Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:nuget/PowerShell@7.2.5

Type nuget

Namespace

Name PowerShell

Version 7.2.5

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 7.2.17

Latest_non_vulnerable_version 7.3.10

Affected_by_vulnerabilities

url

VCID-7dq5-qkwa-33ey

vulnerability_id

VCID-7dq5-qkwa-33ey

summary

PowerShell Remote Code Execution Vulnerability

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-41076

reference_id

reference_type

scores

value	0.34016
scoring_system	epss
scoring_elements	0.96946
published_at	2026-04-02T12:55:00Z

value	0.34016
scoring_system	epss
scoring_elements	0.96951
published_at	2026-04-04T12:55:00Z

value	0.34016
scoring_system	epss
scoring_elements	0.96954
published_at	2026-04-07T12:55:00Z

value	0.34016
scoring_system	epss
scoring_elements	0.96962
published_at	2026-04-08T12:55:00Z

value	0.34016
scoring_system	epss
scoring_elements	0.96963
published_at	2026-04-09T12:55:00Z

value	0.34016
scoring_system	epss
scoring_elements	0.96966
published_at	2026-04-11T12:55:00Z

value	0.34016
scoring_system	epss
scoring_elements	0.96967
published_at	2026-04-12T12:55:00Z

value	0.34016
scoring_system	epss
scoring_elements	0.96968
published_at	2026-04-13T12:55:00Z

value	0.34016
scoring_system	epss
scoring_elements	0.96976
published_at	2026-04-16T12:55:00Z

value	0.34016
scoring_system	epss
scoring_elements	0.9698
published_at	2026-04-18T12:55:00Z

value	0.34016
scoring_system	epss
scoring_elements	0.96981
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-41076

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-41076
reference_id	CVE-2022-41076
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-41076

reference_url	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41076
reference_id	CVE-2022-41076
reference_type
scores
url	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41076

fixed_packages

aliases

CVE-2022-41076

risk_score

0.1

exploitability

0.5

weighted_severity

0.3

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-7dq5-qkwa-33ey

url VCID-ks36-zkdx-c3ap

vulnerability_id VCID-ks36-zkdx-c3ap

summary

Exposure of Resource to Wrong Sphere
PowerShell Information Disclosure Vulnerability

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-36013

reference_id

reference_type

scores

value	0.02494
scoring_system	epss
scoring_elements	0.85341
published_at	2026-04-21T12:55:00Z

value	0.02494
scoring_system	epss
scoring_elements	0.85344
published_at	2026-04-18T12:55:00Z

value	0.02494
scoring_system	epss
scoring_elements	0.85262
published_at	2026-04-02T12:55:00Z

value	0.02494
scoring_system	epss
scoring_elements	0.8528
published_at	2026-04-04T12:55:00Z

value	0.02494
scoring_system	epss
scoring_elements	0.85283
published_at	2026-04-07T12:55:00Z

value	0.02494
scoring_system	epss
scoring_elements	0.85305
published_at	2026-04-08T12:55:00Z

value	0.02494
scoring_system	epss
scoring_elements	0.85313
published_at	2026-04-09T12:55:00Z

value	0.02494
scoring_system	epss
scoring_elements	0.85327
published_at	2026-04-11T12:55:00Z

value	0.02494
scoring_system	epss
scoring_elements	0.85325
published_at	2026-04-12T12:55:00Z

value	0.02494
scoring_system	epss
scoring_elements	0.85322
published_at	2026-04-13T12:55:00Z

value	0.02494
scoring_system	epss
scoring_elements	0.85343
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-36013

reference_url

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36013

reference_id

CVE-2023-36013

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T13:42:34Z/

url

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36013

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-36013
reference_id	CVE-2023-36013
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-36013

fixed_packages

url	pkg:nuget/PowerShell@7.2.17
purl	pkg:nuget/PowerShell@7.2.17
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:nuget/PowerShell@7.2.17

url	pkg:nuget/PowerShell@7.3.10
purl	pkg:nuget/PowerShell@7.3.10
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:nuget/PowerShell@7.3.10

aliases CVE-2023-36013

risk_score 2.2

exploitability 0.5

weighted_severity 4.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ks36-zkdx-c3ap

url

VCID-rz8f-jn6b-a7fw

vulnerability_id

VCID-rz8f-jn6b-a7fw

summary

.NET Information Disclosure Vulnerability
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core 3.1 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

An information disclosure vulnerability exists in .NET Core 3.1 and .NET 6.0 that could lead to unauthorized access of privileged information.

