Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/certifi@2023.7.22

Type pypi

Namespace

Name certifi

Version 2023.7.22

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2024.7.4

Latest_non_vulnerable_version 2024.7.4

Affected_by_vulnerabilities

url VCID-2wd3-e3mb-ebgn

vulnerability_id VCID-2wd3-e3mb-ebgn

summary Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.05.30 and prior to 2024.07.4 recognized root certificates from `GLOBALTRUST`. Certifi 2024.07.04 removes root certificates from `GLOBALTRUST` from the root store. These are in the process of being removed from Mozilla's trust store. `GLOBALTRUST`'s root certificates are being removed pursuant to an investigation which identified "long-running and unresolved compliance issues."

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39689.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39689.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-39689

reference_id

reference_type

scores

value	0.21233
scoring_system	epss
scoring_elements	0.95687
published_at	2026-04-21T12:55:00Z

value	0.21233
scoring_system	epss
scoring_elements	0.95685
published_at	2026-04-18T12:55:00Z

value	0.21233
scoring_system	epss
scoring_elements	0.95681
published_at	2026-04-16T12:55:00Z

value	0.21233
scoring_system	epss
scoring_elements	0.95673
published_at	2026-04-13T12:55:00Z

value	0.21233
scoring_system	epss
scoring_elements	0.95646
published_at	2026-04-02T12:55:00Z

value	0.21233
scoring_system	epss
scoring_elements	0.9567
published_at	2026-04-12T12:55:00Z

value	0.21233
scoring_system	epss
scoring_elements	0.95671
published_at	2026-04-11T12:55:00Z

value	0.21233
scoring_system	epss
scoring_elements	0.95667
published_at	2026-04-09T12:55:00Z

value	0.21233
scoring_system	epss
scoring_elements	0.95662
published_at	2026-04-08T12:55:00Z

value	0.21233
scoring_system	epss
scoring_elements	0.95654
published_at	2026-04-07T12:55:00Z

value	0.21233
scoring_system	epss
scoring_elements	0.95652
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-39689

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39689
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39689

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/certifi/python-certifi

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/certifi/python-certifi

reference_url

https://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-05T20:06:09Z/

url

https://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463

reference_url

https://github.com/certifi/python-certifi/security/advisories/GHSA-248v-346w-9cwc

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-05T20:06:09Z/

url

https://github.com/certifi/python-certifi/security/advisories/GHSA-248v-346w-9cwc

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/certifi/PYSEC-2024-230.yaml

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/certifi/PYSEC-2024-230.yaml

reference_url

https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/XpknYMPO8dI

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-05T20:06:09Z/

url

https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/XpknYMPO8dI

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-39689

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-39689

reference_url

https://security.netapp.com/advisory/ntap-20241206-0001

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20241206-0001

reference_url

https://security.netapp.com/advisory/ntap-20241206-0001/

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://security.netapp.com/advisory/ntap-20241206-0001/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2296020
reference_id	2296020
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2296020

reference_url

https://github.com/advisories/GHSA-248v-346w-9cwc

reference_id

GHSA-248v-346w-9cwc

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-248v-346w-9cwc

fixed_packages

url	pkg:pypi/certifi@2024.7.4
purl	pkg:pypi/certifi@2024.7.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/certifi@2024.7.4

aliases CVE-2024-39689, GHSA-248v-346w-9cwc, PYSEC-2024-230

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2wd3-e3mb-ebgn

Fixing_vulnerabilities

url VCID-qx4m-q293-ckhj

vulnerability_id VCID-qx4m-q293-ckhj

summary Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. These are in the process of being removed from Mozilla's trust store. e-Tugra's root certificates are being removed pursuant to an investigation prompted by reporting of security issues in their systems.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-37920.json

