Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:alpm/archlinux/vault@1.9.0-1
Typealpm
Namespacearchlinux
Namevault
Version1.9.0-1
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-4795-vxdy-w7g3
vulnerability_id VCID-4795-vxdy-w7g3
summary 
HashiCorp Vault Incorrect Permission Assignment for Critical Resource
HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy enforcement. Fixed in Vault and Vault Enterprise 1.7.6, 1.8.5, and 1.9.0.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43998.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43998.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-43998
reference_id
reference_type
scores
0
value 0.00281
scoring_system epss
scoring_elements 0.5143
published_at 2026-04-29T12:55:00Z
1
value 0.00281
scoring_system epss
scoring_elements 0.51471
published_at 2026-04-09T12:55:00Z
2
value 0.00281
scoring_system epss
scoring_elements 0.51514
published_at 2026-04-11T12:55:00Z
3
value 0.00281
scoring_system epss
scoring_elements 0.51493
published_at 2026-04-12T12:55:00Z
4
value 0.00281
scoring_system epss
scoring_elements 0.5148
published_at 2026-04-13T12:55:00Z
5
value 0.00281
scoring_system epss
scoring_elements 0.51523
published_at 2026-04-16T12:55:00Z
6
value 0.00281
scoring_system epss
scoring_elements 0.51531
published_at 2026-04-18T12:55:00Z
7
value 0.00281
scoring_system epss
scoring_elements 0.51509
published_at 2026-04-21T12:55:00Z
8
value 0.00281
scoring_system epss
scoring_elements 0.51462
published_at 2026-04-24T12:55:00Z
9
value 0.00281
scoring_system epss
scoring_elements 0.51469
published_at 2026-04-26T12:55:00Z
10
value 0.00281
scoring_system epss
scoring_elements 0.51382
published_at 2026-04-01T12:55:00Z
11
value 0.00281
scoring_system epss
scoring_elements 0.51433
published_at 2026-04-02T12:55:00Z
12
value 0.00281
scoring_system epss
scoring_elements 0.5146
published_at 2026-04-04T12:55:00Z
13
value 0.00281
scoring_system epss
scoring_elements 0.51419
published_at 2026-04-07T12:55:00Z
14
value 0.00281
scoring_system epss
scoring_elements 0.51473
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-43998
2
reference_url https://discuss.hashicorp.com/t/hcsec-2021-30-vaults-templated-acl-policies-matched-first-created-alias-per-entity-and-auth-backend/32132
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://discuss.hashicorp.com/t/hcsec-2021-30-vaults-templated-acl-policies-matched-first-created-alias-per-entity-and-auth-backend/32132
3
reference_url https://github.com/hashicorp/vault
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/vault
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-43998
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-43998
5
reference_url https://security.gentoo.org/glsa/202207-01
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202207-01
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2028193
reference_id 2028193
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2028193
7
reference_url https://security.archlinux.org/AVG-2294
reference_id AVG-2294
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2294
8
reference_url https://access.redhat.com/errata/RHSA-2023:2138
reference_id RHSA-2023:2138
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2138
9
reference_url https://access.redhat.com/errata/RHSA-2023:3742
reference_id RHSA-2023:3742
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3742
fixed_packages
0
url pkg:alpm/archlinux/vault@1.9.0-1
purl pkg:alpm/archlinux/vault@1.9.0-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/vault@1.9.0-1
aliases CVE-2021-43998, GHSA-pfmw-vj74-ph8g
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4795-vxdy-w7g3
1
url VCID-rk2n-tuu9-fbdc
vulnerability_id VCID-rk2n-tuu9-fbdc
summary 
HashiCorp Vault underlying database had excessively broad filesystem permissions from v1.4.0 until v1.8.0
HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions. Fixed in Vault and Vault Enterprise 1.8.0.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38553.json
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38553.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-38553
reference_id
reference_type
scores
0
value 0.00032
scoring_system epss
scoring_elements 0.09388
published_at 2026-04-29T12:55:00Z
1
value 0.00032
scoring_system epss
scoring_elements 0.09344
published_at 2026-04-08T12:55:00Z
2
value 0.00032
scoring_system epss
scoring_elements 0.09393
published_at 2026-04-09T12:55:00Z
3
value 0.00032
scoring_system epss
