Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/26570?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/26570?format=api", "purl": "pkg:pypi/calibreweb@0.6.14", "type": "pypi", "namespace": "", "name": "calibreweb", "version": "0.6.14", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57709?format=api", "vulnerability_id": "VCID-4xd2-y3tq-ckh8", "summary": "Calibre Web and Autocaliweb have OS Command Injection vulnerability\nImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Calibre Web, Autocaliweb allows Blind OS Command Injection. This issue affects Calibre Web: 0.6.24 (Nicolette); Autocaliweb: from 0.7.0 before 0.7.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-7404", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02327", "scoring_system": "epss", "scoring_elements": "0.8514", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02327", "scoring_system": "epss", "scoring_elements": "0.85129", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.02327", "scoring_system": "epss", "scoring_elements": "0.85139", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.02327", "scoring_system": "epss", "scoring_elements": "0.85145", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-7404" }, { "reference_url": "https://fluidattacks.com/advisories/kino", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-25T13:33:27Z/" } ], "url": "https://fluidattacks.com/advisories/kino" }, { "reference_url": "https://github.com/gelbphoenix/autocaliweb", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-25T13:33:27Z/" } ], "url": "https://github.com/gelbphoenix/autocaliweb" }, { "reference_url": "https://github.com/janeczku/calibre-web", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-25T13:33:27Z/" } ], "url": "https://github.com/janeczku/calibre-web" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7404", "reference_id": "CVE-2025-7404", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7404" }, { "reference_url": "https://github.com/advisories/GHSA-qc4j-v7h6-xr5h", "reference_id": "GHSA-qc4j-v7h6-xr5h", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-qc4j-v7h6-xr5h" } ], "fixed_packages": [], "aliases": [ "CVE-2025-7404", "GHSA-qc4j-v7h6-xr5h" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4xd2-y3tq-ckh8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35974?format=api", "vulnerability_id": "VCID-6z85-9d5x-nyaq", "summary": "Cross-site Scripting (XSS) - Reflected in Pypi calibreweb prior to 0.6.16.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0352", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.5515", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.55207", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.55216", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.55209", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.55187", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0352" }, { "reference_url": "https://github.com/advisories/GHSA-h56g-v4vp-q9q6", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h56g-v4vp-q9q6" }, { "reference_url": "https://github.com/janeczku/calibre-web", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/janeczku/calibre-web" }, { "reference_url": "https://github.com/janeczku/calibre-web/commit/6bf07539788004513c3692c074ebc7ba4ce005e1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/janeczku/calibre-web/commit/6bf07539788004513c3692c074ebc7ba4ce005e1" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/calibreweb/PYSEC-2022-18.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/calibreweb/PYSEC-2022-18.yaml" }, { "reference_url": "https://huntr.dev/bounties/a577ff17-2ded-4c41-84ae-6ac02440f717", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/a577ff17-2ded-4c41-84ae-6ac02440f717" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0352", "reference_id": "CVE-2022-0352", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0352" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26572?format=api", "purl": "pkg:pypi/calibreweb@0.6.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4xd2-y3tq-ckh8" }, { "vulnerability": "VCID-bkzx-fvcv-t3g8" }, { "vulnerability": "VCID-g6g1-rcqv-wkdj" }, { "vulnerability": "VCID-gb1g-yf4f-tygr" }, { "vulnerability": "VCID-gwc3-dztv-37dw" }, { "vulnerability": "VCID-jcpd-2fkh-mkc1" }, { "vulnerability": "VCID-kekh-f74c-m7bt" }, { "vulnerability": "VCID-m8wg-f36t-pygt" }, { "vulnerability": "VCID-s28v-vbvy-3bgb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/calibreweb@0.6.16" } ], "aliases": [ "CVE-2022-0352", "GHSA-h56g-v4vp-q9q6", "PYSEC-2022-18" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6z85-9d5x-nyaq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35975?format=api", "vulnerability_id": "VCID-9jsz-tc58-2ud8", "summary": "Server-Side Request Forgery (SSRF) in Pypi calibreweb prior to 0.6.16.