Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/copyparty@0.3.1
Typepypi
Namespace
Namecopyparty
Version0.3.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.20.12
Latest_non_vulnerable_version1.20.12
Affected_by_vulnerabilities
0
url VCID-2jtf-2873-bydk
vulnerability_id VCID-2jtf-2873-bydk
summary Copyparty is a portable file server. Versions prior to 1.8.2 are subject to a path traversal vulnerability detected in the `.cpr` subfolder. The Path Traversal attack technique allows an attacker access to files, directories, and commands that reside outside the web document root directory. This issue has been addressed in commit `043e3c7d` which has been included in release 1.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.
references
0
reference_url http://packetstormsecurity.com/files/173822/Copyparty-1.8.2-Directory-Traversal.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-18T17:31:35Z/
url http://packetstormsecurity.com/files/173822/Copyparty-1.8.2-Directory-Traversal.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-37474
reference_id
reference_type
scores
0
value 0.89933
scoring_system epss
scoring_elements 0.99593
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-37474
2
reference_url https://github.com/9001/copyparty
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/9001/copyparty
3
reference_url https://github.com/9001/copyparty/commit/043e3c7dd683113e2b1c15cacb9c8e68f76513ff
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-18T17:31:35Z/
url https://github.com/9001/copyparty/commit/043e3c7dd683113e2b1c15cacb9c8e68f76513ff
4
reference_url https://github.com/9001/copyparty/releases/tag/v1.8.2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/9001/copyparty/releases/tag/v1.8.2
5
reference_url https://github.com/9001/copyparty/security/advisories/GHSA-pxfv-7rr3-2qjg
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
4
value HIGH
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-18T17:31:35Z/
url https://github.com/9001/copyparty/security/advisories/GHSA-pxfv-7rr3-2qjg
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/copyparty/PYSEC-2023-127.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/copyparty/PYSEC-2023-127.yaml
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-37474
reference_id CVE-2023-37474
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-37474
8
reference_url https://github.com/advisories/GHSA-pxfv-7rr3-2qjg
reference_id GHSA-pxfv-7rr3-2qjg
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pxfv-7rr3-2qjg
fixed_packages
0
url pkg:pypi/copyparty@1.8.2
purl pkg:pypi/copyparty@1.8.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3r9d-rwc2-dqhj
1
vulnerability VCID-455d-1uuh-akcw
2
vulnerability VCID-4k23-f4m1-2bg2
3
vulnerability VCID-8nb3-epm4-tybv
4
vulnerability VCID-bvsp-kv1e-37cv
5
vulnerability VCID-qvzv-kutp-sfaf
6
vulnerability VCID-rvb8-ftad-jbf7
7
vulnerability VCID-saj5-7b3m-4ubh
8
vulnerability VCID-wmjr-kwr1-fqe9
9
vulnerability VCID-yygv-g6z8-9yf5
10
vulnerability VCID-yzc3-sqs8-hqa1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/copyparty@1.8.2
aliases CVE-2023-37474, GHSA-pxfv-7rr3-2qjg, PYSEC-2023-127
risk_score 1.6
exploitability 2.0
weighted_severity 0.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2jtf-2873-bydk
1
url VCID-3r9d-rwc2-dqhj
vulnerability_id VCID-3r9d-rwc2-dqhj
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-54589
reference_id
reference_type
scores
0
value 0.0078
scoring_system epss
scoring_elements 0.73995
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-54589
1
reference_url https://github.com/9001/copyparty
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/9001/copyparty
2
reference_url https://github.com/9001/copyparty/commit/a8705e611d05eeb22be5d3d7d9ab5c020fe54c62
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-31T14:11:52Z/
url https://github.com/9001/copyparty/commit/a8705e611d05eeb22be5d3d7d9ab5c020fe54c62
3
reference_url https://github.com/9001/copyparty/releases/tag/v1.18.7
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-31T14:11:52Z/
url https://github.com/9001/copyparty/releases/tag/v1.18.7
4
reference_url https://github.com/9001/copyparty/security/advisories/GHSA-8mx2-rjh8-q3jq
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-31T14:11:52Z/
url https://github.com/9001/copyparty/security/advisories/GHSA-8mx2-rjh8-q3jq
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-54589
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-54589
6
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52390.c
reference_id CVE-2025-54589
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52390.c
7
reference_url https://github.com/advisories/GHSA-8mx2-rjh8-q3jq
reference_id GHSA-8mx2-rjh8-q3jq
reference_type
scores
url https://github.com/advisories/GHSA-8mx2-rjh8-q3jq
fixed_packages
0
