Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:alpm/archlinux/apache@2.4.47-1
Typealpm
Namespacearchlinux
Nameapache
Version2.4.47-1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.4.51-1
Latest_non_vulnerable_version2.4.55-1
Affected_by_vulnerabilities
0
url VCID-6b7y-562y-suce
vulnerability_id VCID-6b7y-562y-suce
summary 
Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating why the request was rejected.

This rejection response was not fully initialised in the HTTP/2 protocol handler if the offending header was the very first one received or appeared in a a footer. This led to a NULL pointer dereference on initialised memory, crashing reliably the child process. Since such a triggering HTTP/2 request is easy to craft and submit, this can be exploited to DoS the server.

This issue affected  mod_http2 1.15.17 and Apache HTTP Server version 2.4.47 only. Apache HTTP Server 2.4.47 was never released.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31618.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31618.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-31618
reference_id
reference_type
scores
0
value 0.11001
scoring_system epss
scoring_elements 0.93456
published_at 2026-04-21T12:55:00Z
1
value 0.11001
scoring_system epss
scoring_elements 0.934
published_at 2026-04-02T12:55:00Z
2
value 0.11001
scoring_system epss
scoring_elements 0.93416
published_at 2026-04-08T12:55:00Z
3
value 0.11001
scoring_system epss
scoring_elements 0.93392
published_at 2026-04-01T12:55:00Z
4
value 0.11001
scoring_system epss
scoring_elements 0.93408
published_at 2026-04-07T12:55:00Z
5
value 0.11001
scoring_system epss
scoring_elements 0.9345
published_at 2026-04-18T12:55:00Z
6
value 0.11001
scoring_system epss
scoring_elements 0.93445
published_at 2026-04-16T12:55:00Z
7
value 0.11001
scoring_system epss
scoring_elements 0.93424
published_at 2026-04-12T12:55:00Z
8
value 0.11001
scoring_system epss
scoring_elements 0.93425
published_at 2026-04-13T12:55:00Z
9
value 0.11001
scoring_system epss
scoring_elements 0.93419
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-31618
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1968013
reference_id 1968013
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1968013
9
reference_url http://www.openwall.com/lists/oss-security/2024/03/13/2
reference_id 2
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/
url http://www.openwall.com/lists/oss-security/2024/03/13/2
10
reference_url https://seclists.org/oss-sec/2021/q2/206
reference_id 206
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/
url https://seclists.org/oss-sec/2021/q2/206
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NKJ3ZA3FTSZ2QBBPKS6BYGAWYRABNQQ/
reference_id 2NKJ3ZA3FTSZ2QBBPKS6BYGAWYRABNQQ
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NKJ3ZA3FTSZ2QBBPKS6BYGAWYRABNQQ/
12
reference_url http://www.openwall.com/lists/oss-security/2021/06/10/9
reference_id 9
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/
url http://www.openwall.com/lists/oss-security/2021/06/10/9
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989562
reference_id 989562
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989562
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A73QJ4HPUMU26I6EULG6SCK67TUEXZYR/
reference_id A73QJ4HPUMU26I6EULG6SCK67TUEXZYR
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A73QJ4HPUMU26I6EULG6SCK67TUEXZYR/
15
reference_url https://security.archlinux.org/ASA-202106-23
reference_id ASA-202106-23
reference_type
scores
url https://security.archlinux.org/ASA-202106-23
16
reference_url https://security.archlinux.org/AVG-2041
reference_id AVG-2041
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2041
17
reference_url https://httpd.apache.org/security/json/CVE-2021-31618.json
reference_id CVE-2021-31618
reference_type
scores
0
value important
scoring_system apache_httpd
scoring_elements
url https://httpd.apache.org/security/json/CVE-2021-31618.json
18
reference_url https://www.debian.org/security/2021/dsa-4937
reference_id dsa-4937
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/
url https://www.debian.org/security/2021/dsa-4937
19
reference_url https://security.gentoo.org/glsa/202107-38
reference_id GLSA-202107-38
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/
url https://security.gentoo.org/glsa/202107-38
20
reference_url https://security.netapp.com/advisory/ntap-20210727-0008/
reference_id ntap-20210727-0008