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0339", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47956", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.48006", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.48024", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.4802", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47976", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0339" }, { "reference_url": "https://github.com/advisories/GHSA-4w8p-x6g8-fv64", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4w8p-x6g8-fv64" }, { "reference_url": "https://github.com/janeczku/calibre-web", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/janeczku/calibre-web" }, { "reference_url": "https://github.com/janeczku/calibre-web/commit/35f6f4c727c887f8f3607fe3233dbc1980d15020", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/janeczku/calibre-web/commit/35f6f4c727c887f8f3607fe3233dbc1980d15020" }, { "reference_url": "https://github.com/janeczku/calibre-web/commit/3b216bfa07ec7992eff03e55d61732af6df9bb92", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/janeczku/calibre-web/commit/3b216bfa07ec7992eff03e55d61732af6df9bb92" }, { "reference_url": "https://github.com/janeczku/calibre-web/releases/tag/0.6.16", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/janeczku/calibre-web/releases/tag/0.6.16" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/calibreweb/PYSEC-2022-23.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/calibreweb/PYSEC-2022-23.yaml" }, { "reference_url": "https://huntr.dev/bounties/499688c4-6ac4-4047-a868-7922c3eab369", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/499688c4-6ac4-4047-a868-7922c3eab369" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0339", "reference_id": "CVE-2022-0339", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0339" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26572?format=api", "purl": "pkg:pypi/calibreweb@0.6.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4xd2-y3tq-ckh8" }, { "vulnerability": "VCID-bkzx-fvcv-t3g8" }, { "vulnerability": "VCID-g6g1-rcqv-wkdj" }, { "vulnerability": "VCID-gb1g-yf4f-tygr" }, { "vulnerability": "VCID-gwc3-dztv-37dw" }, { "vulnerability": "VCID-jcpd-2fkh-mkc1" }, { "vulnerability": "VCID-kekh-f74c-m7bt" }, { "vulnerability": "VCID-m8wg-f36t-pygt" }, { "vulnerability": "VCID-s28v-vbvy-3bgb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/calibreweb@0.6.16" } ], "aliases": [ "CVE-2022-0339", "GHSA-4w8p-x6g8-fv64", "PYSEC-2022-23" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9jsz-tc58-2ud8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35976?format=api", "vulnerability_id": "VCID-am1q-9mhn-c7fr", "summary": "Improper Access Control in Pypi calibreweb prior to 0.6.16.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0273", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.3251", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.3248", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32512", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.3255", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32582", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0273" }, { "reference_url": "https://github.com/advisories/GHSA-vgmw-9cww-qq99", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vgmw-9cww-qq99" }, { "reference_url": "https://github.com/janeczku/calibre-web", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/janeczku/calibre-web" }, { "reference_url": "https://github.com/janeczku/calibre-web/commit/0c0313f375bed7b035c8c0482bbb09599e16bfcf", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/janeczku/calibre-web/commit/0c0313f375bed7b035c8c0482bbb09599e16bfcf" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/calibreweb/PYSEC-2022-22.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/calibreweb/PYSEC-2022-22.yaml" }, { "reference_url": "https://huntr.dev/bounties/8f27686f-d698-4ab6-8ef0-899125792f13", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/8f27686f-d698-4ab6-8ef0-899125792f13" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0273", "reference_id": "CVE-2022-0273", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0273" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26572?format=api", "purl": "pkg:pypi/calibreweb@0.6.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4xd2-y3tq-ckh8" }, { "vulnerability": "VCID-bkzx-fvcv-t3g8" }, { "vulnerability": "VCID-g6g1-rcqv-wkdj" }, { "vulnerability": "VCID-gb1g-yf4f-tygr" }, { "vulnerability": "VCID-gwc3-dztv-37dw" }, { "vulnerability": "VCID-jcpd-2fkh-mkc1" }, { "vulnerability": "VCID-kekh-f74c-m7bt" }, { "vulnerability": "VCID-m8wg-f36t-pygt" }, { "vulnerability": "VCID-s28v-vbvy-3bgb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/calibreweb@0.6.16" } ], "aliases": [ "CVE-2022-0273", "GHSA-vgmw-9cww-qq99", "PYSEC-2022-22" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-am1q-9mhn-c7fr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44956?format=api", "vulnerability_id": "VCID-bkzx-fvcv-t3g8", "summary": "Weak Password Requirements in GitHub repository janeczku/calibre-web prior to 0.6.20.