Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/openbao@2.5.4-r0?arch=x86&distroversion=edge&reponame=community
Typeapk
Namespacealpine
Nameopenbao
Version2.5.4-r0
Qualifiers
arch x86
distroversion edge
reponame community
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-86qx-5ye9-eucf
vulnerability_id VCID-86qx-5ye9-eucf
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-40264
reference_id
reference_type
scores
0
value 0.0005
scoring_system epss
scoring_elements 0.15815
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-40264
1
reference_url https://github.com/openbao/openbao
reference_id
reference_type
scores
0
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openbao/openbao
2
reference_url https://github.com/openbao/openbao/commit/059cc5950303688335d5c8ab9af8e453795d693a
reference_id
reference_type
scores
0
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openbao/openbao/commit/059cc5950303688335d5c8ab9af8e453795d693a
3
reference_url https://github.com/openbao/openbao/pull/2934
reference_id
reference_type
scores
0
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openbao/openbao/pull/2934
4
reference_url https://github.com/openbao/openbao/releases/tag/v2.5.3
reference_id
reference_type
scores
0
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openbao/openbao/releases/tag/v2.5.3
5
reference_url https://github.com/openbao/openbao/security/advisories/GHSA-p49j-v9wc-wg57
reference_id
reference_type
scores
0
value 2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:30:42Z/
url https://github.com/openbao/openbao/security/advisories/GHSA-p49j-v9wc-wg57
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-40264
reference_id
reference_type
scores
0
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-40264
fixed_packages
0
url pkg:apk/alpine/openbao@2.5.4-r0?arch=x86&distroversion=edge&reponame=community
purl pkg:apk/alpine/openbao@2.5.4-r0?arch=x86&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openbao@2.5.4-r0%3Farch=x86&distroversion=edge&reponame=community
aliases CVE-2026-40264, GHSA-p49j-v9wc-wg57
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-86qx-5ye9-eucf
1
url VCID-9wmq-8qgw-cke7
vulnerability_id VCID-9wmq-8qgw-cke7
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-39388
reference_id
reference_type
scores
0
value 0.00021
scoring_system epss
scoring_elements 0.0627
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-39388
1
reference_url https://github.com/openbao/openbao
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N
1
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openbao/openbao
2
reference_url https://github.com/openbao/openbao/commit/9ab7a066826cc544c30e8b203f8f472076f366e1
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N
1
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openbao/openbao/commit/9ab7a066826cc544c30e8b203f8f472076f366e1
3
reference_url https://github.com/openbao/openbao/pull/2932
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N
1
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openbao/openbao/pull/2932
4
reference_url https://github.com/openbao/openbao/releases/tag/v2.5.3
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N
1
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openbao/openbao/releases/tag/v2.5.3
5
reference_url https://github.com/openbao/openbao/security/advisories/GHSA-7ccv-rp6m-rffr
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N
1
value 2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
3
value LOW
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:35:56Z/
url https://github.com/openbao/openbao/security/advisories/GHSA-7ccv-rp6m-rffr
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-39388
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N
1
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-39388
fixed_packages
0
url pkg:apk/alpine/openbao@2.5.4-r0?arch=x86&distroversion=edge&reponame=community
purl pkg:apk/alpine/openbao@2.5.4-r0?arch=x86&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openbao@2.5.4-r0%3Farch=x86&distroversion=edge&reponame=community
aliases CVE-2026-39388, GHSA-7ccv-rp6m-rffr
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9wmq-8qgw-cke7
2
url VCID-nck4-hdm9-mych
vulnerability_id VCID-nck4-hdm9-mych
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-39946.json
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-39946.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-39946
reference_id
reference_type
scores
0
value 0.00032
scoring_system epss
scoring_elements 0.09909
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-39946
2
reference_url https://github.com/openbao/openbao
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openbao/openbao
3
reference_url https://github.com/openbao/openbao/commit/80693a46ebb4fc2455f1c51ed1dd853b28c2fd77
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openbao/openbao/commit/80693a46ebb4fc2455f1c51ed1dd853b28c2fd77
4
reference_url https://github.com/openbao/openbao/pull/2931
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openbao/openbao/pull/2931
5
reference_url https://github.com/openbao/openbao/releases/tag/v2.5.3
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openbao/openbao/releases/tag/v2.5.3
6
reference_url https://github.com/openbao/openbao/security/advisories/GHSA-6vgr-cp5c-ffx3
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T13:34:12Z/
url https://github.com/openbao/openbao/security/advisories/GHSA-6vgr-cp5c-ffx3
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-39946
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-39946
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2459953
reference_id 2459953
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2459953
fixed_packages
0
url pkg:apk/alpine/openbao@2.5.4-r0?arch=x86&distroversion=edge&reponame=community
purl pkg:apk/alpine/openbao@2.5.4-r0?arch=x86&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openbao@2.5.4-r0%3Farch=x86&distroversion=edge&reponame=community
aliases CVE-2026-39946, GHSA-6vgr-cp5c-ffx3
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nck4-hdm9-mych
3
url VCID-vba1-5fmx-uuhh
vulnerability_id VCID-vba1-5fmx-uuhh
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33757.json
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33757.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33757
reference_id
reference_type
scores
0
value 0.00035
scoring_system epss
scoring_elements 0.10687
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33757
2
reference_url https://datatracker.ietf.org/doc/html/rfc8628#section-5.4
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-30T12:03:22Z/
url https://datatracker.ietf.org/doc/html/rfc8628#section-5.4
3
reference_url https://github.com/openbao/openbao
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/openbao/openbao
4
reference_url https://github.com/openbao/openbao/commit/e32103951925723e9787e33886ab6b6ec20f4964
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-30T12:03:22Z/
url https://github.com/openbao/openbao/commit/e32103951925723e9787e33886ab6b6ec20f4964
5
reference_url https://github.com/openbao/openbao/security/advisories/GHSA-7q7g-x6vg-xpc3
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-30T12:03:22Z/
url https://github.com/openbao/openbao/security/advisories/GHSA-7q7g-x6vg-xpc3
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-33757
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-33757
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2452269
reference_id 2452269
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2452269
fixed_packages
0
url pkg:apk/alpine/openbao@2.5.4-r0?arch=x86&distroversion=edge&reponame=community
purl pkg:apk/alpine/openbao@2.5.4-r0?arch=x86&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openbao@2.5.4-r0%3Farch=x86&distroversion=edge&reponame=community
aliases CVE-2026-33757, GHSA-7q7g-x6vg-xpc3
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vba1-5fmx-uuhh
4
url VCID-vw98-r2gn-9qa1
vulnerability_id VCID-vw98-r2gn-9qa1
summary 
OpenBao's Kerberos Auth Method Accumulates Unaccessible Tokens
### Impact

