Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/fava@1.12
Typepypi
Namespace
Namefava
Version1.12
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.22.3
Latest_non_vulnerable_version1.22.3
Affected_by_vulnerabilities
0
url VCID-e3tw-125b-6ug2
vulnerability_id VCID-e3tw-125b-6ug2
summary The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim.
references
0
reference_url https://github.com/advisories/GHSA-xrf4-39fm-j5f2
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-xrf4-39fm-j5f2
1
reference_url https://github.com/beancount/fava/commit/ca9e3882c7b5fbf5273ba52340b9fea6a99f3711
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://github.com/beancount/fava/commit/ca9e3882c7b5fbf5273ba52340b9fea6a99f3711
2
reference_url https://huntr.dev/bounties/dbf77139-4384-4dc5-9994-45a5e0747429
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://huntr.dev/bounties/dbf77139-4384-4dc5-9994-45a5e0747429
fixed_packages
0
url pkg:pypi/fava@1.22
purl pkg:pypi/fava@1.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-nmpg-e4rn-5ffd
1
vulnerability VCID-x45u-rng5-n3dm
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fava@1.22
aliases CVE-2022-2514, GHSA-xrf4-39fm-j5f2, PYSEC-2022-239, PYSEC-2022-43182
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e3tw-125b-6ug2
1
url VCID-nmpg-e4rn-5ffd
vulnerability_id VCID-nmpg-e4rn-5ffd
summary Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/fava prior to 1.22.2.
references
0
reference_url https://github.com/advisories/GHSA-q8hg-3vqv-f8v3
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-q8hg-3vqv-f8v3
1
reference_url https://github.com/beancount/fava/commit/dccfb6a2f4567f35ce2e9a78e24f92ebf946bc9b
reference_id
reference_type
scores
url https://github.com/beancount/fava/commit/dccfb6a2f4567f35ce2e9a78e24f92ebf946bc9b
2
reference_url https://huntr.dev/bounties/2a1802d8-1c2e-4919-96a7-d4dcf7ffcf8f
reference_id
reference_type
scores
url https://huntr.dev/bounties/2a1802d8-1c2e-4919-96a7-d4dcf7ffcf8f
fixed_packages
0
url pkg:pypi/fava@1.22.2
purl pkg:pypi/fava@1.22.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x45u-rng5-n3dm
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fava@1.22.2
aliases CVE-2022-2523, GHSA-q8hg-3vqv-f8v3, PYSEC-2022-240
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nmpg-e4rn-5ffd
2
url VCID-x45u-rng5-n3dm
vulnerability_id VCID-x45u-rng5-n3dm
summary Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/fava prior to 1.22.3.
references
0
reference_url https://github.com/advisories/GHSA-6hcj-qrw3-m66q
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-6hcj-qrw3-m66q
1
reference_url https://github.com/beancount/fava/commit/68bbb6e39319deb35ab9f18d0b6aa9fa70472539
reference_id
reference_type
scores
url https://github.com/beancount/fava/commit/68bbb6e39319deb35ab9f18d0b6aa9fa70472539
2
reference_url https://huntr.dev/bounties/8705800d-cf2f-433d-9c3e-dbef6a3f7e08
reference_id
reference_type
scores
url https://huntr.dev/bounties/8705800d-cf2f-433d-9c3e-dbef6a3f7e08
fixed_packages
0
url pkg:pypi/fava@1.22.3
purl pkg:pypi/fava@1.22.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fava@1.22.3
aliases CVE-2022-2589, GHSA-6hcj-qrw3-m66q, PYSEC-2022-246
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x45u-rng5-n3dm
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/fava@1.12