Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/com.vaadin/vaadin-bom@17.0.8
Typemaven
Namespacecom.vaadin
Namevaadin-bom
Version17.0.8
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version19.0.4
Latest_non_vulnerable_version20.0.6
Affected_by_vulnerabilities
0
url VCID-jnr3-zatb-d7bh
vulnerability_id VCID-jnr3-zatb-d7bh
summary 
Uncontrolled Resource Consumption
Unsafe validation RegEx in EmailField component in com.vaadin:vaadin-text-field-flow versions 2.0.4 through 2.3.2 (Vaadin 14.0.6 through 14.4.3), and 3.0.0 through 4.0.2 (Vaadin 15.0.0 through 17.0.10) allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-31405
reference_id
reference_type
scores
0
value 0.00468
scoring_system epss
scoring_elements 0.64858
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-31405
1
reference_url https://github.com/vaadin/flow-components/pull/442
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/flow-components/pull/442
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-31405
reference_id CVE-2021-31405
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-31405
3
reference_url https://vaadin.com/security/cve-2021-31405
reference_id CVE-2021-31405
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://vaadin.com/security/cve-2021-31405
4
reference_url https://github.com/advisories/GHSA-2wqp-jmcc-mc77
reference_id GHSA-2wqp-jmcc-mc77
reference_type
scores
url https://github.com/advisories/GHSA-2wqp-jmcc-mc77
5
reference_url https://github.com/vaadin/platform/security/advisories/GHSA-2wqp-jmcc-mc77
reference_id GHSA-2wqp-jmcc-mc77
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/platform/security/advisories/GHSA-2wqp-jmcc-mc77
fixed_packages
0
url pkg:maven/com.vaadin/vaadin-bom@17.0.11
purl pkg:maven/com.vaadin/vaadin-bom@17.0.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kd1u-jqk2-xkgb
1
vulnerability VCID-tmht-98ed-a3fq
2
vulnerability VCID-tywj-48df-uqcb
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin-bom@17.0.11
aliases CVE-2021-31405, GHSA-2wqp-jmcc-mc77
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jnr3-zatb-d7bh
1
url VCID-kd1u-jqk2-xkgb
vulnerability_id VCID-kd1u-jqk2-xkgb
summary 
Directory traversal in development mode handler in Vaadin 14 and 15-17
Improper URL validation in development mode handler in `com.vaadin:flow-server` versions 2.0.0 through 2.4.1 (Vaadin 14.0.0 through 14.4.2), and 3.0 prior to 5.0 (Vaadin 15 prior to 18) allows attacker to request arbitrary files stored outside of intended frontend resources folder.

- https://vaadin.com/security/cve-2020-36321
references
0
reference_url https://github.com/vaadin/platform
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/platform
1
reference_url https://vaadin.com/security/cve-2020-36321
reference_id CVE-2020-36321
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://vaadin.com/security/cve-2020-36321
2
reference_url https://github.com/advisories/GHSA-82mf-mmh7-hxp5
reference_id GHSA-82mf-mmh7-hxp5
reference_type
scores
url https://github.com/advisories/GHSA-82mf-mmh7-hxp5
3
reference_url https://github.com/vaadin/platform/security/advisories/GHSA-82mf-mmh7-hxp5
reference_id GHSA-82mf-mmh7-hxp5
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/platform/security/advisories/GHSA-82mf-mmh7-hxp5
fixed_packages
0
url pkg:maven/com.vaadin/vaadin-bom@18.0.0
purl pkg:maven/com.vaadin/vaadin-bom@18.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-93dy-76qc-8fb7
1
vulnerability VCID-tmht-98ed-a3fq
2
vulnerability VCID-tywj-48df-uqcb
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin-bom@18.0.0
aliases GHSA-82mf-mmh7-hxp5, GMS-2021-65
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kd1u-jqk2-xkgb
2
url VCID-tmht-98ed-a3fq
vulnerability_id VCID-tmht-98ed-a3fq
summary Cross-Site Request Forgery (CSRF) in com.vaadin:vaadin-bom.
references
0
reference_url https://github.com/vaadin/platform
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/platform
1
reference_url https://vaadin.com/security/cve-2021-31406
reference_id CVE-2021-31406
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://vaadin.com/security/cve-2021-31406
2
reference_url https://github.com/advisories/GHSA-9h6g-6mxg-vvp4
reference_id GHSA-9h6g-6mxg-vvp4
reference_type
scores
url https://github.com/advisories/GHSA-9h6g-6mxg-vvp4
3
reference_url https://github.com/vaadin/platform/security/advisories/GHSA-9h6g-6mxg-vvp4
reference_id GHSA-9h6g-6mxg-vvp4
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/platform/security/advisories/GHSA-9h6g-6mxg-vvp4
fixed_packages
0
url pkg:maven/com.vaadin/vaadin-bom@18.0.7
purl pkg:maven/com.vaadin/vaadin-bom@18.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-93dy-76qc-8fb7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin-bom@18.0.7
1
url pkg:maven/com.vaadin/vaadin-bom@19.0.1
purl pkg:maven/com.vaadin/vaadin-bom@19.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-93dy-76qc-8fb7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin-bom@19.0.1
aliases GHSA-9h6g-6mxg-vvp4, GMS-2021-66
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tmht-98ed-a3fq
3
url VCID-tywj-48df-uqcb
vulnerability_id VCID-tywj-48df-uqcb
summary Cross-Site Request Forgery (CSRF) in com.vaadin:vaadin-bom.
references
0
reference_url https://github.com/vaadin/platform
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/platform
1
reference_url https://vaadin.com/security/cve-2021-31404
reference_id CVE-2021-31404
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://vaadin.com/security/cve-2021-31404
2
reference_url https://github.com/advisories/GHSA-c6c4-7x48-4cqp
reference_id GHSA-c6c4-7x48-4cqp
reference_type
scores
url https://github.com/advisories/GHSA-c6c4-7x48-4cqp
3
reference_url https://github.com/vaadin/platform/security/advisories/GHSA-c6c4-7x48-4cqp
reference_id GHSA-c6c4-7x48-4cqp
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/platform/security/advisories/GHSA-c6c4-7x48-4cqp
fixed_packages
0
url pkg:maven/com.vaadin/vaadin-bom@18.0.6
purl pkg:maven/com.vaadin/vaadin-bom@18.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-93dy-76qc-8fb7
1
vulnerability VCID-tmht-98ed-a3fq
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin-bom@18.0.6
aliases GHSA-c6c4-7x48-4cqp, GMS-2021-67
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tywj-48df-uqcb
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin-bom@17.0.8