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/
url https://security.netapp.com/advisory/ntap-20210727-0008/
21
reference_url https://lists.apache.org/thread.html/r14b66ef0f4f569fd515a3f96cd4eb58bd9a8ff525cc326bb0359664f%40%3Ccvs.httpd.apache.org%3E
reference_id r14b66ef0f4f569fd515a3f96cd4eb58bd9a8ff525cc326bb0359664f%40%3Ccvs.httpd.apache.org%3E
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/
url https://lists.apache.org/thread.html/r14b66ef0f4f569fd515a3f96cd4eb58bd9a8ff525cc326bb0359664f%40%3Ccvs.httpd.apache.org%3E
22
reference_url https://lists.apache.org/thread.html/r783b6558abf3305b17ea462bed4bd66d82866438999bf38cef6d11d1%40%3Ccvs.httpd.apache.org%3E
reference_id r783b6558abf3305b17ea462bed4bd66d82866438999bf38cef6d11d1%40%3Ccvs.httpd.apache.org%3E
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/
url https://lists.apache.org/thread.html/r783b6558abf3305b17ea462bed4bd66d82866438999bf38cef6d11d1%40%3Ccvs.httpd.apache.org%3E
fixed_packages
0
url pkg:alpm/archlinux/apache@2.4.48-1
purl pkg:alpm/archlinux/apache@2.4.48-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9u53-b79b-cfgd
1
vulnerability VCID-db6k-j9mj-e7hy
2
vulnerability VCID-mtg7-8556-kbgd
3
vulnerability VCID-rdtq-8ng5-53fn
4
vulnerability VCID-wrw6-uzz4-rkfb
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.48-1
aliases CVE-2021-31618
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6b7y-562y-suce
Fixing_vulnerabilities
0
url VCID-17hy-4ppt-xyhw
vulnerability_id VCID-17hy-4ppt-xyhw
summary Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted SessionHeader sent by an origin server could cause a heap overflow
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-26691.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-26691.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-26691
reference_id
reference_type
scores
0
value 0.40357
scoring_system epss
scoring_elements 0.97325
published_at 2026-04-01T12:55:00Z
1
value 0.40357
scoring_system epss
scoring_elements 0.9736
published_at 2026-04-21T12:55:00Z
2
value 0.40357
scoring_system epss
scoring_elements 0.97348
published_at 2026-04-13T12:55:00Z
3
value 0.40357
scoring_system epss
scoring_elements 0.97356
published_at 2026-04-16T12:55:00Z
4
value 0.40357
scoring_system epss
scoring_elements 0.97359
published_at 2026-04-18T12:55:00Z
5
value 0.40357
scoring_system epss
scoring_elements 0.97332
published_at 2026-04-02T12:55:00Z
6
value 0.40357
scoring_system epss
scoring_elements 0.97336
published_at 2026-04-07T12:55:00Z
7
value 0.40357
scoring_system epss
scoring_elements 0.97343
published_at 2026-04-08T12:55:00Z
8
value 0.40357
scoring_system epss
scoring_elements 0.97344
published_at 2026-04-09T12:55:00Z
9
value 0.40357
scoring_system epss
scoring_elements 0.97346
published_at 2026-04-11T12:55:00Z
10
value 0.40357
scoring_system epss
scoring_elements 0.97347
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-26691
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1966732
reference_id 1966732
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1966732
9
reference_url https://security.archlinux.org/AVG-2053
reference_id AVG-2053
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2053
10
reference_url https://httpd.apache.org/security/json/CVE-2021-26691.json
reference_id CVE-2021-26691
reference_type
scores
0
value low
scoring_system apache_httpd
scoring_elements
url https://httpd.apache.org/security/json/CVE-2021-26691.json
11
reference_url https://security.gentoo.org/glsa/202107-38
reference_id GLSA-202107-38
reference_type
scores
url https://security.gentoo.org/glsa/202107-38
12
reference_url https://access.redhat.com/errata/RHSA-2021:3816
reference_id RHSA-2021:3816
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3816
13
reference_url https://access.redhat.com/errata/RHSA-2021:4613
reference_id RHSA-2021:4613
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4613
14
reference_url https://access.redhat.com/errata/RHSA-2021:4614
reference_id RHSA-2021:4614
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4614
15
reference_url https://access.redhat.com/errata/RHSA-2022:0143
reference_id RHSA-2022:0143
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0143
16
reference_url https://usn.ubuntu.com/4994-1/
reference_id USN-4994-1
reference_type
scores
url https://usn.ubuntu.com/4994-1/
17
reference_url https://usn.ubuntu.com/4994-2/
reference_id USN-4994-2
reference_type
scores
url https://usn.ubuntu.com/4994-2/