## <a name="affected-software"></a>Affected software

* Any .NET 6.0 application running on .NET 6.0.7 or earlier.
* Any .NET Core 3.1 applicaiton running on .NET Core 3.1.27 or earlier.

If your application uses the following package versions, ensure you update to the latest version of .NET.

### <a name=".NET Core 3.1"></a>.NET Core 3.1

Package name | Affected version | Patched version
------------ | ---------------- | -------------------------
[System.Security.Cryptography.Xml](http://system.security)| <=4.7.0| 4.7.1
[Microsoft.AspNetCore.App.Runtime.win-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x64)| >=3.1.0, 3.1.27| 3.1.28
[Microsoft.AspNetCore.App.Runtime.linux-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-x64)| >=3.1.0, 3.1.27| 3.1.28
[Microsoft.AspNetCore.App.Runtime.win-x86](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x86)| >=3.1.0, 3.1.27| 3.1.28
[Microsoft.AspNetCore.App.Runtime.osx-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.osx-x64)| >=3.1.0, 3.1.27| 3.1.28
[Microsoft.AspNetCore.App.Runtime.linux-musl-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-x64)| >=3.1.0, 3.1.27| 3.1.28
[Microsoft.AspNetCore.App.Runtime.linux-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm64)| >=3.1.0, 3.1.27| 3.1.28
[Microsoft.AspNetCore.App.Runtime.linux-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm)| >=3.1.0, 3.1.27| 3.1.28
[Microsoft.AspNetCore.App.Runtime.win-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm64)| >=3.1.0, 3.1.27| 3.1.28
[Microsoft.AspNetCore.App.Runtime.win-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm)| >=3.1.0, 3.1.27| 3.1.28
[Microsoft.AspNetCore.App.Runtime.linux-musl-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm64)| >=3.1.0, 3.1.27| 3.1.28
[Microsoft.AspNetCore.App.Runtime.linux-musl-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm)| >=3.1.0, 3.1.27| 3.1.28

### <a name=".NET 6"></a>.NET 6

Package name | Affected version | Patched version
------------ | ---------------- | -------------------------
[System.Security.Cryptography.Xml](https://www.nuget.org/packages/System.Security.Cryptography.Xml)| >=5.0.0, 6.0.0| 6.0.1
[Microsoft.AspNetCore.App.Runtime.win-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x64)| >=6.0.0, 6.0.7| 6.0.8
[Microsoft.AspNetCore.App.Runtime.linux-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-x64)| >=6.0.0, 6.0.7| 6.0.8
[Microsoft.AspNetCore.App.Runtime.win-x86](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x86)| >=6.0.0, 6.0.7| 6.0.8
[Microsoft.AspNetCore.App.Runtime.osx-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.osx-x64)| >=6.0.0, 6.0.7| 6.0.8
[Microsoft.AspNetCore.App.Runtime.linux-musl-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-x64)| >=6.0.0, 6.0.7| 6.0.8
[Microsoft.AspNetCore.App.Runtime.linux-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm64)| >=6.0.0, 6.0.7| 6.0.8
[Microsoft.AspNetCore.App.Runtime.linux-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm)| >=6.0.0, 6.0.7| 6.0.8
[Microsoft.AspNetCore.App.Runtime.win-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm64)| >=6.0.0, 6.0.7| 6.0.8
[Microsoft.AspNetCore.App.Runtime.win-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm)| >=6.0.0, 6.0.7| 6.0.8
[Microsoft.AspNetCore.App.Runtime.osx-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.osx-arm64)| >=6.0.0, 6.0.7| 6.0.8
[Microsoft.AspNetCore.App.Runtime.linux-musl-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm64)| >=6.0.0, 6.0.7| 6.0.8
[Microsoft.AspNetCore.App.Runtime.linux-musl-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm)| >=6.0.0, 6.0.7| 6.0.8

