Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/libcrypto%2B%2B@8.7.0%2Bgit220824-1?distro=trixie

Type deb

Namespace debian

Name libcrypto++

Version 8.7.0+git220824-1

Qualifiers

distro	trixie

Subpath

Is_vulnerable true

Next_non_vulnerable_version 8.9.0-2

Latest_non_vulnerable_version 8.9.0-2

Affected_by_vulnerabilities

url VCID-cq4a-bah8-nbfg

vulnerability_id VCID-cq4a-bah8-nbfg

summary gf2n.cpp in Crypto++ (aka cryptopp) through 8.9.0 allows attackers to cause a denial of service (application crash) via DER public-key data for an F(2^m) curve, if the degree of each term in the polynomial is not strictly decreasing.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-50980

reference_id

reference_type

scores

value	0.00066
scoring_system	epss
scoring_elements	0.20678
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-50980

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50980
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50980

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059311
reference_id	1059311
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059311

fixed_packages

url	pkg:deb/debian/libcrypto%2B%2B@8.9.0-2?distro=trixie
purl	pkg:deb/debian/libcrypto%2B%2B@8.9.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcrypto%252B%252B@8.9.0-2%3Fdistro=trixie

aliases CVE-2023-50980

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cq4a-bah8-nbfg

Fixing_vulnerabilities

url VCID-1rzn-y6tv-fybt

vulnerability_id VCID-1rzn-y6tv-fybt

summary security update

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-9939

reference_id

reference_type

scores

value	0.05919
scoring_system	epss
scoring_elements	0.90752
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-9939

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9939
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9939

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848009
reference_id	848009
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848009

fixed_packages

url	pkg:deb/debian/libcrypto%2B%2B@5.6.4-5?distro=trixie
purl	pkg:deb/debian/libcrypto%2B%2B@5.6.4-5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcrypto%252B%252B@5.6.4-5%3Fdistro=trixie

url pkg:deb/debian/libcrypto%2B%2B@8.4.0-1?distro=trixie

purl pkg:deb/debian/libcrypto%2B%2B@8.4.0-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4azj-gnk2-bfee

vulnerability	VCID-cq4a-bah8-nbfg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcrypto%252B%252B@8.4.0-1%3Fdistro=trixie

url pkg:deb/debian/libcrypto%2B%2B@8.7.0%2Bgit220824-1?distro=trixie

purl pkg:deb/debian/libcrypto%2B%2B@8.7.0%2Bgit220824-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cq4a-bah8-nbfg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcrypto%252B%252B@8.7.0%252Bgit220824-1%3Fdistro=trixie

url	pkg:deb/debian/libcrypto%2B%2B@8.9.0-2?distro=trixie
purl	pkg:deb/debian/libcrypto%2B%2B@8.9.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcrypto%252B%252B@8.9.0-2%3Fdistro=trixie

aliases CVE-2016-9939

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1rzn-y6tv-fybt

url VCID-4azj-gnk2-bfee

vulnerability_id VCID-4azj-gnk2-bfee

summary information disclosure

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-40530

reference_id

reference_type

scores

value	0.00257
scoring_system	epss
scoring_elements	0.49206
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-40530

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40530
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40530

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993841
reference_id	993841
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993841

reference_url

https://security.archlinux.org/AVG-2363

reference_id

AVG-2363

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2363

fixed_packages

url	pkg:deb/debian/libcrypto%2B%2B@8.6.0-1?distro=trixie
purl	pkg:deb/debian/libcrypto%2B%2B@8.6.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcrypto%252B%252B@8.6.0-1%3Fdistro=trixie

url pkg:deb/debian/libcrypto%2B%2B@8.7.0%2Bgit220824-1?distro=trixie

purl pkg:deb/debian/libcrypto%2B%2B@8.7.0%2Bgit220824-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cq4a-bah8-nbfg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcrypto%252B%252B@8.7.0%252Bgit220824-1%3Fdistro=trixie

url	pkg:deb/debian/libcrypto%2B%2B@8.9.0-2?distro=trixie
purl	pkg:deb/debian/libcrypto%2B%2B@8.9.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcrypto%252B%252B@8.9.0-2%3Fdistro=trixie