fixed_packages
0
url pkg:alpm/archlinux/apache@2.4.47-1
purl pkg:alpm/archlinux/apache@2.4.47-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6b7y-562y-suce
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.47-1
aliases CVE-2021-26691
risk_score 3.6
exploitability 0.5
weighted_severity 7.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-17hy-4ppt-xyhw
1
url VCID-66k7-maf9-dfcd
vulnerability_id VCID-66k7-maf9-dfcd
summary Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35452.json
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35452.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-35452
reference_id
reference_type
scores
0
value 0.10695
scoring_system epss
scoring_elements 0.93289
published_at 2026-04-01T12:55:00Z
1
value 0.10695
scoring_system epss
scoring_elements 0.93349
published_at 2026-04-21T12:55:00Z
2
value 0.10695
scoring_system epss
scoring_elements 0.93319
published_at 2026-04-13T12:55:00Z
3
value 0.10695
scoring_system epss
scoring_elements 0.93337
published_at 2026-04-16T12:55:00Z
4
value 0.10695
scoring_system epss
scoring_elements 0.93342
published_at 2026-04-18T12:55:00Z
5
value 0.10695
scoring_system epss
scoring_elements 0.93297
published_at 2026-04-02T12:55:00Z
6
value 0.10695
scoring_system epss
scoring_elements 0.93303
published_at 2026-04-04T12:55:00Z
7
value 0.10695
scoring_system epss
scoring_elements 0.93302
published_at 2026-04-07T12:55:00Z
8
value 0.10695
scoring_system epss
scoring_elements 0.93311
published_at 2026-04-08T12:55:00Z
9
value 0.10695
scoring_system epss
scoring_elements 0.93315
published_at 2026-04-09T12:55:00Z
10
value 0.10695
scoring_system epss
scoring_elements 0.9332
published_at 2026-04-11T12:55:00Z
11
value 0.10695
scoring_system epss
scoring_elements 0.93318
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-35452
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1966724
reference_id 1966724
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1966724
9
reference_url https://security.archlinux.org/AVG-2053
reference_id AVG-2053
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2053
10
reference_url https://httpd.apache.org/security/json/CVE-2020-35452.json
reference_id CVE-2020-35452
reference_type
scores
0
value low
scoring_system apache_httpd
scoring_elements
url https://httpd.apache.org/security/json/CVE-2020-35452.json
11
reference_url https://security.gentoo.org/glsa/202107-38
reference_id GLSA-202107-38
reference_type
scores
url https://security.gentoo.org/glsa/202107-38
12
reference_url https://access.redhat.com/errata/RHSA-2021:4613
reference_id RHSA-2021:4613
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4613
13
reference_url https://access.redhat.com/errata/RHSA-2021:4614
reference_id RHSA-2021:4614
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4614
14
reference_url https://access.redhat.com/errata/RHSA-2022:1915
reference_id RHSA-2022:1915
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1915
15
reference_url https://usn.ubuntu.com/4994-1/
reference_id USN-4994-1
reference_type
scores
url https://usn.ubuntu.com/4994-1/
16
reference_url https://usn.ubuntu.com/4994-2/
reference_id USN-4994-2
reference_type
scores
url https://usn.ubuntu.com/4994-2/
fixed_packages
0
url pkg:alpm/archlinux/apache@2.4.47-1
purl pkg:alpm/archlinux/apache@2.4.47-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6b7y-562y-suce
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.47-1
aliases CVE-2020-35452
risk_score 3.3
exploitability 0.5
weighted_severity 6.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-66k7-maf9-dfcd
2
url VCID-91u7-vh6n-v7fm
vulnerability_id VCID-91u7-vh6n-v7fm
summary Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13938.json
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13938.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13938
reference_id
reference_type
scores
0
value 0.00071
scoring_system epss
scoring_elements 0.21778
published_at 2026-04-01T12:55:00Z
1
value 0.00071
scoring_system epss
scoring_elements 0.21782
published_at 2026-04-21T12:55:00Z
2
value 0.00071
scoring_system epss
scoring_elements 0.21811
published_at 2026-04-16T12:55:00Z
3
value 0.00071
scoring_system epss
scoring_elements 0.21818
published_at 2026-04-18T12:55:00Z
4
value 0.00071
scoring_system epss
scoring_elements 0.21943
published_at 2026-04-02T12:55:00Z
5
value 0.00071
scoring_system epss
scoring_elements 0.21997
published_at 2026-04-04T12:55:00Z
6
value 0.00071