url pkg:pypi/copyparty@1.18.7
purl pkg:pypi/copyparty@1.18.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-455d-1uuh-akcw
1
vulnerability VCID-4k23-f4m1-2bg2
2
vulnerability VCID-rvb8-ftad-jbf7
3
vulnerability VCID-saj5-7b3m-4ubh
4
vulnerability VCID-yygv-g6z8-9yf5
5
vulnerability VCID-yzc3-sqs8-hqa1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/copyparty@1.18.7
aliases CVE-2025-54589, GHSA-8mx2-rjh8-q3jq
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3r9d-rwc2-dqhj
2
url VCID-455d-1uuh-akcw
vulnerability_id VCID-455d-1uuh-akcw
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-58753
reference_id
reference_type
scores
0
value 0.00024
scoring_system epss
scoring_elements 0.0716
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-58753
1
reference_url https://github.com/9001/copyparty
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/9001/copyparty
2
reference_url https://github.com/9001/copyparty/commit/e0a92ba72d46074209a9c304eb2a01ca0429e60c
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-10T20:17:19Z/
url https://github.com/9001/copyparty/commit/e0a92ba72d46074209a9c304eb2a01ca0429e60c
3
reference_url https://github.com/9001/copyparty/releases/tag/v1.19.8
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-10T20:17:19Z/
url https://github.com/9001/copyparty/releases/tag/v1.19.8
4
reference_url https://github.com/9001/copyparty/security/advisories/GHSA-pxvw-4w88-6x95
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-10T20:17:19Z/
url https://github.com/9001/copyparty/security/advisories/GHSA-pxvw-4w88-6x95
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-58753
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-58753
6
reference_url https://github.com/advisories/GHSA-pxvw-4w88-6x95
reference_id GHSA-pxvw-4w88-6x95
reference_type
scores
url https://github.com/advisories/GHSA-pxvw-4w88-6x95
fixed_packages
0
url pkg:pypi/copyparty@1.19.8
purl pkg:pypi/copyparty@1.19.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4k23-f4m1-2bg2
1
vulnerability VCID-rvb8-ftad-jbf7
2
vulnerability VCID-saj5-7b3m-4ubh
3
vulnerability VCID-yygv-g6z8-9yf5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/copyparty@1.19.8
aliases CVE-2025-58753, GHSA-pxvw-4w88-6x95
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-455d-1uuh-akcw
3
url VCID-4k23-f4m1-2bg2
vulnerability_id VCID-4k23-f4m1-2bg2
summary 
Copyparty vulnerable to reflected XSS via setck parameter
An XSS allows for reflected cross-site scripting via URL-parameter `?setck=...`
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-27948
reference_id
reference_type
scores
0
value 0.00041
scoring_system epss
scoring_elements 0.12781
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-27948
1
reference_url https://github.com/9001/copyparty
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/9001/copyparty
2
reference_url https://github.com/9001/copyparty/commit/31b2801fd041f803f4a3d5c12c7d7cb5419048bc
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T15:06:14Z/
url https://github.com/9001/copyparty/commit/31b2801fd041f803f4a3d5c12c7d7cb5419048bc
3
reference_url https://github.com/9001/copyparty/releases/tag/v1.20.9
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/9001/copyparty/releases/tag/v1.20.9
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-27948
reference_id CVE-2026-27948
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-27948
5
reference_url https://github.com/9001/copyparty/security/advisories/GHSA-62cr-6wp5-q43h
reference_id GHSA-62cr-6wp5-q43h
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T15:06:14Z/
url https://github.com/9001/copyparty/security/advisories/GHSA-62cr-6wp5-q43h
6
reference_url https://github.com/advisories/GHSA-62cr-6wp5-q43h
reference_id GHSA-62cr-6wp5-q43h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-62cr-6wp5-q43h
fixed_packages
0
url pkg:pypi/copyparty@1.20.9
purl pkg:pypi/copyparty@1.20.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-rvb8-ftad-jbf7
1
vulnerability VCID-saj5-7b3m-4ubh
2
vulnerability VCID-yygv-g6z8-9yf5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/copyparty@1.20.9
aliases CVE-2026-27948, GHSA-62cr-6wp5-q43h
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4k23-f4m1-2bg2
4
url VCID-8nb3-epm4-tybv
vulnerability_id VCID-8nb3-epm4-tybv
summary copyparty is file server software. Prior to version 1.8.7, the application contains a reflected cross-site scripting via URL-parameter `?k304=...` and `?setck=...`. The worst-case outcome of this is being able to move or delete existing files on the server, or upload new files, using the account of the person who clicks the malicious link. It is recommended to change the passwords of one's copyparty accounts, unless one have inspected one's logs and found no trace of attacks. Version 1.8.7 contains a patch for the issue.