## Patches


* If you're using .NET 6.0, you should download and install Runtime 6.0.8 or SDK 6.0.108 (for Visual Studio 2022 v17.1) from https://dotnet.microsoft.com/download/dotnet-core/6.0.
* If you're using .NET Core 3.1, you should download and install Runtime 3.1.28 (for Visual Studio 2019 v16.9) from https://dotnet.microsoft.com/download/dotnet-core/3.1.


### Other

Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/232
An Issue for this can be found at https://github.com/dotnet/aspnetcore/issues/43166
MSRC details for this can be found at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34716

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34716.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34716.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-34716

reference_id

reference_type

scores

value	0.00952
scoring_system	epss
scoring_elements	0.76415
published_at	2026-04-21T12:55:00Z

value	0.00952
scoring_system	epss
scoring_elements	0.76431
published_at	2026-04-18T12:55:00Z

value	0.00952
scoring_system	epss
scoring_elements	0.76425
published_at	2026-04-16T12:55:00Z

value	0.00952
scoring_system	epss
scoring_elements	0.76385
published_at	2026-04-13T12:55:00Z

value	0.01106
scoring_system	epss
scoring_elements	0.78103
published_at	2026-04-12T12:55:00Z

value	0.01106
scoring_system	epss
scoring_elements	0.78121
published_at	2026-04-11T12:55:00Z

value	0.01106
scoring_system	epss
scoring_elements	0.78094
published_at	2026-04-09T12:55:00Z

value	0.01106
scoring_system	epss
scoring_elements	0.7809
published_at	2026-04-08T12:55:00Z

value	0.01106
scoring_system	epss
scoring_elements	0.78064
published_at	2026-04-07T12:55:00Z

value	0.01106
scoring_system	epss
scoring_elements	0.78082
published_at	2026-04-04T12:55:00Z

value	0.01106
scoring_system	epss
scoring_elements	0.78053
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-34716

reference_url

https://github.com/dotnet/announcements/issues/232

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/dotnet/announcements/issues/232

reference_url

https://github.com/dotnet/aspnetcore/issues/43166

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/dotnet/aspnetcore/issues/43166

reference_url

https://github.com/dotnet/aspnetcore/security/advisories/GHSA-vh55-786g-wjwj

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/dotnet/aspnetcore/security/advisories/GHSA-vh55-786g-wjwj

reference_url

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34716

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-29T20:04:18Z/

url

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34716

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-34716

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-34716

reference_url

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34716

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34716

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2115183
reference_id	2115183
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2115183

reference_url

https://github.com/advisories/GHSA-vh55-786g-wjwj

reference_id

GHSA-vh55-786g-wjwj

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-vh55-786g-wjwj

reference_url	https://access.redhat.com/errata/RHSA-2022:6037
reference_id	RHSA-2022:6037
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6037

reference_url	https://access.redhat.com/errata/RHSA-2022:6038
reference_id	RHSA-2022:6038
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6038

reference_url	https://access.redhat.com/errata/RHSA-2022:6043
reference_id	RHSA-2022:6043
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6043

reference_url	https://access.redhat.com/errata/RHSA-2022:6057
reference_id	RHSA-2022:6057
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6057

reference_url	https://access.redhat.com/errata/RHSA-2022:6058
reference_id	RHSA-2022:6058
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6058

fixed_packages

aliases

CVE-2022-34716, GHSA-vh55-786g-wjwj, GMS-2024-75, GMS-2024-76, GMS-2024-77, GMS-2024-78, GMS-2024-79, GMS-2024-80, GMS-2024-81, GMS-2024-82, GMS-2024-83, GMS-2024-84, GMS-2024-85, GMS-2024-86, GMS-2024-90

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-rz8f-jn6b-a7fw

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/PowerShell@7.2.5

Package Instance