scoring_system epss
scoring_elements 0.21761
published_at 2026-04-07T12:55:00Z
7
value 0.00071
scoring_system epss
scoring_elements 0.21839
published_at 2026-04-08T12:55:00Z
8
value 0.00071
scoring_system epss
scoring_elements 0.21894
published_at 2026-04-09T12:55:00Z
9
value 0.00071
scoring_system epss
scoring_elements 0.21906
published_at 2026-04-11T12:55:00Z
10
value 0.00071
scoring_system epss
scoring_elements 0.21866
published_at 2026-04-12T12:55:00Z
11
value 0.00071
scoring_system epss
scoring_elements 0.21808
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13938
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1970006
reference_id 1970006
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1970006
3
reference_url https://security.archlinux.org/AVG-2054
reference_id AVG-2054
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2054
4
reference_url https://httpd.apache.org/security/json/CVE-2020-13938.json
reference_id CVE-2020-13938
reference_type
scores
0
value moderate
scoring_system apache_httpd
scoring_elements
url https://httpd.apache.org/security/json/CVE-2020-13938.json
fixed_packages
0
url pkg:alpm/archlinux/apache@2.4.47-1
purl pkg:alpm/archlinux/apache@2.4.47-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6b7y-562y-suce
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.47-1
aliases CVE-2020-13938
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-91u7-vh6n-v7fm
3
url VCID-9ych-ybpr-j3h6
vulnerability_id VCID-9ych-ybpr-j3h6
summary Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13950.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13950.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13950
reference_id
reference_type
scores
0
value 0.21543
scoring_system epss
scoring_elements 0.95684
published_at 2026-04-01T12:55:00Z
1
value 0.21543
scoring_system epss
scoring_elements 0.95732
published_at 2026-04-21T12:55:00Z
2
value 0.21543
scoring_system epss
scoring_elements 0.95718
published_at 2026-04-13T12:55:00Z
3
value 0.21543
scoring_system epss
scoring_elements 0.95727
published_at 2026-04-16T12:55:00Z
4
value 0.21543
scoring_system epss
scoring_elements 0.95731
published_at 2026-04-18T12:55:00Z
5
value 0.21543
scoring_system epss
scoring_elements 0.95693
published_at 2026-04-02T12:55:00Z
6
value 0.21543
scoring_system epss
scoring_elements 0.95698
published_at 2026-04-04T12:55:00Z
7
value 0.21543
scoring_system epss
scoring_elements 0.95701
published_at 2026-04-07T12:55:00Z
8
value 0.21543
scoring_system epss
scoring_elements 0.9571
published_at 2026-04-08T12:55:00Z
9
value 0.21543
scoring_system epss
scoring_elements 0.95714
published_at 2026-04-09T12:55:00Z
10
value 0.21543
scoring_system epss
scoring_elements 0.95717
published_at 2026-04-11T12:55:00Z
11
value 0.21543
scoring_system epss
scoring_elements 0.95716
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13950
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13950
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13950
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1966738
reference_id 1966738
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1966738
5
reference_url https://security.archlinux.org/AVG-2053
reference_id AVG-2053
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2053
6
reference_url https://httpd.apache.org/security/json/CVE-2020-13950.json
reference_id CVE-2020-13950
reference_type
scores
0
value low
scoring_system apache_httpd
scoring_elements
url https://httpd.apache.org/security/json/CVE-2020-13950.json
7
reference_url https://security.gentoo.org/glsa/202107-38
reference_id GLSA-202107-38
reference_type
scores
url https://security.gentoo.org/glsa/202107-38
8
reference_url https://access.redhat.com/errata/RHSA-2021:4613
reference_id RHSA-2021:4613
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4613
9
reference_url https://access.redhat.com/errata/RHSA-2021:4614
reference_id RHSA-2021:4614
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4614
10
reference_url https://access.redhat.com/errata/RHSA-2022:5163
reference_id RHSA-2022:5163
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5163
11
reference_url https://usn.ubuntu.com/4994-1/
reference_id USN-4994-1
reference_type
scores
url https://usn.ubuntu.com/4994-1/
fixed_packages
0
url pkg:alpm/archlinux/apache@2.4.47-1
purl pkg:alpm/archlinux/apache@2.4.47-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6b7y-562y-suce
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.47-1
