Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:apk/alpine/upx@3.96-r0?arch=s390x&distroversion=v3.19&reponame=community

Type apk

Namespace alpine

Name upx

Version 3.96-r0

Qualifiers

arch	s390x
distroversion	v3.19
reponame	community

Subpath

Is_vulnerable false

Next_non_vulnerable_version 4.0.0-r0

Latest_non_vulnerable_version 4.0.2-r0

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-2y8t-m44r-3qa9

vulnerability_id VCID-2y8t-m44r-3qa9

summary An invalid memory address dereference was discovered in the canUnpack function in p_mach.cpp in UPX 3.95 via a crafted Mach-O file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-20053

reference_id

reference_type

scores

value	0.00349
scoring_system	epss
scoring_elements	0.57676
published_at	2026-06-04T12:55:00Z

value	0.00349
scoring_system	epss
scoring_elements	0.57727
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-20053

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20053
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20053

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947471
reference_id	947471
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947471

fixed_packages

url	pkg:apk/alpine/upx@3.96-r0?arch=s390x&distroversion=v3.19&reponame=community
purl	pkg:apk/alpine/upx@3.96-r0?arch=s390x&distroversion=v3.19&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/upx@3.96-r0%3Farch=s390x&distroversion=v3.19&reponame=community

aliases CVE-2019-20053

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2y8t-m44r-3qa9

url VCID-4pc6-57uk-sufn

vulnerability_id VCID-4pc6-57uk-sufn

summary PackLinuxElf64::unpack in p_lx_elf.cpp in UPX 3.95 allows remote attackers to cause a denial of service (double free), limit the ability of a malware scanner to operate on the entire original data, or possibly have unspecified other impact via a crafted file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-11243

reference_id

reference_type

scores

value	0.00473
scoring_system	epss
scoring_elements	0.65042
published_at	2026-06-04T12:55:00Z

value	0.00473
scoring_system	epss
scoring_elements	0.65085
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-11243

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11243
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11243

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=899190
reference_id	899190
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=899190

fixed_packages

url	pkg:apk/alpine/upx@3.96-r0?arch=s390x&distroversion=v3.19&reponame=community
purl	pkg:apk/alpine/upx@3.96-r0?arch=s390x&distroversion=v3.19&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/upx@3.96-r0%3Farch=s390x&distroversion=v3.19&reponame=community

aliases CVE-2018-11243

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4pc6-57uk-sufn

url VCID-d21c-d6dq-3fa7

vulnerability_id VCID-d21c-d6dq-3fa7

summary A heap-based buffer over-read was discovered in canUnpack in p_mach.cpp in UPX 3.95 via a crafted Mach-O file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-20021

reference_id

reference_type

scores

value	0.00324
scoring_system	epss
scoring_elements	0.55742
published_at	2026-06-04T12:55:00Z

value	0.00324
scoring_system	epss
scoring_elements	0.55798
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-20021

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20021
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20021

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947471
reference_id	947471
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947471

fixed_packages

url	pkg:apk/alpine/upx@3.96-r0?arch=s390x&distroversion=v3.19&reponame=community
purl	pkg:apk/alpine/upx@3.96-r0?arch=s390x&distroversion=v3.19&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/upx@3.96-r0%3Farch=s390x&distroversion=v3.19&reponame=community

aliases CVE-2019-20021

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d21c-d6dq-3fa7

url VCID-y9hb-h18t-rqet

vulnerability_id VCID-y9hb-h18t-rqet

summary canUnpack in p_vmlinx.cpp in UPX 3.95 allows remote attackers to cause a denial of service (SEGV or buffer overflow, and application crash) or possibly have unspecified other impact via a crafted UPX packed file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-14296

reference_id

reference_type

scores

value	0.00366
scoring_system	epss
scoring_elements	0.58873
published_at	2026-06-04T12:55:00Z

value	0.00366
scoring_system	epss
scoring_elements	0.58919
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-14296

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14296
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14296

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933232
reference_id	933232
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933232

fixed_packages

url	pkg:apk/alpine/upx@3.96-r0?arch=s390x&distroversion=v3.19&reponame=community
purl	pkg:apk/alpine/upx@3.96-r0?arch=s390x&distroversion=v3.19&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/upx@3.96-r0%3Farch=s390x&distroversion=v3.19&reponame=community

aliases CVE-2019-14296

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y9hb-h18t-rqet

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/upx@3.96-r0%3Farch=s390x&distroversion=v3.19&reponame=community

Package Instance