43df02cc0f
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/nystudio107/craft-seomatic/commit/a1c2cad7e126132d2442ec8ec8e9ab43df02cc0f
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-9757
reference_id CVE-2020-9757
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-9757
7
reference_url https://github.com/advisories/GHSA-6q4j-8pjm-5mgc
reference_id GHSA-6q4j-8pjm-5mgc
reference_type
scores
url https://github.com/advisories/GHSA-6q4j-8pjm-5mgc
fixed_packages
0
url pkg:composer/nystudio107/craft-seomatic@3.3.0
purl pkg:composer/nystudio107/craft-seomatic@3.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qjyr-4hen-gbhm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/nystudio107/craft-seomatic@3.3.0
aliases CVE-2020-9757, GHSA-6q4j-8pjm-5mgc
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xv52-rc7v-yba8
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/nystudio107/craft-seomatic@3.0.0-beta.23