aliases CVE-2020-13950
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9ych-ybpr-j3h6
4
url VCID-bvkg-nrwd-e7g8
vulnerability_id VCID-bvkg-nrwd-e7g8
summary Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-26690.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-26690.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-26690
reference_id
reference_type
scores
0
value 0.70379
scoring_system epss
scoring_elements 0.98675
published_at 2026-04-02T12:55:00Z
1
value 0.70379
scoring_system epss
scoring_elements 0.98691
published_at 2026-04-21T12:55:00Z
2
value 0.70379
scoring_system epss
scoring_elements 0.98685
published_at 2026-04-12T12:55:00Z
3
value 0.70379
scoring_system epss
scoring_elements 0.98687
published_at 2026-04-13T12:55:00Z
4
value 0.70379
scoring_system epss
scoring_elements 0.98689
published_at 2026-04-16T12:55:00Z
5
value 0.70379
scoring_system epss
scoring_elements 0.98678
published_at 2026-04-04T12:55:00Z
6
value 0.70379
scoring_system epss
scoring_elements 0.98681
published_at 2026-04-07T12:55:00Z
7
value 0.70379
scoring_system epss
scoring_elements 0.98682
published_at 2026-04-08T12:55:00Z
8
value 0.70379
scoring_system epss
scoring_elements 0.98683
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-26690
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1966729
reference_id 1966729
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1966729
9
reference_url https://security.archlinux.org/AVG-2053
reference_id AVG-2053
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2053
10
reference_url https://httpd.apache.org/security/json/CVE-2021-26690.json
reference_id CVE-2021-26690
reference_type
scores
0
value low
scoring_system apache_httpd
scoring_elements
url https://httpd.apache.org/security/json/CVE-2021-26690.json
11
reference_url https://security.gentoo.org/glsa/202107-38
reference_id GLSA-202107-38
reference_type
scores
url https://security.gentoo.org/glsa/202107-38
12
reference_url https://access.redhat.com/errata/RHSA-2021:4257
reference_id RHSA-2021:4257
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4257
13
reference_url https://access.redhat.com/errata/RHSA-2021:4613
reference_id RHSA-2021:4613
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4613
14
reference_url https://access.redhat.com/errata/RHSA-2021:4614
reference_id RHSA-2021:4614
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4614
15
reference_url https://usn.ubuntu.com/4994-1/
reference_id USN-4994-1
reference_type
scores
url https://usn.ubuntu.com/4994-1/
16
reference_url https://usn.ubuntu.com/4994-2/
reference_id USN-4994-2
reference_type
scores
url https://usn.ubuntu.com/4994-2/
fixed_packages
0
url pkg:alpm/archlinux/apache@2.4.47-1
purl pkg:alpm/archlinux/apache@2.4.47-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6b7y-562y-suce
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.47-1
aliases CVE-2021-26690
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bvkg-nrwd-e7g8
5
url VCID-f2y3-s6j8-7ygr
vulnerability_id VCID-f2y3-s6j8-7ygr
summary Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17567.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17567.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-17567
reference_id
reference_type
scores
0
value 0.12438
scoring_system epss
scoring_elements 0.93865
published_at 2026-04-01T12:55:00Z
1
value 0.12438
scoring_system epss
scoring_elements 0.9393
published_at 2026-04-21T12:55:00Z
2
value 0.12438
scoring_system epss
scoring_elements 0.93903
published_at 2026-04-12T12:55:00Z
3
value 0.12438
scoring_system epss
scoring_elements 0.93924
published_at 2026-04-16T12:55:00Z
4
value 0.12438
scoring_system epss
scoring_elements 0.93929
published_at 2026-04-18T12:55:00Z
5
value 0.12438
scoring_system epss
scoring_elements 0.93874
published_at 2026-04-02T12:55:00Z
6
value 0.12438
scoring_system epss
scoring_elements 0.93883
published_at 2026-04-04T12:55:00Z
7
value 0.12438
scoring_system epss
scoring_elements 0.93886
published_at 2026-04-07T12:55:00Z
8
value 0.12438
scoring_system epss
scoring_elements 0.93895
published_at 2026-04-08T12:55:00Z
9
value 0.12438
scoring_system epss
scoring_elements 0.93898
published_at 2026-04-09T12:55:00Z
10
value 0.12438
scoring_system epss
scoring_elements 0.93902
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-17567
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17567
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17567