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2106", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.58297", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.58279", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.58295", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.58305", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2106" }, { "reference_url": "https://github.com/janeczku/calibre-web", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/janeczku/calibre-web" }, { "reference_url": "https://github.com/janeczku/calibre-web/commit/49e4f540c9b204c7e39b3c27ceadecd83ed60e7e", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-06T15:32:47Z/" } ], "url": "https://github.com/janeczku/calibre-web/commit/49e4f540c9b204c7e39b3c27ceadecd83ed60e7e" }, { "reference_url": "https://huntr.dev/bounties/c3d5c647-7557-40a9-aee4-24dc14882781", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-06T15:32:47Z/" } ], "url": "https://huntr.dev/bounties/c3d5c647-7557-40a9-aee4-24dc14882781" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2106", "reference_id": "CVE-2023-2106", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2106" }, { "reference_url": "https://github.com/advisories/GHSA-mhmp-m6g7-7c24", "reference_id": "GHSA-mhmp-m6g7-7c24", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mhmp-m6g7-7c24" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64720?format=api", "purl": "pkg:pypi/calibreweb@0.6.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4xd2-y3tq-ckh8" }, { "vulnerability": "VCID-gb1g-yf4f-tygr" }, { "vulnerability": "VCID-gwc3-dztv-37dw" }, { "vulnerability": "VCID-m8wg-f36t-pygt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/calibreweb@0.6.20" } ], "aliases": [ "CVE-2023-2106", "GHSA-mhmp-m6g7-7c24" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bkzx-fvcv-t3g8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56212?format=api", "vulnerability_id": "VCID-c5yg-2q1m-qkf6", "summary": "Improper Access Control in janeczku/calibre-web\nAn improper access control vulnerability exists in janeczku/calibre-web. The affected version allows users without public shelf permissions to create public shelves. The vulnerability is due to the `create_shelf` method in `shelf.py` not verifying if the user has the necessary permissions to create a public shelf. This issue can lead to unauthorized actions being performed by users.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3987", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.28706", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.28735", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.28807", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.28774", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.28739", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3987" }, { "reference_url": "https://github.com/janeczku/calibre-web", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/janeczku/calibre-web" }, { "reference_url": "https://github.com/janeczku/calibre-web/commit/bcdc97641447965af486964537f3821f47b28874", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T18:27:02Z/" } ], "url": "https://github.com/janeczku/calibre-web/commit/bcdc97641447965af486964537f3821f47b28874" }, { "reference_url": "https://huntr.com/bounties/29fcc091-87b6-43bc-ab4b-3c0bec3f71df", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T18:27:02Z/" } ], "url": "https://huntr.com/bounties/29fcc091-87b6-43bc-ab4b-3c0bec3f71df" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3987", "reference_id": "CVE-2021-3987", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3987" }, { "reference_url": "https://github.com/advisories/GHSA-fj5v-w2jp-wqvj", "reference_id": "GHSA-fj5v-w2jp-wqvj", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-fj5v-w2jp-wqvj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26571?format=api", "purl": "pkg:pypi/calibreweb@0.6.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4xd2-y3tq-ckh8" }, { "vulnerability": "VCID-6z85-9d5x-nyaq" }, { "vulnerability": "VCID-9jsz-tc58-2ud8" }, { "vulnerability": "VCID-am1q-9mhn-c7fr" }, { "vulnerability": "VCID-bkzx-fvcv-t3g8" }, { "vulnerability": "VCID-g6g1-rcqv-wkdj" }, { "vulnerability": "VCID-gb1g-yf4f-tygr" }, { "vulnerability": "VCID-gwc3-dztv-37dw" }, { "vulnerability": "VCID-jcpd-2fkh-mkc1" }, { "vulnerability": "VCID-kekh-f74c-m7bt" }, { "vulnerability": "VCID-m8wg-f36t-pygt" }, { "vulnerability": "VCID-s28v-vbvy-3bgb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/calibreweb@0.6.15" } ], "aliases": [ "CVE-2021-3987", "GHSA-fj5v-w2jp-wqvj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c5yg-2q1m-qkf6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42596?format=api", "vulnerability_id": "VCID-g6g1-rcqv-wkdj", "summary": "Server-Side Request Forgery in calibreweb\nServer-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0767", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41532", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.4147", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41502", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.4145", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41525", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0767" }, { "reference_url": "https://github.com/janeczku/calibre-web", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/janeczku/calibre-web" }, { "reference_url": "https://github.com/janeczku/calibre-web/commit/965352c8d96c9eae7a6867ff76b0db137d04b0b8", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/janeczku/calibre-web/commit/965352c8d96c9eae7a6867ff76b0db137d04b0b8" }, { "reference_url": "https://huntr.dev/bounties/b26fc127-9b6a-4be7-a455-58aefbb62d9e", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/b26fc127-9b6a-4be7-a455-58aefbb62d9e" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0767", "reference_id": "CVE-2022-0767", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0767" }, { "reference_url": "https://github.com/advisories/GHSA-h65g-jfqg-2w6m", "reference_id": "GHSA-h65g-jfqg-2w6m", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h65g-jfqg-2w6m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60912?format=api", "purl": "pkg:pypi/calibreweb@0.6.