references
0
reference_url http://packetstormsecurity.com/files/173821/Copyparty-1.8.6-Cross-Site-Scripting.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
2
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T16:25:02Z/
url http://packetstormsecurity.com/files/173821/Copyparty-1.8.6-Cross-Site-Scripting.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-38501
reference_id
reference_type
scores
0
value 0.79633
scoring_system epss
scoring_elements 0.99115
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-38501
2
reference_url https://github.com/9001/copyparty
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/9001/copyparty
3
reference_url https://github.com/9001/copyparty/commit/007d948cb982daa05bc6619cd20ee55b7e834c38
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
2
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T16:25:02Z/
url https://github.com/9001/copyparty/commit/007d948cb982daa05bc6619cd20ee55b7e834c38
4
reference_url https://github.com/9001/copyparty/releases/tag/v1.8.7
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/9001/copyparty/releases/tag/v1.8.7
5
reference_url https://github.com/9001/copyparty/security/advisories/GHSA-f54q-j679-p9hh
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T16:25:02Z/
url https://github.com/9001/copyparty/security/advisories/GHSA-f54q-j679-p9hh
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/copyparty/PYSEC-2023-132.yaml
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/copyparty/PYSEC-2023-132.yaml
7
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/python/webapps/51635.txt
reference_id CVE-2023-38501
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/python/webapps/51635.txt
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-38501
reference_id CVE-2023-38501
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-38501
9
reference_url https://github.com/advisories/GHSA-f54q-j679-p9hh
reference_id GHSA-f54q-j679-p9hh
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f54q-j679-p9hh
fixed_packages
0
url pkg:pypi/copyparty@1.8.7
purl pkg:pypi/copyparty@1.8.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3r9d-rwc2-dqhj
1
vulnerability VCID-455d-1uuh-akcw
2
vulnerability VCID-4k23-f4m1-2bg2
3
vulnerability VCID-qvzv-kutp-sfaf
4
vulnerability VCID-rvb8-ftad-jbf7
5
vulnerability VCID-saj5-7b3m-4ubh
6
vulnerability VCID-wmjr-kwr1-fqe9
7
vulnerability VCID-yygv-g6z8-9yf5
8
vulnerability VCID-yzc3-sqs8-hqa1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/copyparty@1.8.7
aliases CVE-2023-38501, GHSA-f54q-j679-p9hh, PYSEC-2023-132
risk_score 2.8
exploitability 0.5
weighted_severity 5.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8nb3-epm4-tybv
5
url VCID-bvsp-kv1e-37cv
vulnerability_id VCID-bvsp-kv1e-37cv
summary Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in copyparty.