aliases CVE-2021-40530

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4azj-gnk2-bfee

url VCID-6nfn-dzeh-d3av

vulnerability_id VCID-6nfn-dzeh-d3av

summary Crypto++ 5.6.4 incorrectly uses Microsoft's stack-based _malloca and _freea functions. The library will request a block of memory to align a table in memory. If the table is later reallocated, then the wrong pointer could be freed.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-7544

reference_id

reference_type

scores

value	0.02823
scoring_system	epss
scoring_elements	0.86406
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-7544

fixed_packages

url	pkg:deb/debian/libcrypto%2B%2B@0?distro=trixie
purl	pkg:deb/debian/libcrypto%2B%2B@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcrypto%252B%252B@0%3Fdistro=trixie

url pkg:deb/debian/libcrypto%2B%2B@8.4.0-1?distro=trixie

purl pkg:deb/debian/libcrypto%2B%2B@8.4.0-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4azj-gnk2-bfee

vulnerability	VCID-cq4a-bah8-nbfg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcrypto%252B%252B@8.4.0-1%3Fdistro=trixie

url pkg:deb/debian/libcrypto%2B%2B@8.7.0%2Bgit220824-1?distro=trixie

purl pkg:deb/debian/libcrypto%2B%2B@8.7.0%2Bgit220824-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cq4a-bah8-nbfg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcrypto%252B%252B@8.7.0%252Bgit220824-1%3Fdistro=trixie

url	pkg:deb/debian/libcrypto%2B%2B@8.9.0-2?distro=trixie
purl	pkg:deb/debian/libcrypto%2B%2B@8.9.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcrypto%252B%252B@8.9.0-2%3Fdistro=trixie

aliases CVE-2016-7544

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6nfn-dzeh-d3av

url VCID-8kst-qb5s-uycd

vulnerability_id VCID-8kst-qb5s-uycd

summary denial of service

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-9434

reference_id

reference_type

scores

value	0.00472
scoring_system	epss
scoring_elements	0.64984
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-9434

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9434
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9434

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864214
reference_id	864214
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864214

reference_url

https://security.archlinux.org/AVG-288

reference_id

AVG-288

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-288

fixed_packages

url	pkg:deb/debian/libcrypto%2B%2B@5.6.4-7?distro=trixie
purl	pkg:deb/debian/libcrypto%2B%2B@5.6.4-7?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcrypto%252B%252B@5.6.4-7%3Fdistro=trixie

url pkg:deb/debian/libcrypto%2B%2B@8.4.0-1?distro=trixie

purl pkg:deb/debian/libcrypto%2B%2B@8.4.0-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4azj-gnk2-bfee

vulnerability	VCID-cq4a-bah8-nbfg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcrypto%252B%252B@8.4.0-1%3Fdistro=trixie

url pkg:deb/debian/libcrypto%2B%2B@8.7.0%2Bgit220824-1?distro=trixie

purl pkg:deb/debian/libcrypto%2B%2B@8.7.0%2Bgit220824-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cq4a-bah8-nbfg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcrypto%252B%252B@8.7.0%252Bgit220824-1%3Fdistro=trixie

url	pkg:deb/debian/libcrypto%2B%2B@8.9.0-2?distro=trixie
purl	pkg:deb/debian/libcrypto%2B%2B@8.9.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcrypto%252B%252B@8.9.0-2%3Fdistro=trixie

aliases CVE-2017-9434

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8kst-qb5s-uycd

url VCID-mxpy-4eyq-h3ep

vulnerability_id VCID-mxpy-4eyq-h3ep

summary private key recovery

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-14318

reference_id

reference_type

scores

value	0.03018
scoring_system	epss
scoring_elements	0.8684
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-14318

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14318
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14318

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934326
reference_id	934326
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934326

reference_url	https://security.archlinux.org/ASA-201912-3
reference_id	ASA-201912-3
reference_type
scores
url	https://security.archlinux.org/ASA-201912-3

reference_url

https://security.archlinux.org/AVG-1046

reference_id

AVG-1046

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1046

fixed_packages

url	pkg:deb/debian/libcrypto%2B%2B@5.6.4-9?distro=trixie
purl	pkg:deb/debian/libcrypto%2B%2B@5.6.4-9?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcrypto%252B%252B@5.6.4-9%3Fdistro=trixie

url pkg:deb/debian/libcrypto%2B%2B@8.4.0-1?distro=trixie

purl pkg:deb/debian/libcrypto%2B%2B@8.4.0-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4azj-gnk2-bfee

