Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/craftcms/cms@2.7.7
Typecomposer
Namespacecraftcms
Namecms
Version2.7.7
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.6.13
Latest_non_vulnerable_version5.9.18
Affected_by_vulnerabilities
0
url VCID-n1z8-7a8m-rfcc
vulnerability_id VCID-n1z8-7a8m-rfcc
summary 
Craft CMS Remote Code Injection
An issue was discovered in Craft CMS before 3.6.7. In some circumstances, a potential Remote Code Execution vulnerability existed on sites that did not restrict administrative changes (if an attacker were somehow able to hijack an administrator's session).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-27903
reference_id
reference_type
scores
0
value 0.03824
scoring_system epss
scoring_elements 0.8836
published_at 2026-06-05T12:55:00Z
1
value 0.03824
scoring_system epss
scoring_elements 0.88342
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-27903
1
reference_url https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#367---2021-02-23
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#367---2021-02-23
2
reference_url https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#security
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#security
3
reference_url https://github.com/craftcms/cms/commit/c17728fa0bec11d3b82c34defe0930ed409aec38
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/commit/c17728fa0bec11d3b82c34defe0930ed409aec38
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-27903
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-27903
fixed_packages
0
url pkg:composer/craftcms/cms@3.6.7
purl pkg:composer/craftcms/cms@3.6.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-nz6e-26rc-f3fa
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.6.7
aliases CVE-2021-27903, GHSA-x2j7-6hxm-87p3
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n1z8-7a8m-rfcc
1
url VCID-nz6e-26rc-f3fa
vulnerability_id VCID-nz6e-26rc-f3fa
summary 
Cross-site Scripting
Craft CMS has an XSS vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-32470
reference_id
reference_type
scores
0
value 0.00328
scoring_system epss
scoring_elements 0.56045
published_at 2026-06-04T12:55:00Z
1
value 0.00328
scoring_system epss
scoring_elements 0.561
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-32470
1
reference_url https://github.com/craftcms/cms/blob/3.6.13/CHANGELOG.md#security
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/blob/3.6.13/CHANGELOG.md#security
2
reference_url https://github.com/craftcms/cms/commit/f9378aa154b5f9b64bed3d59cce0c4a8184bf5e6
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/commit/f9378aa154b5f9b64bed3d59cce0c4a8184bf5e6
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-32470
reference_id CVE-2021-32470
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-32470
4
reference_url https://github.com/advisories/GHSA-h2rj-8wgg-mm43
reference_id GHSA-h2rj-8wgg-mm43
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h2rj-8wgg-mm43
fixed_packages
0
url pkg:composer/craftcms/cms@3.6.13
purl pkg:composer/craftcms/cms@3.6.13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.6.13
aliases CVE-2021-32470, GHSA-h2rj-8wgg-mm43
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nz6e-26rc-f3fa
2
url VCID-xc5n-1vqa-tqaz
vulnerability_id VCID-xc5n-1vqa-tqaz
summary 
Craft CMS Cross-site Scripting Vulnerability
An issue was discovered in Craft CMS before 3.6.0. In some circumstances, a potential XSS vulnerability existed in connection with front-end forms that accepted user uploads.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-27902
reference_id
reference_type
scores
0
value 0.00419
scoring_system epss
scoring_elements 0.62273
published_at 2026-06-05T12:55:00Z
1
value 0.00419
scoring_system epss
scoring_elements 0.62224
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-27902
1
reference_url https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#360---2021-01-26
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#360---2021-01-26
2
reference_url https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#security-1
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#security-1
3
reference_url https://github.com/craftcms/cms/commit/8ee85a8f03c143fa2420e7d6f311d95cae3b19ce
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/commit/8ee85a8f03c143fa2420e7d6f311d95cae3b19ce
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-27902
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-27902
fixed_packages
0
url pkg:composer/craftcms/cms@3.6.0
purl pkg:composer/craftcms/cms@3.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-n1z8-7a8m-rfcc
1
vulnerability VCID-nz6e-26rc-f3fa
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.6.0
aliases CVE-2021-27902, GHSA-3jxh-789f-p7m6
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xc5n-1vqa-tqaz
3
url VCID-xv52-rc7v-yba8
vulnerability_id VCID-xv52-rc7v-yba8
summary 
Injection Vulnerability
The `SEOmatic` component for Craft CMS allows Server-Side Template Injection that leads to RCE via malformed data to the `metacontainers` controller.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-9757
reference_id
reference_type
scores
0
value 0.94276
scoring_system epss
scoring_elements 0.99941
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-9757
1
reference_url https://github.com/giany/CVE/blob/master/CVE-2020-9757.txt
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/giany/CVE/blob/master/CVE-2020-9757.txt
2
reference_url https://github.com/nystudio107/craft-seomatic
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/nystudio107/craft-seomatic
3
reference_url https://github.com/nystudio107/craft-seomatic/blob/v3/CHANGELOG.md
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/nystudio107/craft-seomatic/blob/v3/CHANGELOG.md
4
reference_url https://github.com/nystudio107/craft-seomatic/commit/65ab659cb6c914c7ad671af1e417c0da2431f79b
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/nystudio107/craft-seomatic/commit/65ab659cb6c914c7ad671af1e417c0da2431f79b
5
reference_url https://github.com/nystudio107/craft-seomatic/commit/a1c2cad7e126132d2442ec8ec8e9ab43df02cc0f
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/nystudio107/craft-seomatic/commit/a1c2cad7e126132d2442ec8ec8e9ab43df02cc0f
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-9757
reference_id CVE-2020-9757
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-9757
7
reference_url https://github.com/advisories/GHSA-6q4j-8pjm-5mgc
reference_id GHSA-6q4j-8pjm-5mgc
reference_type
scores
url https://github.com/advisories/GHSA-6q4j-8pjm-5mgc
fixed_packages
0
url pkg:composer/craftcms/cms@3.3.0
purl pkg:composer/craftcms/cms@3.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-n1z8-7a8m-rfcc
1
vulnerability VCID-nz6e-26rc-f3fa
2
vulnerability VCID-xc5n-1vqa-tqaz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.3.0
aliases CVE-2020-9757, GHSA-6q4j-8pjm-5mgc
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xv52-rc7v-yba8
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@2.7.7