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4xd2-y3tq-ckh8" }, { "vulnerability": "VCID-bkzx-fvcv-t3g8" }, { "vulnerability": "VCID-gb1g-yf4f-tygr" }, { "vulnerability": "VCID-gwc3-dztv-37dw" }, { "vulnerability": "VCID-jcpd-2fkh-mkc1" }, { "vulnerability": "VCID-m8wg-f36t-pygt" }, { "vulnerability": "VCID-s28v-vbvy-3bgb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/calibreweb@0.6.17" } ], "aliases": [ "CVE-2022-0767", "GHSA-h65g-jfqg-2w6m" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g6g1-rcqv-wkdj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49323?format=api", "vulnerability_id": "VCID-gb1g-yf4f-tygr", "summary": "Calibre-Web Has a Stored Cross-Site Scripting (XSS) Vulnerability via the 'username' Field During User Creation\nA Stored Cross-Site Scripting (XSS) vulnerability in Calibre-Web v0.6.25 allows attackers to inject malicious JavaScript into the 'username' field during user creation. The payload is stored unsanitized and later executed when the /ajax/listusers endpoint is accessed.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-65858", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.09226", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.09149", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.09207", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.09208", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-65858" }, { "reference_url": "https://github.com/janeczku/calibre-web", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/janeczku/calibre-web" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65858", "reference_id": "CVE-2025-65858", "reference_type": "", "scores": [ { "value": "1.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65858" }, { "reference_url": "https://github.com/KhanhDuy155/calibre-web-CVE-2025-65858/blob/main/CVE-2025-65858.md", "reference_id": "CVE-2025-65858.MD", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N" }, { "value": "1.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-02T15:12:45Z/" } ], "url": "https://github.com/KhanhDuy155/calibre-web-CVE-2025-65858/blob/main/CVE-2025-65858.md" }, { "reference_url": "https://github.com/advisories/GHSA-pc5g-j9j7-p4q3", "reference_id": "GHSA-pc5g-j9j7-p4q3", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pc5g-j9j7-p4q3" } ], "fixed_packages": [], "aliases": [ "CVE-2025-65858", "GHSA-pc5g-j9j7-p4q3" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gb1g-yf4f-tygr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57708?format=api", "vulnerability_id": "VCID-gwc3-dztv-37dw", "summary": "Calibre Web and Autocaliweb have a ReDoS vulnerability\nReDoS in strip_whitespaces() function in cps/string_helper.py in Calibre Web and Autocaliweb allows unauthenticated remote attackers to cause denial of service via specially crafted username parameter that triggers catastrophic backtracking during login. This issue affects Calibre Web: 0.6.24 (Nicolette); Autocaliweb: from 0.7.0 before 0.7.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6998", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00202", "scoring_system": "epss", "scoring_elements": "0.42311", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00202", "scoring_system": "epss", "scoring_elements": "0.42247", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00202", "scoring_system": "epss", "scoring_elements": "0.42283", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00202", "scoring_system": "epss", "scoring_elements": "0.423", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6998" }, { "reference_url": "https://fluidattacks.com/advisories/megadeth", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-24T19:50:08Z/" } ], "url": "https://fluidattacks.com/advisories/megadeth" }, { "reference_url": "https://github.com/gelbphoenix/autocaliweb", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-24T19:50:08Z/" } ], "url": "https://github.com/gelbphoenix/autocaliweb" }, { "reference_url": "https://github.com/janeczku/calibre-web", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-24T19:50:08Z/" } ], "url": "https://github.com/janeczku/calibre-web" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6998", "reference_id": "CVE-2025-6998", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6998" }, { "reference_url": "https://github.com/advisories/GHSA-2g7m-ph9x-7q7m", "reference_id": "GHSA-2g7m-ph9x-7q7m", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-2g7m-ph9x-7q7m" } ], "fixed_packages": [], "aliases": [ "CVE-2025-6998", "GHSA-2g7m-ph9x-7q7m" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gwc3-dztv-37dw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56213?format=api", "vulnerability_id": "VCID-hsbf-rfcu-qyaq", "summary": "Generation of Error Message Containing Sensitive Information in janeczku/calibre-web\nA vulnerability in janeczku/calibre-web allows unauthorized users to view the names of private shelves belonging to other users. This issue occurs in the file shelf.py at line 221, where the name of the shelf is exposed in an error message when a user attempts to remove a book from a shelf they do not own. This vulnerability discloses private information and affects all versions prior to the fix.