Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:alpm/archlinux/redmine@4.1.1-2
Typealpm
Namespacearchlinux
Nameredmine
Version4.1.1-2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.2.2-1
Latest_non_vulnerable_version4.2.3-1
Affected_by_vulnerabilities
0
url VCID-1fe1-sdn1-jfcw
vulnerability_id VCID-1fe1-sdn1-jfcw
summary Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows attackers to bypass the add_issue_notes permission requirement by leveraging the incoming mail handler.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-31864
reference_id
reference_type
scores
0
value 0.00217
scoring_system epss
scoring_elements 0.44255
published_at 2026-04-21T12:55:00Z
1
value 0.00217
scoring_system epss
scoring_elements 0.44212
published_at 2026-04-01T12:55:00Z
2
value 0.00217
scoring_system epss
scoring_elements 0.4428
published_at 2026-04-02T12:55:00Z
3
value 0.00217
scoring_system epss
scoring_elements 0.44302
published_at 2026-04-04T12:55:00Z
4
value 0.00217
scoring_system epss
scoring_elements 0.44235
published_at 2026-04-07T12:55:00Z
5
value 0.00217
scoring_system epss
scoring_elements 0.44288
published_at 2026-04-08T12:55:00Z
6
value 0.00217
scoring_system epss
scoring_elements 0.44292
published_at 2026-04-09T12:55:00Z
7
value 0.00217
scoring_system epss
scoring_elements 0.4431
published_at 2026-04-11T12:55:00Z
8
value 0.00217
scoring_system epss
scoring_elements 0.44278
published_at 2026-04-12T12:55:00Z
9
value 0.00217
scoring_system epss
scoring_elements 0.44277
published_at 2026-04-13T12:55:00Z
10
value 0.00217
scoring_system epss
scoring_elements 0.44335
published_at 2026-04-16T12:55:00Z
11
value 0.00217
scoring_system epss
scoring_elements 0.44326
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-31864
1
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990792
reference_id 990792
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990792
2
reference_url https://security.archlinux.org/ASA-202105-1
reference_id ASA-202105-1
reference_type
scores
url https://security.archlinux.org/ASA-202105-1
3
reference_url https://security.archlinux.org/AVG-1743
reference_id AVG-1743
reference_type
scores
0
value Critical
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1743
fixed_packages
0
url pkg:alpm/archlinux/redmine@4.2.1-1
purl pkg:alpm/archlinux/redmine@4.2.1-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gjey-bqtd-kqa1
1
vulnerability VCID-pwfc-n1q7-b7e4
2
vulnerability VCID-wg3a-j2dp-ayh4
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/redmine@4.2.1-1
aliases CVE-2021-31864
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1fe1-sdn1-jfcw
1
url VCID-7nsr-5xpe-vke4
vulnerability_id VCID-7nsr-5xpe-vke4
summary Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController and MailHandlerController.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-31866
reference_id
reference_type
scores
0
value 0.00442
scoring_system epss
scoring_elements 0.63306
published_at 2026-04-21T12:55:00Z
1
value 0.00442
scoring_system epss
scoring_elements 0.63196
published_at 2026-04-01T12:55:00Z
2
value 0.00442
scoring_system epss
scoring_elements 0.63255
published_at 2026-04-02T12:55:00Z
3
value 0.00442
scoring_system epss
scoring_elements 0.63284
published_at 2026-04-04T12:55:00Z
4
value 0.00442
scoring_system epss
scoring_elements 0.63249
published_at 2026-04-07T12:55:00Z
5
value 0.00442
scoring_system epss
scoring_elements 0.633
published_at 2026-04-08T12:55:00Z
6
value 0.00442
scoring_system epss
scoring_elements 0.63318
published_at 2026-04-09T12:55:00Z
7
value 0.00442
scoring_system epss
scoring_elements 0.63335
published_at 2026-04-11T12:55:00Z
8
value 0.00442
scoring_system epss
scoring_elements 0.63319
published_at 2026-04-16T12:55:00Z
9
value 0.00442
scoring_system epss
scoring_elements 0.63283
published_at 2026-04-13T12:55:00Z
10
value 0.00442
scoring_system epss
scoring_elements 0.63327
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-31866
1
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990792
reference_id 990792