references
0
reference_url https://github.com/9001/copyparty
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/9001/copyparty
1
reference_url https://github.com/9001/copyparty/commit/0778da6c4d04de870c61f970763a7b619094093c
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/9001/copyparty/commit/0778da6c4d04de870c61f970763a7b619094093c
2
reference_url https://github.com/9001/copyparty/releases/tag/v1.8.6
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/9001/copyparty/releases/tag/v1.8.6
3
reference_url https://github.com/9001/copyparty/security/advisories/GHSA-cw7j-v52w-fp5r
reference_id GHSA-cw7j-v52w-fp5r
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/9001/copyparty/security/advisories/GHSA-cw7j-v52w-fp5r
4
reference_url https://github.com/advisories/GHSA-cw7j-v52w-fp5r
reference_id GHSA-cw7j-v52w-fp5r
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cw7j-v52w-fp5r
fixed_packages
0
url pkg:pypi/copyparty@1.8.6
purl pkg:pypi/copyparty@1.8.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3r9d-rwc2-dqhj
1
vulnerability VCID-455d-1uuh-akcw
2
vulnerability VCID-4k23-f4m1-2bg2
3
vulnerability VCID-8nb3-epm4-tybv
4
vulnerability VCID-qvzv-kutp-sfaf
5
vulnerability VCID-rvb8-ftad-jbf7
6
vulnerability VCID-saj5-7b3m-4ubh
7
vulnerability VCID-wmjr-kwr1-fqe9
8
vulnerability VCID-yygv-g6z8-9yf5
9
vulnerability VCID-yzc3-sqs8-hqa1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/copyparty@1.8.6
aliases GHSA-cw7j-v52w-fp5r, GMS-2023-1896
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bvsp-kv1e-37cv
6
url VCID-qvzv-kutp-sfaf
vulnerability_id VCID-qvzv-kutp-sfaf
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-54423
reference_id
reference_type
scores
0
value 0.00203
scoring_system epss
scoring_elements 0.42289
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-54423
1
reference_url https://github.com/9001/copyparty
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/9001/copyparty
2
reference_url https://github.com/9001/copyparty/commit/895880aeb0be0813ddf732487596633f8f9fc3a6
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-28T20:19:37Z/
url https://github.com/9001/copyparty/commit/895880aeb0be0813ddf732487596633f8f9fc3a6
3
reference_url https://github.com/9001/copyparty/releases/tag/v1.18.5
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-28T20:19:37Z/
url https://github.com/9001/copyparty/releases/tag/v1.18.5
4
reference_url https://github.com/9001/copyparty/security/advisories/GHSA-9q4r-x2hj-jmvr
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-28T20:19:37Z/
url https://github.com/9001/copyparty/security/advisories/GHSA-9q4r-x2hj-jmvr
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-54423
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-54423
6
reference_url https://github.com/advisories/GHSA-9q4r-x2hj-jmvr
reference_id GHSA-9q4r-x2hj-jmvr
reference_type
scores
url https://github.com/advisories/GHSA-9q4r-x2hj-jmvr
fixed_packages
0
url pkg:pypi/copyparty@1.18.5
purl pkg:pypi/copyparty@1.18.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3r9d-rwc2-dqhj
1
vulnerability VCID-455d-1uuh-akcw
2
vulnerability VCID-4k23-f4m1-2bg2
3
vulnerability VCID-rvb8-ftad-jbf7
4
vulnerability VCID-saj5-7b3m-4ubh
5
vulnerability VCID-yygv-g6z8-9yf5
6
vulnerability VCID-yzc3-sqs8-hqa1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/copyparty@1.18.5
aliases CVE-2025-54423, GHSA-9q4r-x2hj-jmvr
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qvzv-kutp-sfaf
7
url VCID-rvb8-ftad-jbf7
vulnerability_id VCID-rvb8-ftad-jbf7
summary Copyparty is a portable file server. Prior to 1.20.12, if an attacker has been given both read- and write-permissions to the server, they can upload a malicious file with the filename .prologue.html and then craft a link to potentially execute arbitrary JavaScript in the victim's context. Note that it is intended behavior that the JavaScript would execute if the target clicks a link to the HTML file itself; "https://example.com/foo/.prologue.html". The vulnerability is that "https://example.com/foo/?b" would also evaluate the file, making the behavior unexpected. There are existing preventative measures (strict SameSite cookies) which makes it harder to leverage this vulnerability in an attack; in order to gain control of the target's authenticated session, the link must be clicked from a page served by the server itself -- most likely by editing an existing resource, which would require additional access permissions. Finally, for this attack to be successful, the attacker's target must click the specific crafted link given by the attacker. This vulnerability is not activated by normally browsing the web-UI on the server. This vulnerability is fixed in 1.20.12.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-32109