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3986", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.41982", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.41961", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42035", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42046", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42018", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3986" }, { "reference_url": "https://github.com/janeczku/calibre-web", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/janeczku/calibre-web" }, { "reference_url": "https://github.com/janeczku/calibre-web/commit/6f5390ead5df9779ac81fadefffb476e03f93548", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T18:30:20Z/" } ], "url": "https://github.com/janeczku/calibre-web/commit/6f5390ead5df9779ac81fadefffb476e03f93548" }, { "reference_url": "https://huntr.com/bounties/394af194-61a7-4e33-b373-877d4c766fca", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T18:30:20Z/" } ], "url": "https://huntr.com/bounties/394af194-61a7-4e33-b373-877d4c766fca" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3986", "reference_id": "CVE-2021-3986", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3986" }, { "reference_url": "https://github.com/advisories/GHSA-m982-h4f8-g4hf", "reference_id": "GHSA-m982-h4f8-g4hf", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-m982-h4f8-g4hf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26571?format=api", "purl": "pkg:pypi/calibreweb@0.6.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4xd2-y3tq-ckh8" }, { "vulnerability": "VCID-6z85-9d5x-nyaq" }, { "vulnerability": "VCID-9jsz-tc58-2ud8" }, { "vulnerability": "VCID-am1q-9mhn-c7fr" }, { "vulnerability": "VCID-bkzx-fvcv-t3g8" }, { "vulnerability": "VCID-g6g1-rcqv-wkdj" }, { "vulnerability": "VCID-gb1g-yf4f-tygr" }, { "vulnerability": "VCID-gwc3-dztv-37dw" }, { "vulnerability": "VCID-jcpd-2fkh-mkc1" }, { "vulnerability": "VCID-kekh-f74c-m7bt" }, { "vulnerability": "VCID-m8wg-f36t-pygt" }, { "vulnerability": "VCID-s28v-vbvy-3bgb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/calibreweb@0.6.15" } ], "aliases": [ "CVE-2021-3986", "GHSA-m982-h4f8-g4hf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hsbf-rfcu-qyaq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111589?format=api", "vulnerability_id": "VCID-jcpd-2fkh-mkc1", "summary": "SQL injection in calibreweb\nCalibre-Web before 0.6.18 allows user table SQL Injection.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-30765", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.50051", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.50078", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.50106", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.50121", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.50113", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-30765" }, { "reference_url": "https://github.com/janeczku/calibre-web", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/janeczku/calibre-web" }, { "reference_url": "https://github.com/janeczku/calibre-web/blob/master/SECURITY.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/janeczku/calibre-web/blob/master/SECURITY.md" }, { "reference_url": "https://github.com/janeczku/calibre-web/releases/tag/0.6.18", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/janeczku/calibre-web/releases/tag/0.6.18" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30765", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30765" }, { "reference_url": "https://github.com/advisories/GHSA-8ppf-x4gr-2x7g", "reference_id": "GHSA-8ppf-x4gr-2x7g", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8ppf-x4gr-2x7g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/153106?format=api", "purl": "pkg:pypi/calibreweb@0.6.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4xd2-y3tq-ckh8" }, { "vulnerability": "VCID-bkzx-fvcv-t3g8" }, { "vulnerability": "VCID-gb1g-yf4f-tygr" }, { "vulnerability": "VCID-gwc3-dztv-37dw" }, { "vulnerability": "VCID-m8wg-f36t-pygt" }, { "vulnerability": "VCID-s28v-vbvy-3bgb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/calibreweb@0.6.18" } ], "aliases": [ "CVE-2022-30765", "GHSA-8ppf-x4gr-2x7g" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jcpd-2fkh-mkc1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42595?format=api", "vulnerability_id": "VCID-kekh-f74c-m7bt", "summary": "Server-Side Request Forgery in calibreweb\nServer-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0766", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52542", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52563", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52591", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.5261", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52602", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0766" }, { "reference_url": "https://github.com/janeczku/calibre-web", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/janeczku/calibre-web" }, { "reference_url": "https://github.com/janeczku/calibre-web/commit/965352c8d96c9eae7a6867ff76b0db137d04b0b8", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/janeczku/calibre-web/commit/965352c8d96c9eae7a6867ff76b0db137d04b0b8" }, { "reference_url": "https://huntr.dev/bounties/7f2a5bb4-e6c7-4b6a-b8eb-face9e3add7b", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/7f2a5bb4-e6c7-4b6a-b8eb-face9e3add7b" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0766", "reference_id": "CVE-2022-0766", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0766" }, { "reference_url": "https://github.com/advisories/GHSA-2647-c639-qv2j", "reference_id": "GHSA-2647-c639-qv2j", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2647-c639-qv2j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60912?format=api", "purl": "pkg:pypi/calibreweb@0.6.