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990792
2
reference_url https://security.archlinux.org/ASA-202105-1
reference_id ASA-202105-1
reference_type
scores
url https://security.archlinux.org/ASA-202105-1
3
reference_url https://security.archlinux.org/AVG-1743
reference_id AVG-1743
reference_type
scores
0
value Critical
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1743
fixed_packages
0
url pkg:alpm/archlinux/redmine@4.2.1-1
purl pkg:alpm/archlinux/redmine@4.2.1-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gjey-bqtd-kqa1
1
vulnerability VCID-pwfc-n1q7-b7e4
2
vulnerability VCID-wg3a-j2dp-ayh4
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/redmine@4.2.1-1
aliases CVE-2021-31866
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7nsr-5xpe-vke4
2
url VCID-8cvp-423x-qfga
vulnerability_id VCID-8cvp-423x-qfga
summary Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the add_issue_notes permission requirement by leveraging the Issues API.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-30164
reference_id
reference_type
scores
0
value 0.00209
scoring_system epss
scoring_elements 0.43324
published_at 2026-04-21T12:55:00Z
1
value 0.00209
scoring_system epss
scoring_elements 0.43276
published_at 2026-04-01T12:55:00Z
2
value 0.00209
scoring_system epss
scoring_elements 0.43333
published_at 2026-04-02T12:55:00Z
3
value 0.00209
scoring_system epss
scoring_elements 0.43361
published_at 2026-04-04T12:55:00Z
4
value 0.00209
scoring_system epss
scoring_elements 0.43299
published_at 2026-04-07T12:55:00Z
5
value 0.00209
scoring_system epss
scoring_elements 0.43351
published_at 2026-04-08T12:55:00Z
6
value 0.00209
scoring_system epss
scoring_elements 0.43366
published_at 2026-04-09T12:55:00Z
7
value 0.00209
scoring_system epss
scoring_elements 0.43387
published_at 2026-04-11T12:55:00Z
8
value 0.00209
scoring_system epss
scoring_elements 0.43355
published_at 2026-04-12T12:55:00Z
9
value 0.00209
scoring_system epss
scoring_elements 0.4334
published_at 2026-04-13T12:55:00Z
10
value 0.00209
scoring_system epss
scoring_elements 0.434
published_at 2026-04-16T12:55:00Z
11
value 0.00209
scoring_system epss
scoring_elements 0.43389
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-30164
1
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986800
reference_id 986800
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986800
2
reference_url https://security.archlinux.org/ASA-202105-1
reference_id ASA-202105-1
reference_type
scores
url https://security.archlinux.org/ASA-202105-1
3
reference_url https://security.archlinux.org/AVG-1743
reference_id AVG-1743
reference_type
scores
0
value Critical
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1743
fixed_packages
0
url pkg:alpm/archlinux/redmine@4.2.1-1
purl pkg:alpm/archlinux/redmine@4.2.1-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gjey-bqtd-kqa1
1
vulnerability VCID-pwfc-n1q7-b7e4
2
vulnerability VCID-wg3a-j2dp-ayh4
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/redmine@4.2.1-1
aliases CVE-2021-30164
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8cvp-423x-qfga
3
url VCID-a2t5-u2dx-5fc2
vulnerability_id VCID-a2t5-u2dx-5fc2
summary Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows users to circumvent the allowed filename extensions of uploaded attachments.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-31865
reference_id
reference_type
scores
0
value 0.00391
scoring_system epss
scoring_elements 0.60174
published_at 2026-04-18T12:55:00Z
1
value 0.00391
scoring_system epss
scoring_elements 0.60003
published_at 2026-04-01T12:55:00Z
2
value 0.00391
scoring_system epss
scoring_elements 0.60081
published_at 2026-04-02T12:55:00Z
3
value 0.00391
scoring_system epss
scoring_elements 0.60105
published_at 2026-04-04T12:55:00Z
4
value 0.00391
scoring_system epss
scoring_elements 0.60075
published_at 2026-04-07T12:55:00Z
5
value 0.00391
scoring_system epss
scoring_elements 0.60125
published_at 2026-04-08T12:55:00Z
6
value 0.00391
scoring_system epss