scoring_elements 0.09405
published_at 2026-04-21T12:55:00Z
4
value 0.00032
scoring_system epss
scoring_elements 0.09376
published_at 2026-04-12T12:55:00Z
5
value 0.00032
scoring_system epss
scoring_elements 0.09361
published_at 2026-04-13T12:55:00Z
6
value 0.00032
scoring_system epss
scoring_elements 0.09254
published_at 2026-04-16T12:55:00Z
7
value 0.00032
scoring_system epss
scoring_elements 0.09252
published_at 2026-04-18T12:55:00Z
8
value 0.00032
scoring_system epss
scoring_elements 0.09461
published_at 2026-04-24T12:55:00Z
9
value 0.00032
scoring_system epss
scoring_elements 0.09427
published_at 2026-04-26T12:55:00Z
10
value 0.00032
scoring_system epss
scoring_elements 0.09304
published_at 2026-04-01T12:55:00Z
11
value 0.00032
scoring_system epss
scoring_elements 0.09305
published_at 2026-04-02T12:55:00Z
12
value 0.00032
scoring_system epss
scoring_elements 0.09355
published_at 2026-04-04T12:55:00Z
13
value 0.00032
scoring_system epss
scoring_elements 0.09268
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-38553
2
reference_url https://discuss.hashicorp.com/t/hcsec-2021-20-vault-s-integrated-storage-backend-database-file-may-have-excessively-broad-permissions/28168
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://discuss.hashicorp.com/t/hcsec-2021-20-vault-s-integrated-storage-backend-database-file-may-have-excessively-broad-permissions/28168
3
reference_url https://github.com/hashicorp/vault
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/vault
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-38553
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-38553
5
reference_url https://security.gentoo.org/glsa/202207-01
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202207-01
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1995209
reference_id 1995209
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1995209
7
reference_url https://security.archlinux.org/AVG-2294
reference_id AVG-2294
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2294
fixed_packages
0
url pkg:alpm/archlinux/vault@1.9.0-1
purl pkg:alpm/archlinux/vault@1.9.0-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/vault@1.9.0-1
aliases CVE-2021-38553, GHSA-23fq-q7hc-993r
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rk2n-tuu9-fbdc
2
url VCID-xerz-1x1v-uuap
vulnerability_id VCID-xerz-1x1v-uuap
summary 
Hashicorp Vault Privilege Escalation Vulnerability
HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to an entity alias ID sharing a mount accessor with another user to acquire this other user’s policies by merging their identities. Fixed in Vault and Vault Enterprise 1.7.5 and 1.8.4.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41802.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41802.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-41802
reference_id
reference_type
scores
0
value 0.00254
scoring_system epss
scoring_elements 0.48681
published_at 2026-04-29T12:55:00Z
1
value 0.00254
scoring_system epss
scoring_elements 0.48684
published_at 2026-04-07T12:55:00Z
2
value 0.00254
scoring_system epss
scoring_elements 0.48739
published_at 2026-04-08T12:55:00Z
3
value 0.00254
scoring_system epss
scoring_elements 0.48735
published_at 2026-04-13T12:55:00Z
4
value 0.00254
scoring_system epss
scoring_elements 0.48753
published_at 2026-04-11T12:55:00Z
5
value 0.00254
scoring_system epss
scoring_elements 0.48727
published_at 2026-04-12T12:55:00Z
6
value 0.00254
scoring_system epss
scoring_elements 0.48783
published_at 2026-04-16T12:55:00Z
7
value 0.00254
scoring_system epss
scoring_elements 0.48779
published_at 2026-04-18T12:55:00Z
8
value 0.00254
scoring_system epss
scoring_elements 0.48738
published_at 2026-04-21T12:55:00Z
9
value 0.00254
scoring_system epss
scoring_elements 0.48723
published_at 2026-04-24T12:55:00Z
10
value 0.00254
scoring_system epss
scoring_elements 0.48665
published_at 2026-04-01T12:55:00Z
11
value 0.00254
scoring_system epss
scoring_elements 0.48706
published_at 2026-04-02T12:55:00Z
12
value 0.00254
scoring_system epss
scoring_elements 0.48731
published_at 2026-04-26T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-41802
2
reference_url https://discuss.hashicorp.com/t/hcsec-2021-27-vault-merging-multiple-entity-aliases-for-the-same-mount-may-allow-privilege-escalation
reference_id
reference_type
scores
0
value 2.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://discuss.hashicorp.com/t/hcsec-2021-27-vault-merging-multiple-entity-aliases-for-the-same-mount-may-allow-privilege-escalation