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4xd2-y3tq-ckh8" }, { "vulnerability": "VCID-bkzx-fvcv-t3g8" }, { "vulnerability": "VCID-gb1g-yf4f-tygr" }, { "vulnerability": "VCID-gwc3-dztv-37dw" }, { "vulnerability": "VCID-jcpd-2fkh-mkc1" }, { "vulnerability": "VCID-m8wg-f36t-pygt" }, { "vulnerability": "VCID-s28v-vbvy-3bgb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/calibreweb@0.6.17" } ], "aliases": [ "CVE-2022-0766", "GHSA-2647-c639-qv2j" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kekh-f74c-m7bt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42162?format=api", "vulnerability_id": "VCID-kswt-bt4h-nbdf", "summary": "calibre-web is vulnerable to Business Logic Errors", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-4171", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00441", "scoring_system": "epss", "scoring_elements": "0.63576", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00441", "scoring_system": "epss", "scoring_elements": "0.63556", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00441", "scoring_system": "epss", "scoring_elements": "0.63567", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00441", "scoring_system": "epss", "scoring_elements": "0.63526", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00441", "scoring_system": "epss", "scoring_elements": "0.63568", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-4171" }, { "reference_url": "https://github.com/janeczku/calibre-web", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/janeczku/calibre-web" }, { "reference_url": "https://github.com/janeczku/calibre-web/commit/3e0d8763c377d2146462811e3e4ccf13f0d312ce", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/janeczku/calibre-web/commit/3e0d8763c377d2146462811e3e4ccf13f0d312ce" }, { "reference_url": "https://huntr.dev/bounties/1117f439-133c-4563-afb2-6cd80607bd5c", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/1117f439-133c-4563-afb2-6cd80607bd5c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4171", "reference_id": "CVE-2021-4171", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4171" }, { "reference_url": "https://github.com/advisories/GHSA-xp7p-3gx7-j6wx", "reference_id": "GHSA-xp7p-3gx7-j6wx", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xp7p-3gx7-j6wx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26571?format=api", "purl": "pkg:pypi/calibreweb@0.6.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4xd2-y3tq-ckh8" }, { "vulnerability": "VCID-6z85-9d5x-nyaq" }, { "vulnerability": "VCID-9jsz-tc58-2ud8" }, { "vulnerability": "VCID-am1q-9mhn-c7fr" }, { "vulnerability": "VCID-bkzx-fvcv-t3g8" }, { "vulnerability": "VCID-g6g1-rcqv-wkdj" }, { "vulnerability": "VCID-gb1g-yf4f-tygr" }, { "vulnerability": "VCID-gwc3-dztv-37dw" }, { "vulnerability": "VCID-jcpd-2fkh-mkc1" }, { "vulnerability": "VCID-kekh-f74c-m7bt" }, { "vulnerability": "VCID-m8wg-f36t-pygt" }, { "vulnerability": "VCID-s28v-vbvy-3bgb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/calibreweb@0.6.15" } ], "aliases": [ "CVE-2021-4171", "GHSA-xp7p-3gx7-j6wx" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kswt-bt4h-nbdf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55546?format=api", "vulnerability_id": "VCID-m8wg-f36t-pygt", "summary": "Calibre-Web Cross Site Scripting (XSS)\nIn janeczku Calibre-Web 0.6.0 to 0.6.21, the edit_book_comments function is vulnerable to Cross Site Scripting (XSS) due to improper sanitization performed by the clean_string function. The vulnerability arises from the way the clean_string function handles HTML sanitization.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39123", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.16445", "scoring_system": "epss", "scoring_elements": "0.95016", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.16445", "scoring_system": "epss", "scoring_elements": "0.95014", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.16445", "scoring_system": "epss", "scoring_elements": "0.95013", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39123" }, { "reference_url": "https://github.com/janeczku/calibre-web", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/janeczku/calibre-web" }, { "reference_url": "https://github.com/pentesttoolscom/vulnerability-research/tree/master/CVE-2024-39123", "reference_id": "CVE-2024-39123", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-23T15:47:04Z/" } ], "url": "https://github.com/pentesttoolscom/vulnerability-research/tree/master/CVE-2024-39123" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39123", "reference_id": "CVE-2024-39123", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39123" }, { "reference_url": "https://github.com/advisories/GHSA-j22r-3rf3-cv25", "reference_id": "GHSA-j22r-3rf3-cv25", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j22r-3rf3-cv25" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/752005?format=api", "purl": "pkg:pypi/calibreweb@0.6.