scoring_elements 0.60139
published_at 2026-04-09T12:55:00Z
7
value 0.00391
scoring_system epss
scoring_elements 0.6016
published_at 2026-04-21T12:55:00Z
8
value 0.00391
scoring_system epss
scoring_elements 0.60145
published_at 2026-04-12T12:55:00Z
9
value 0.00391
scoring_system epss
scoring_elements 0.60128
published_at 2026-04-13T12:55:00Z
10
value 0.00391
scoring_system epss
scoring_elements 0.60167
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-31865
1
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990792
reference_id 990792
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990792
2
reference_url https://security.archlinux.org/ASA-202105-1
reference_id ASA-202105-1
reference_type
scores
url https://security.archlinux.org/ASA-202105-1
3
reference_url https://security.archlinux.org/AVG-1743
reference_id AVG-1743
reference_type
scores
0
value Critical
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1743
fixed_packages
0
url pkg:alpm/archlinux/redmine@4.2.1-1
purl pkg:alpm/archlinux/redmine@4.2.1-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gjey-bqtd-kqa1
1
vulnerability VCID-pwfc-n1q7-b7e4
2
vulnerability VCID-wg3a-j2dp-ayh4
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/redmine@4.2.1-1
aliases CVE-2021-31865
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a2t5-u2dx-5fc2
4
url VCID-r8j4-1ux4-6ycy
vulnerability_id VCID-r8j4-1ux4-6ycy
summary Insufficient input validation in the Git repository integration of Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows Redmine users to read arbitrary local files accessible by the application server process.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-31863
reference_id
reference_type
scores
0
value 0.0079
scoring_system epss
scoring_elements 0.73909
published_at 2026-04-21T12:55:00Z
1
value 0.0079
scoring_system epss
scoring_elements 0.73819
published_at 2026-04-01T12:55:00Z
2
value 0.0079
scoring_system epss
scoring_elements 0.73828
published_at 2026-04-02T12:55:00Z
3
value 0.0079
scoring_system epss
scoring_elements 0.73853
published_at 2026-04-04T12:55:00Z
4
value 0.0079
scoring_system epss
scoring_elements 0.73824
published_at 2026-04-07T12:55:00Z
5
value 0.0079
scoring_system epss
scoring_elements 0.73858
published_at 2026-04-08T12:55:00Z
6
value 0.0079
scoring_system epss
scoring_elements 0.73871
published_at 2026-04-09T12:55:00Z
7
value 0.0079
scoring_system epss
scoring_elements 0.73893
published_at 2026-04-11T12:55:00Z
8
value 0.0079
scoring_system epss
scoring_elements 0.73874
published_at 2026-04-12T12:55:00Z
9
value 0.0079
scoring_system epss
scoring_elements 0.73866
published_at 2026-04-13T12:55:00Z
10
value 0.0079
scoring_system epss
scoring_elements 0.73908
published_at 2026-04-16T12:55:00Z
11
value 0.0079
scoring_system epss
scoring_elements 0.73917
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-31863
1
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990792
reference_id 990792
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990792
2
reference_url https://security.archlinux.org/ASA-202105-1
reference_id ASA-202105-1
reference_type
scores
url https://security.archlinux.org/ASA-202105-1
3
reference_url https://security.archlinux.org/AVG-1743
reference_id AVG-1743
reference_type
scores
0
value Critical
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1743
fixed_packages
0
url pkg:alpm/archlinux/redmine@4.2.1-1
purl pkg:alpm/archlinux/redmine@4.2.1-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gjey-bqtd-kqa1
1
vulnerability VCID-pwfc-n1q7-b7e4
2
vulnerability VCID-wg3a-j2dp-ayh4
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/redmine@4.2.1-1
aliases CVE-2021-31863
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r8j4-1ux4-6ycy
5
url VCID-yjxe-atwc-6yec
vulnerability_id VCID-yjxe-atwc-6yec
summary Redmine 4.1.x before 4.1.2 allows XSS because an issue's subject is mishandled in the auto complete tip.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-29274
reference_id
reference_type
scores
0
value 0.00323