reference_id
reference_type
scores
0
value 0.0001
scoring_system epss
scoring_elements 0.01288
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-32109
1
reference_url https://github.com/9001/copyparty
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/9001/copyparty
2
reference_url https://github.com/9001/copyparty/security/advisories/GHSA-rcp6-88mm-9vgf
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value LOW
scoring_system cvssv3.1_qr
scoring_elements
3
value LOW
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T19:45:23Z/
url https://github.com/9001/copyparty/security/advisories/GHSA-rcp6-88mm-9vgf
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-32109
reference_id CVE-2026-32109
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-32109
4
reference_url https://github.com/advisories/GHSA-rcp6-88mm-9vgf
reference_id GHSA-rcp6-88mm-9vgf
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rcp6-88mm-9vgf
fixed_packages
0
url pkg:pypi/copyparty@1.20.12
purl pkg:pypi/copyparty@1.20.12
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/copyparty@1.20.12
aliases CVE-2026-32109, GHSA-rcp6-88mm-9vgf, PYSEC-2026-32
risk_score 2.0
exploitability 0.5
weighted_severity 4.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rvb8-ftad-jbf7
8
url VCID-saj5-7b3m-4ubh
vulnerability_id VCID-saj5-7b3m-4ubh
summary Copyparty is a portable file server. Prior to 1.20.12, there was a missing permission-check in the shares feature (the shr global-option). This vulnerability only applies when the shares feature is used for the specific purpose of creating a share of just a single file inside a folder or either the FTP or SFTP server is enabled, and also made publicly accessible. Given these conditions, when a user is browsing a share through either FTP or SFTP (not http or https), they can gain read-access to the remaining files inside the shared folder by guessing/bruteforcing the filenames. It was not possible to descend into subdirectories in this manner; only the sibling files were accessible. This vulnerability is similar to CVE-2025-58753 which was previously fixed for HTTP and HTTPS, but not for FTP. The FTPS server did not yet exist at that time. This vulnerability is fixed in 1.20.12.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-32108
reference_id
reference_type
scores
0
value 0.00016
scoring_system epss
scoring_elements 0.04072
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-32108
1
reference_url https://github.com/9001/copyparty
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/9001/copyparty
2
reference_url https://github.com/9001/copyparty/security/advisories/GHSA-67rw-2x62-mqqm
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
3
value LOW
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T19:47:04Z/
url https://github.com/9001/copyparty/security/advisories/GHSA-67rw-2x62-mqqm
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-32108
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-32108
4
reference_url https://github.com/advisories/GHSA-67rw-2x62-mqqm
reference_id GHSA-67rw-2x62-mqqm
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-67rw-2x62-mqqm
fixed_packages
0
url pkg:pypi/copyparty@1.20.12
purl pkg:pypi/copyparty@1.20.12
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/copyparty@1.20.12
aliases CVE-2026-32108, GHSA-67rw-2x62-mqqm, PYSEC-2026-31
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-saj5-7b3m-4ubh
9
url VCID-wmjr-kwr1-fqe9
vulnerability_id VCID-wmjr-kwr1-fqe9
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-27145
reference_id
reference_type
scores
0
value 0.00297
scoring_system epss
scoring_elements 0.53382
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-27145
1
reference_url https://github.com/9001/copyparty
reference_id
reference_type
scores
0
value 3.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/9001/copyparty
2
reference_url https://github.com/9001/copyparty/commit/438ea6ccb06f39d7cbb4b6ee7ad44606e21a63dd
reference_id
reference_type
scores
0
value 3.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T13:59:39Z/
url https://github.com/9001/copyparty/commit/438ea6ccb06f39d7cbb4b6ee7ad44606e21a63dd
3
reference_url https://github.com/9001/copyparty/releases/tag/v1.16.15
reference_id
reference_type
scores
0
value 3.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T13:59:39Z/
url https://github.com/9001/copyparty/releases/tag/v1.16.15
4
reference_url https://github.com/9001/copyparty/security/advisories/GHSA-m2jw-cj8v-937r
reference_id
reference_type
scores
0
value 3.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T13:59:39Z/
url https://github.com/9001/copyparty/security/advisories/GHSA-m2jw-cj8v-937r
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-27145
reference_id
reference_type
scores