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4xd2-y3tq-ckh8" }, { "vulnerability": "VCID-gb1g-yf4f-tygr" }, { "vulnerability": "VCID-gwc3-dztv-37dw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/calibreweb@0.6.22" } ], "aliases": [ "CVE-2024-39123", "GHSA-j22r-3rf3-cv25" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m8wg-f36t-pygt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42122?format=api", "vulnerability_id": "VCID-mayx-3wtu-nkbp", "summary": "calibre-web is vulnerable to Cross-site Scripting\ncalibre-web is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-4170", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51897", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51865", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51917", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51908", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51849", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-4170" }, { "reference_url": "https://github.com/janeczku/calibre-web", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/janeczku/calibre-web" }, { "reference_url": "https://github.com/janeczku/calibre-web/commit/7ad419dc8c12180e842a82118f4866ac3d074bc5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/janeczku/calibre-web/commit/7ad419dc8c12180e842a82118f4866ac3d074bc5" }, { "reference_url": "https://huntr.dev/bounties/ff395101-e392-401d-ab4f-579c63fbf6a0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/ff395101-e392-401d-ab4f-579c63fbf6a0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4170", "reference_id": "CVE-2021-4170", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4170" }, { "reference_url": "https://github.com/advisories/GHSA-wrp6-9w7f-3wxg", "reference_id": "GHSA-wrp6-9w7f-3wxg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wrp6-9w7f-3wxg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26571?format=api", "purl": "pkg:pypi/calibreweb@0.6.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4xd2-y3tq-ckh8" }, { "vulnerability": "VCID-6z85-9d5x-nyaq" }, { "vulnerability": "VCID-9jsz-tc58-2ud8" }, { "vulnerability": "VCID-am1q-9mhn-c7fr" }, { "vulnerability": "VCID-bkzx-fvcv-t3g8" }, { "vulnerability": "VCID-g6g1-rcqv-wkdj" }, { "vulnerability": "VCID-gb1g-yf4f-tygr" }, { "vulnerability": "VCID-gwc3-dztv-37dw" }, { "vulnerability": "VCID-jcpd-2fkh-mkc1" }, { "vulnerability": "VCID-kekh-f74c-m7bt" }, { "vulnerability": "VCID-m8wg-f36t-pygt" }, { "vulnerability": "VCID-s28v-vbvy-3bgb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/calibreweb@0.6.15" } ], "aliases": [ "CVE-2021-4170", "GHSA-wrp6-9w7f-3wxg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mayx-3wtu-nkbp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44955?format=api", "vulnerability_id": "VCID-s28v-vbvy-3bgb", "summary": "Improper Restriction of Excessive Authentication Attempts in GitHub repository janeczku/calibre-web prior to 0.6.20.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2525", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57887", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57863", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57825", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57876", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57878", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2525" }, { "reference_url": "https://github.com/janeczku/calibre-web/commit/49e4f540c9b204c7e39b3c27ceadecd83ed60e7e", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-06T16:02:14Z/" } ], "url": "https://github.com/janeczku/calibre-web/commit/49e4f540c9b204c7e39b3c27ceadecd83ed60e7e" }, { "reference_url": "https://huntr.dev/bounties/9ff87820-c14c-4454-9764-406496254ef0", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-06T16:02:14Z/" } ], "url": "https://huntr.dev/bounties/9ff87820-c14c-4454-9764-406496254ef0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2525", "reference_id": "CVE-2022-2525", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2525" }, { "reference_url": "https://github.com/advisories/GHSA-jg8w-wgx2-g7q4", "reference_id": "GHSA-jg8w-wgx2-g7q4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jg8w-wgx2-g7q4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64720?format=api", "purl": "pkg:pypi/calibreweb@0.6.