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1966740
reference_id 1966740
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1966740
5
reference_url https://security.archlinux.org/AVG-2053
reference_id AVG-2053
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2053
6
reference_url https://httpd.apache.org/security/json/CVE-2019-17567.json
reference_id CVE-2019-17567
reference_type
scores
0
value moderate
scoring_system apache_httpd
scoring_elements
url https://httpd.apache.org/security/json/CVE-2019-17567.json
7
reference_url https://security.gentoo.org/glsa/202107-38
reference_id GLSA-202107-38
reference_type
scores
url https://security.gentoo.org/glsa/202107-38
8
reference_url https://access.redhat.com/errata/RHSA-2021:4613
reference_id RHSA-2021:4613
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4613
9
reference_url https://access.redhat.com/errata/RHSA-2021:4614
reference_id RHSA-2021:4614
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4614
fixed_packages
0
url pkg:alpm/archlinux/apache@2.4.47-1
purl pkg:alpm/archlinux/apache@2.4.47-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6b7y-562y-suce
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.47-1
aliases CVE-2019-17567
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f2y3-s6j8-7ygr
6
url VCID-g6xr-qtwz-2yaq
vulnerability_id VCID-g6xr-qtwz-2yaq
summary Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF'
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30641.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30641.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-30641
reference_id
reference_type
scores
0
value 0.36362
scoring_system epss
scoring_elements 0.97082
published_at 2026-04-01T12:55:00Z
1
value 0.36362
scoring_system epss
scoring_elements 0.97127
published_at 2026-04-21T12:55:00Z
2
value 0.36362
scoring_system epss
scoring_elements 0.97111
published_at 2026-04-13T12:55:00Z
3
value 0.36362
scoring_system epss
scoring_elements 0.97119
published_at 2026-04-16T12:55:00Z
4
value 0.36362
scoring_system epss
scoring_elements 0.97122
published_at 2026-04-18T12:55:00Z
5
value 0.36362
scoring_system epss
scoring_elements 0.97089
published_at 2026-04-02T12:55:00Z
6
value 0.36362
scoring_system epss
scoring_elements 0.97094
published_at 2026-04-04T12:55:00Z
7
value 0.36362
scoring_system epss
scoring_elements 0.97095
published_at 2026-04-07T12:55:00Z
8
value 0.36362
scoring_system epss
scoring_elements 0.97105
published_at 2026-04-09T12:55:00Z
9
value 0.36362
scoring_system epss
scoring_elements 0.97109
published_at 2026-04-11T12:55:00Z
10
value 0.36362
scoring_system epss
scoring_elements 0.9711
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-30641
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1966743
reference_id 1966743
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1966743
9
reference_url https://security.archlinux.org/AVG-2053
reference_id AVG-2053
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2053
10
reference_url https://httpd.apache.org/security/json/CVE-2021-30641.json
reference_id CVE-2021-30641
reference_type
scores
0
value moderate
scoring_system apache_httpd
scoring_elements
url https://httpd.apache.org/security/json/CVE-2021-30641.json
11
reference_url https://security.gentoo.org/glsa/202107-38
reference_id GLSA-202107-38
reference_type
scores
url https://security.gentoo.org/glsa/202107-38
12
reference_url https://access.redhat.com/errata/RHSA-2021:4257
reference_id RHSA-2021:4257
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4257
13
reference_url https://access.redhat.com/errata/RHSA-2021:4613
reference_id RHSA-2021:4613
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4613
14
reference_url https://access.redhat.com/errata/RHSA-2021:4614
reference_id RHSA-2021:4614
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4614
15
reference_url https://usn.ubuntu.com/4994-1/
reference_id USN-4994-1
reference_type
scores
url https://usn.ubuntu.com/4994-1/
16
reference_url https://usn.ubuntu.com/4994-2/
reference_id USN-4994-2
reference_type
scores
url https://usn.ubuntu.com/4994-2/
fixed_packages
0
url pkg:alpm/archlinux/apache@2.4.47-1
purl pkg:alpm/archlinux/apache@2.4.47-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6b7y-562y-suce
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.47-1
aliases CVE-2021-30641
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g6xr-qtwz-2yaq
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.47-1