scoring_system epss
scoring_elements 0.55386
published_at 2026-04-21T12:55:00Z
1
value 0.00323
scoring_system epss
scoring_elements 0.55244
published_at 2026-04-01T12:55:00Z
2
value 0.00323
scoring_system epss
scoring_elements 0.55343
published_at 2026-04-02T12:55:00Z
3
value 0.00323
scoring_system epss
scoring_elements 0.55368
published_at 2026-04-04T12:55:00Z
4
value 0.00323
scoring_system epss
scoring_elements 0.55346
published_at 2026-04-07T12:55:00Z
5
value 0.00323
scoring_system epss
scoring_elements 0.55396
published_at 2026-04-09T12:55:00Z
6
value 0.00323
scoring_system epss
scoring_elements 0.55407
published_at 2026-04-18T12:55:00Z
7
value 0.00323
scoring_system epss
scoring_elements 0.55385
published_at 2026-04-12T12:55:00Z
8
value 0.00323
scoring_system epss
scoring_elements 0.55367
published_at 2026-04-13T12:55:00Z
9
value 0.00323
scoring_system epss
scoring_elements 0.55402
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-29274
1
reference_url https://security.archlinux.org/ASA-202105-1
reference_id ASA-202105-1
reference_type
scores
url https://security.archlinux.org/ASA-202105-1
2
reference_url https://security.archlinux.org/AVG-1743
reference_id AVG-1743
reference_type
scores
0
value Critical
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1743
fixed_packages
0
url pkg:alpm/archlinux/redmine@4.2.1-1
purl pkg:alpm/archlinux/redmine@4.2.1-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gjey-bqtd-kqa1
1
vulnerability VCID-pwfc-n1q7-b7e4
2
vulnerability VCID-wg3a-j2dp-ayh4
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/redmine@4.2.1-1
aliases CVE-2021-29274
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yjxe-atwc-6yec
6
url VCID-zbef-znuk-eqhr
vulnerability_id VCID-zbef-znuk-eqhr
summary Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discover the names of private projects if issue-journal details exist that have changes to project_id values.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-30163
reference_id
reference_type
scores
0
value 0.00495
scoring_system epss
scoring_elements 0.65812
published_at 2026-04-18T12:55:00Z
1
value 0.00495
scoring_system epss
scoring_elements 0.65678
published_at 2026-04-01T12:55:00Z
2
value 0.00495
scoring_system epss
scoring_elements 0.65728
published_at 2026-04-02T12:55:00Z
3
value 0.00495
scoring_system epss
scoring_elements 0.65758
published_at 2026-04-04T12:55:00Z
4
value 0.00495
scoring_system epss
scoring_elements 0.65723
published_at 2026-04-07T12:55:00Z
5
value 0.00495
scoring_system epss
scoring_elements 0.65776
published_at 2026-04-08T12:55:00Z
6
value 0.00495
scoring_system epss
scoring_elements 0.65787
published_at 2026-04-09T12:55:00Z
7
value 0.00495
scoring_system epss
scoring_elements 0.65807
published_at 2026-04-11T12:55:00Z
8
value 0.00495
scoring_system epss
scoring_elements 0.65793
published_at 2026-04-12T12:55:00Z
9
value 0.00495
scoring_system epss
scoring_elements 0.65763
published_at 2026-04-13T12:55:00Z
10
value 0.00495
scoring_system epss
scoring_elements 0.65798
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-30163
1
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986800
reference_id 986800
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986800
2
reference_url https://security.archlinux.org/ASA-202105-1
reference_id ASA-202105-1
reference_type
scores
url https://security.archlinux.org/ASA-202105-1
3
reference_url https://security.archlinux.org/AVG-1743
reference_id AVG-1743
reference_type
scores
0
value Critical
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1743
fixed_packages
0
url pkg:alpm/archlinux/redmine@4.2.1-1
purl pkg:alpm/archlinux/redmine@4.2.1-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gjey-bqtd-kqa1
1
vulnerability VCID-pwfc-n1q7-b7e4
2
vulnerability VCID-wg3a-j2dp-ayh4
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/redmine@4.2.1-1
aliases CVE-2021-30163
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zbef-znuk-eqhr
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/redmine@4.1.1-2