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4xd2-y3tq-ckh8" }, { "vulnerability": "VCID-gb1g-yf4f-tygr" }, { "vulnerability": "VCID-gwc3-dztv-37dw" }, { "vulnerability": "VCID-m8wg-f36t-pygt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/calibreweb@0.6.20" } ], "aliases": [ "CVE-2022-2525", "GHSA-jg8w-wgx2-g7q4" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s28v-vbvy-3bgb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42123?format=api", "vulnerability_id": "VCID-xmnj-teby-fygk", "summary": "calibre-web is vulnerable to Cross-Site Request Forgery (CSRF)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-4164", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.33038", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32969", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.33", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.3292", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.33025", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-4164" }, { "reference_url": "https://github.com/janeczku/calibre-web", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/janeczku/calibre-web" }, { "reference_url": "https://github.com/janeczku/calibre-web/commit/785726deee13b4d56f6c3503dd57c1e3eb7d6f30", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/janeczku/calibre-web/commit/785726deee13b4d56f6c3503dd57c1e3eb7d6f30" }, { "reference_url": "https://huntr.dev/bounties/2debace1-a0f3-45c1-95fa-9d0512680758", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/2debace1-a0f3-45c1-95fa-9d0512680758" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4164", "reference_id": "CVE-2021-4164", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4164" }, { "reference_url": "https://github.com/advisories/GHSA-wxr6-29pv-ch68", "reference_id": "GHSA-wxr6-29pv-ch68", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wxr6-29pv-ch68" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26571?format=api", "purl": "pkg:pypi/calibreweb@0.6.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4xd2-y3tq-ckh8" }, { "vulnerability": "VCID-6z85-9d5x-nyaq" }, { "vulnerability": "VCID-9jsz-tc58-2ud8" }, { "vulnerability": "VCID-am1q-9mhn-c7fr" }, { "vulnerability": "VCID-bkzx-fvcv-t3g8" }, { "vulnerability": "VCID-g6g1-rcqv-wkdj" }, { "vulnerability": "VCID-gb1g-yf4f-tygr" }, { "vulnerability": "VCID-gwc3-dztv-37dw" }, { "vulnerability": "VCID-jcpd-2fkh-mkc1" }, { "vulnerability": "VCID-kekh-f74c-m7bt" }, { "vulnerability": "VCID-m8wg-f36t-pygt" }, { "vulnerability": "VCID-s28v-vbvy-3bgb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/calibreweb@0.6.15" } ], "aliases": [ "CVE-2021-4164", "GHSA-wxr6-29pv-ch68" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xmnj-teby-fygk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56205?format=api", "vulnerability_id": "VCID-y3wa-7wgk-3khp", "summary": "Cross-site Scripting (XSS) - DOM in janeczku/calibre-web\nA Cross-site Scripting (XSS) vulnerability exists in janeczku/calibre-web, specifically in the file `edit_books.js`. The vulnerability occurs when editing book properties, such as uploading a cover or a format. The affected code directly inserts user input into the DOM without proper sanitization, allowing attackers to execute arbitrary JavaScript code. This can lead to various attacks, including stealing cookies. The issue is present in the code handling the `#btn-upload-cover` change event.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3988", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00238", "scoring_system": "epss", "scoring_elements": "0.47015", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00238", "scoring_system": "epss", "scoring_elements": "0.46994", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00238", "scoring_system": "epss", "scoring_elements": "0.47059", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00238", "scoring_system": "epss", "scoring_elements": "0.47062", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00238", "scoring_system": "epss", "scoring_elements": "0.47044", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3988" }, { "reference_url": "https://github.com/janeczku/calibre-web", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/janeczku/calibre-web" }, { "reference_url": "https://github.com/janeczku/calibre-web/commit/7ad419dc8c12180e842a82118f4866ac3d074bc5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-20T22:31:41Z/" } ], "url": "https://github.com/janeczku/calibre-web/commit/7ad419dc8c12180e842a82118f4866ac3d074bc5" }, { "reference_url": "https://huntr.com/bounties/fa4c8fd1-7846-4dad-9112-2c07461f0609", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-20T22:31:41Z/" } ], "url": "https://huntr.com/bounties/fa4c8fd1-7846-4dad-9112-2c07461f0609" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3988", "reference_id": "CVE-2021-3988", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3988" }, { "reference_url": "https://github.com/advisories/GHSA-r735-9gc6-2hvq", "reference_id": "GHSA-r735-9gc6-2hvq", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-r735-9gc6-2hvq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26571?format=api", "purl": "pkg:pypi/calibreweb@0.6.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4xd2-y3tq-ckh8" }, { "vulnerability": "VCID-6z85-9d5x-nyaq" }, { "vulnerability": "VCID-9jsz-tc58-2ud8" }, { "vulnerability": "VCID-am1q-9mhn-c7fr" }, { "vulnerability": "VCID-bkzx-fvcv-t3g8" }, { "vulnerability": "VCID-g6g1-rcqv-wkdj" }, { "vulnerability": "VCID-gb1g-yf4f-tygr" }, { "vulnerability": "VCID-gwc3-dztv-37dw" }, { "vulnerability": "VCID-jcpd-2fkh-mkc1" }, { "vulnerability": "VCID-kekh-f74c-m7bt" }, { "vulnerability": "VCID-m8wg-f36t-pygt" }, { "vulnerability": "VCID-s28v-vbvy-3bgb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/calibreweb@0.6.15" } ], "aliases": [ "CVE-2021-3988", "GHSA-r735-9gc6-2hvq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y3wa-7wgk-3khp" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/calibreweb@0.6.14" }