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-37920.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-37920

reference_id

reference_type

scores

value	0.00112
scoring_system	epss
scoring_elements	0.29531
published_at	2026-04-21T12:55:00Z

value	0.00112
scoring_system	epss
scoring_elements	0.29576
published_at	2026-04-18T12:55:00Z

value	0.00112
scoring_system	epss
scoring_elements	0.29601
published_at	2026-04-16T12:55:00Z

value	0.00112
scoring_system	epss
scoring_elements	0.29705
published_at	2026-04-02T12:55:00Z

value	0.00112
scoring_system	epss
scoring_elements	0.29583
published_at	2026-04-13T12:55:00Z

value	0.00112
scoring_system	epss
scoring_elements	0.29633
published_at	2026-04-12T12:55:00Z

value	0.00112
scoring_system	epss
scoring_elements	0.29677
published_at	2026-04-11T12:55:00Z

value	0.00112
scoring_system	epss
scoring_elements	0.29675
published_at	2026-04-09T12:55:00Z

value	0.00112
scoring_system	epss
scoring_elements	0.29637
published_at	2026-04-08T12:55:00Z

value	0.00112
scoring_system	epss
scoring_elements	0.29575
published_at	2026-04-07T12:55:00Z

value	0.00112
scoring_system	epss
scoring_elements	0.29755
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-37920

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37920
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37920

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/certifi/python-certifi

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/certifi/python-certifi

reference_url

https://github.com/certifi/python-certifi/commit/8fb96ed81f71e7097ed11bc4d9b19afd7ea5c909

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-05T18:38:32Z/

url

https://github.com/certifi/python-certifi/commit/8fb96ed81f71e7097ed11bc4d9b19afd7ea5c909

reference_url

https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-05T18:38:32Z/

url

https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/certifi/PYSEC-2023-135.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/certifi/PYSEC-2023-135.yaml

reference_url

https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/C-HrP1SEq1A

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-05T18:38:32Z/

url

https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/C-HrP1SEq1A

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EX6NG7WUFNUKGFHLM35KHHU3GAKXRTG

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EX6NG7WUFNUKGFHLM35KHHU3GAKXRTG

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-37920

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-37920

reference_url

https://security.netapp.com/advisory/ntap-20240912-0002

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20240912-0002

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2226586
reference_id	2226586
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2226586

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EX6NG7WUFNUKGFHLM35KHHU3GAKXRTG/

reference_id

5EX6NG7WUFNUKGFHLM35KHHU3GAKXRTG

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-05T18:38:32Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EX6NG7WUFNUKGFHLM35KHHU3GAKXRTG/

reference_url

https://github.com/advisories/GHSA-xqr8-7jwr-rhp7

reference_id

GHSA-xqr8-7jwr-rhp7

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-xqr8-7jwr-rhp7

reference_url	https://access.redhat.com/errata/RHSA-2023:6812
reference_id	RHSA-2023:6812
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6812

reference_url	https://access.redhat.com/errata/RHSA-2023:7378
reference_id	RHSA-2023:7378
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7378

reference_url	https://access.redhat.com/errata/RHSA-2023:7385
reference_id	RHSA-2023:7385
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7385

reference_url	https://access.redhat.com/errata/RHSA-2023:7407
reference_id	RHSA-2023:7407
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7407

reference_url	https://access.redhat.com/errata/RHSA-2023:7435
reference_id	RHSA-2023:7435
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7435

reference_url	https://access.redhat.com/errata/RHSA-2023:7523
reference_id	RHSA-2023:7523
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7523

reference_url	https://access.redhat.com/errata/RHSA-2023:7528
reference_id	RHSA-2023:7528
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7528

reference_url	https://access.redhat.com/errata/RHSA-2023:7753
reference_id	RHSA-2023:7753
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7753

reference_url	https://access.redhat.com/errata/RHSA-2024:0133
reference_id	RHSA-2024:0133
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0133

reference_url	https://access.redhat.com/errata/RHSA-2024:8228
reference_id	RHSA-2024:8228
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:8228

fixed_packages

url pkg:pypi/certifi@2023.7.22

purl pkg:pypi/certifi@2023.7.22

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wd3-e3mb-ebgn

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/certifi@2023.7.22

aliases CVE-2023-37920, GHSA-xqr8-7jwr-rhp7, PYSEC-2023-135

risk_score 4.1

exploitability 0.5

weighted_severity 8.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qx4m-q293-ckhj

Risk_score 3.4

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/certifi@2023.7.22

Package Instance