vulnerability	VCID-cq4a-bah8-nbfg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcrypto%252B%252B@8.4.0-1%3Fdistro=trixie

url pkg:deb/debian/libcrypto%2B%2B@8.7.0%2Bgit220824-1?distro=trixie

purl pkg:deb/debian/libcrypto%2B%2B@8.7.0%2Bgit220824-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cq4a-bah8-nbfg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcrypto%252B%252B@8.7.0%252Bgit220824-1%3Fdistro=trixie

url	pkg:deb/debian/libcrypto%2B%2B@8.9.0-2?distro=trixie
purl	pkg:deb/debian/libcrypto%2B%2B@8.9.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcrypto%252B%252B@8.9.0-2%3Fdistro=trixie

aliases CVE-2019-14318

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mxpy-4eyq-h3ep

url VCID-sj7w-zbub-5yaz

vulnerability_id VCID-sj7w-zbub-5yaz

summary The timing attack protection in Rijndael::Enc::ProcessAndXorBlock and Rijndael::Dec::ProcessAndXorBlock in Crypto++ (aka cryptopp) before 5.6.4 may be optimized out by the compiler, which allows attackers to conduct timing attacks.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-3995

reference_id

reference_type

scores

value	0.01025
scoring_system	epss
scoring_elements	0.77568
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-3995

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3995
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3995

fixed_packages

url	pkg:deb/debian/libcrypto%2B%2B@5.6.3-6?distro=trixie
purl	pkg:deb/debian/libcrypto%2B%2B@5.6.3-6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcrypto%252B%252B@5.6.3-6%3Fdistro=trixie

url pkg:deb/debian/libcrypto%2B%2B@8.4.0-1?distro=trixie

purl pkg:deb/debian/libcrypto%2B%2B@8.4.0-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4azj-gnk2-bfee

vulnerability	VCID-cq4a-bah8-nbfg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcrypto%252B%252B@8.4.0-1%3Fdistro=trixie

url pkg:deb/debian/libcrypto%2B%2B@8.7.0%2Bgit220824-1?distro=trixie

purl pkg:deb/debian/libcrypto%2B%2B@8.7.0%2Bgit220824-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cq4a-bah8-nbfg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcrypto%252B%252B@8.7.0%252Bgit220824-1%3Fdistro=trixie

url	pkg:deb/debian/libcrypto%2B%2B@8.9.0-2?distro=trixie
purl	pkg:deb/debian/libcrypto%2B%2B@8.9.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcrypto%252B%252B@8.9.0-2%3Fdistro=trixie

aliases CVE-2016-3995

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sj7w-zbub-5yaz

url VCID-w94h-6497-3bbb

vulnerability_id VCID-w94h-6497-3bbb

summary security update

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-2141

reference_id

reference_type

scores

value	0.00403
scoring_system	epss
scoring_elements	0.61136
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-2141

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2141
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2141

fixed_packages

url	pkg:deb/debian/libcrypto%2B%2B@5.6.1-7?distro=trixie
purl	pkg:deb/debian/libcrypto%2B%2B@5.6.1-7?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcrypto%252B%252B@5.6.1-7%3Fdistro=trixie

url pkg:deb/debian/libcrypto%2B%2B@8.4.0-1?distro=trixie

purl pkg:deb/debian/libcrypto%2B%2B@8.4.0-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4azj-gnk2-bfee

vulnerability	VCID-cq4a-bah8-nbfg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcrypto%252B%252B@8.4.0-1%3Fdistro=trixie

url pkg:deb/debian/libcrypto%2B%2B@8.7.0%2Bgit220824-1?distro=trixie

purl pkg:deb/debian/libcrypto%2B%2B@8.7.0%2Bgit220824-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cq4a-bah8-nbfg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcrypto%252B%252B@8.7.0%252Bgit220824-1%3Fdistro=trixie

url	pkg:deb/debian/libcrypto%2B%2B@8.9.0-2?distro=trixie
purl	pkg:deb/debian/libcrypto%2B%2B@8.9.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcrypto%252B%252B@8.9.0-2%3Fdistro=trixie

aliases CVE-2015-2141

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w94h-6497-3bbb

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcrypto%252B%252B@8.7.0%252Bgit220824-1%3Fdistro=trixie

Package Instance