In OpenBao's Kerberos auth method on the `GET` handler, or when an `Authorization: Negotiate` header is supplied, the response is includes a `logical.Auth` object in addition to an error message. This results in tokens being created with only the default policy, default TTL, and no entity information, which are hidden by the returned error message. No access to these tokens by the caller occurs and the authentication token is not ever made accessible outside of `sys/raw`. At most this could cause storage usage.

### Patches

This is fixed in OpenBao v2.5.4. 

### Workarounds

Users may set a rate limit quota to limit the creation of these paths. As the path is unauthenticated, it isn't possible to deny access to it.

### Reporter

This was discovered by an anonymous reporter.
references
0
reference_url https://github.com/openbao/openbao
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openbao/openbao
1
reference_url https://github.com/openbao/openbao/commit/0d82e0a5a3b6a93e8087bcbaf0b11326c12d4f4d
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openbao/openbao/commit/0d82e0a5a3b6a93e8087bcbaf0b11326c12d4f4d
2
reference_url https://github.com/openbao/openbao/pull/3150
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openbao/openbao/pull/3150
3
reference_url https://github.com/openbao/openbao/releases/tag/v2.5.4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openbao/openbao/releases/tag/v2.5.4
4
reference_url https://github.com/openbao/openbao/security/advisories/GHSA-7j6w-vvw2-5f9c
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openbao/openbao/security/advisories/GHSA-7j6w-vvw2-5f9c
fixed_packages
0
url pkg:apk/alpine/openbao@2.5.4-r0?arch=x86&distroversion=edge&reponame=community
purl pkg:apk/alpine/openbao@2.5.4-r0?arch=x86&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openbao@2.5.4-r0%3Farch=x86&distroversion=edge&reponame=community
aliases CVE-2026-46405, GHSA-7j6w-vvw2-5f9c
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vw98-r2gn-9qa1
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/openbao@2.5.4-r0%3Farch=x86&distroversion=edge&reponame=community