0
value 3.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-27145
6
reference_url https://github.com/advisories/GHSA-m2jw-cj8v-937r
reference_id GHSA-m2jw-cj8v-937r
reference_type
scores
url https://github.com/advisories/GHSA-m2jw-cj8v-937r
fixed_packages
0
url pkg:pypi/copyparty@1.16.15
purl pkg:pypi/copyparty@1.16.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3r9d-rwc2-dqhj
1
vulnerability VCID-455d-1uuh-akcw
2
vulnerability VCID-4k23-f4m1-2bg2
3
vulnerability VCID-qvzv-kutp-sfaf
4
vulnerability VCID-rvb8-ftad-jbf7
5
vulnerability VCID-saj5-7b3m-4ubh
6
vulnerability VCID-yygv-g6z8-9yf5
7
vulnerability VCID-yzc3-sqs8-hqa1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/copyparty@1.16.15
aliases CVE-2025-27145, GHSA-m2jw-cj8v-937r
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wmjr-kwr1-fqe9
10
url VCID-yygv-g6z8-9yf5
vulnerability_id VCID-yygv-g6z8-9yf5
summary 
copyparty: volflag `nohtml` did not block javascript in svg files
The `nohtml` config option, intended to prevent execution of JavaScript in user-uploaded HTML files, did not apply to SVG images.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-30974
reference_id
reference_type
scores
0
value 0.00042
scoring_system epss
scoring_elements 0.13318
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-30974
1
reference_url https://github.com/9001/copyparty
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/9001/copyparty
2
reference_url https://github.com/9001/copyparty/commit/1c9f894e149b6be3cc7de81efc93a4ce4766e0e5
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-11T14:45:22Z/
url https://github.com/9001/copyparty/commit/1c9f894e149b6be3cc7de81efc93a4ce4766e0e5
3
reference_url https://github.com/9001/copyparty/releases/tag/v1.20.11
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-11T14:45:22Z/
url https://github.com/9001/copyparty/releases/tag/v1.20.11
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-30974
reference_id CVE-2026-30974
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-30974
5
reference_url https://github.com/9001/copyparty/security/advisories/GHSA-m6hv-x64c-27mm
reference_id GHSA-m6hv-x64c-27mm
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-11T14:45:22Z/
url https://github.com/9001/copyparty/security/advisories/GHSA-m6hv-x64c-27mm
6
reference_url https://github.com/advisories/GHSA-m6hv-x64c-27mm
reference_id GHSA-m6hv-x64c-27mm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m6hv-x64c-27mm
fixed_packages
0
url pkg:pypi/copyparty@1.20.11
purl pkg:pypi/copyparty@1.20.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-rvb8-ftad-jbf7
1
vulnerability VCID-saj5-7b3m-4ubh
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/copyparty@1.20.11
aliases CVE-2026-30974, GHSA-m6hv-x64c-27mm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yygv-g6z8-9yf5
11
url VCID-yzc3-sqs8-hqa1
vulnerability_id VCID-yzc3-sqs8-hqa1
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-54796
reference_id
reference_type
scores
0
value 0.00319
scoring_system epss
scoring_elements 0.55176
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-54796
1
reference_url https://github.com/9001/copyparty
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/9001/copyparty
2
reference_url https://github.com/9001/copyparty/commit/09910ba80784c3980947d92f45db696398c0fd83
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-04T15:19:56Z/
url https://github.com/9001/copyparty/commit/09910ba80784c3980947d92f45db696398c0fd83
3
reference_url https://github.com/9001/copyparty/releases/tag/v1.18.9
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-04T15:19:56Z/
url https://github.com/9001/copyparty/releases/tag/v1.18.9
4
reference_url https://github.com/9001/copyparty/security/advisories/GHSA-5662-2rj7-f2v6
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-04T15:19:56Z/
url https://github.com/9001/copyparty/security/advisories/GHSA-5662-2rj7-f2v6
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-54796
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-54796
6
reference_url https://github.com/advisories/GHSA-5662-2rj7-f2v6
reference_id GHSA-5662-2rj7-f2v6
reference_type
scores
url https://github.com/advisories/GHSA-5662-2rj7-f2v6
fixed_packages
0
url pkg:pypi/copyparty@1.18.9
purl pkg:pypi/copyparty@1.18.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-455d-1uuh-akcw
1
vulnerability VCID-4k23-f4m1-2bg2
2
vulnerability VCID-rvb8-ftad-jbf7
3
vulnerability VCID-saj5-7b3m-4ubh
4
vulnerability VCID-yygv-g6z8-9yf5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/copyparty@1.18.9
aliases CVE-2025-54796, GHSA-5662-2rj7-f2v6
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yzc3-sqs8-hqa1
Fixing_vulnerabilities
Risk_score3.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/copyparty@0.3.1