3
reference_url https://github.com/hashicorp/vault
reference_id
reference_type
scores
0
value 2.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/vault
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41802
reference_id
reference_type
scores
0
value 2.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-41802
5
reference_url https://security.gentoo.org/glsa/202207-01
reference_id
reference_type
scores
0
value 2.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202207-01
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2015915
reference_id 2015915
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2015915
7
reference_url https://security.archlinux.org/AVG-2294
reference_id AVG-2294
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2294
fixed_packages
0
url pkg:alpm/archlinux/vault@1.9.0-1
purl pkg:alpm/archlinux/vault@1.9.0-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/vault@1.9.0-1
aliases CVE-2021-41802, GHSA-qv95-g3gm-x542
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xerz-1x1v-uuap
3
url VCID-xk9c-q66v-3kcx
vulnerability_id VCID-xk9c-q66v-3kcx
summary 
Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault
HashiCorp Vault and Vault Enterprise’s UI erroneously cached and exposed user-viewed secrets between sessions in a single shared browser. Fixed in 1.8.0 and pending 1.7.4 / 1.6.6 releases.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38554.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38554.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-38554
reference_id
reference_type
scores
0
value 0.0031
scoring_system epss
scoring_elements 0.54179
published_at 2026-04-29T12:55:00Z
1
value 0.0031
scoring_system epss
scoring_elements 0.54119
published_at 2026-04-01T12:55:00Z
2
value 0.0031
scoring_system epss
scoring_elements 0.54136
published_at 2026-04-02T12:55:00Z
3
value 0.0031
scoring_system epss
scoring_elements 0.54166
published_at 2026-04-04T12:55:00Z
4
value 0.0031
scoring_system epss
scoring_elements 0.54141
published_at 2026-04-07T12:55:00Z
5
value 0.0031
scoring_system epss
scoring_elements 0.54193
published_at 2026-04-08T12:55:00Z
6
value 0.0031
scoring_system epss
scoring_elements 0.54189
published_at 2026-04-24T12:55:00Z
7
value 0.0031
scoring_system epss
scoring_elements 0.54239
published_at 2026-04-16T12:55:00Z
8
value 0.0031
scoring_system epss
scoring_elements 0.54221
published_at 2026-04-12T12:55:00Z
9
value 0.0031
scoring_system epss
scoring_elements 0.542
published_at 2026-04-13T12:55:00Z
10
value 0.0031
scoring_system epss
scoring_elements 0.54242
published_at 2026-04-18T12:55:00Z
11
value 0.0031
scoring_system epss
scoring_elements 0.54224
published_at 2026-04-21T12:55:00Z
12
value 0.0031
scoring_system epss
scoring_elements 0.54203
published_at 2026-04-26T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-38554
2
reference_url https://discuss.hashicorp.com/t/hcsec-2021-19-vault-s-ui-cached-user-viewed-secrets-between-shared-browser-sessions/28166
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://discuss.hashicorp.com/t/hcsec-2021-19-vault-s-ui-cached-user-viewed-secrets-between-shared-browser-sessions/28166
3
reference_url https://github.com/hashicorp/vault
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/vault
4
reference_url https://github.com/hashicorp/vault/releases/tag/v1.6.6
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/vault/releases/tag/v1.6.6
5
reference_url https://github.com/hashicorp/vault/releases/tag/v1.7.4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/vault/releases/tag/v1.7.4
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-38554
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-38554
7
reference_url https://security.gentoo.org/glsa/202207-01
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202207-01
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1995207
reference_id 1995207
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1995207
9
reference_url https://security.archlinux.org/AVG-2294
reference_id AVG-2294
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2294
fixed_packages
0
url pkg:alpm/archlinux/vault@1.9.0-1
purl pkg:alpm/archlinux/vault@1.9.0-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/vault@1.9.0-1
aliases CVE-2021-38554, GHSA-6239-28c2-9mrm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xk9c-q66v-3kcx
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/vault@1.9.0-1