Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:apk/alpine/hdf5@1.12.1-r0?arch=riscv64&distroversion=v3.23&reponame=community

Type apk

Namespace alpine

Name hdf5

Version 1.12.1-r0

Qualifiers

arch	riscv64
distroversion	v3.23
reponame	community

Subpath

Is_vulnerable false

Next_non_vulnerable_version 1.12.2-r0

Latest_non_vulnerable_version 1.12.2-r0

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-4kz9-zrss-83bx

vulnerability_id VCID-4kz9-zrss-83bx

summary A heap-based buffer over-read in H5O_attr_decode() in H5Oattr.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while converting an HDF file to GIF file.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17435.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17435.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-17435

reference_id

reference_type

scores

value	0.00752
scoring_system	epss
scoring_elements	0.73551
published_at	2026-06-04T12:55:00Z

value	0.00752
scoring_system	epss
scoring_elements	0.73587
published_at	2026-06-05T12:55:00Z

value	0.00752
scoring_system	epss
scoring_elements	0.73592
published_at	2026-06-06T12:55:00Z

value	0.00752
scoring_system	epss
scoring_elements	0.73578
published_at	2026-06-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-17435

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17435
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17435

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1634125
reference_id	1634125
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1634125

fixed_packages

url	pkg:apk/alpine/hdf5@1.12.1-r0?arch=riscv64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/hdf5@1.12.1-r0?arch=riscv64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/hdf5@1.12.1-r0%3Farch=riscv64&distroversion=v3.23&reponame=community

aliases CVE-2018-17435

risk_score 1.9

exploitability 0.5

weighted_severity 3.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4kz9-zrss-83bx

url VCID-c2d5-k2pu-m3ba

vulnerability_id VCID-c2d5-k2pu-m3ba

summary An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_layout_decode in H5Olayout.c, related to HDmemcpy.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14033.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14033.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-14033

reference_id

reference_type

scores

value	0.00546
scoring_system	epss
scoring_elements	0.68189
published_at	2026-06-04T12:55:00Z

value	0.00546
scoring_system	epss
scoring_elements	0.68228
published_at	2026-06-07T12:55:00Z

value	0.00546
scoring_system	epss
scoring_elements	0.68236
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-14033

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14033
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14033

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1600982
reference_id	1600982
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1600982

fixed_packages

url	pkg:apk/alpine/hdf5@1.12.1-r0?arch=riscv64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/hdf5@1.12.1-r0?arch=riscv64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/hdf5@1.12.1-r0%3Farch=riscv64&distroversion=v3.23&reponame=community

aliases CVE-2018-14033

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c2d5-k2pu-m3ba

url VCID-kpny-jvxd-h7df

vulnerability_id VCID-kpny-jvxd-h7df

summary An issue was discovered in the HDF HDF5 1.8.20 library. There is a memcpy parameter overlap in the function H5O_link_decode in H5Olink.c.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-13869.json

reference_id

reference_type

scores

value	3.6
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-13869.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-13869

reference_id

reference_type

scores

value	0.00546
scoring_system	epss
scoring_elements	0.68189
published_at	2026-06-04T12:55:00Z

value	0.00546
scoring_system	epss
scoring_elements	0.68228
published_at	2026-06-07T12:55:00Z

value	0.00546
scoring_system	epss
scoring_elements	0.68236
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-13869

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13869
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13869

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.6
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1601467
reference_id	1601467
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1601467

fixed_packages

url	pkg:apk/alpine/hdf5@1.12.1-r0?arch=riscv64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/hdf5@1.12.1-r0?arch=riscv64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/hdf5@1.12.1-r0%3Farch=riscv64&distroversion=v3.23&reponame=community

aliases CVE-2018-13869

risk_score 1.6

exploitability 0.5

weighted_severity 3.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kpny-jvxd-h7df

url VCID-nmw3-6t79-pubv

vulnerability_id VCID-nmw3-6t79-pubv

summary An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5VM_memcpyvv in H5VM.c when called from H5D__compact_readvv in H5Dcompact.c.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9151.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9151.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-9151

reference_id

reference_type

scores

value	0.00396
scoring_system	epss
scoring_elements	0.60782
published_at	2026-06-04T12:55:00Z

value	0.00396
scoring_system	epss
scoring_elements	0.60832
published_at	2026-06-05T12:55:00Z

value	0.00396
scoring_system	epss
scoring_elements	0.60839
published_at	2026-06-06T12:55:00Z

value	0.00396
scoring_system	epss
scoring_elements	0.60827
published_at	2026-06-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-9151

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9151
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9151

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1684481
reference_id	1684481
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1684481

fixed_packages

url	pkg:apk/alpine/hdf5@1.12.1-r0?arch=riscv64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/hdf5@1.12.1-r0?arch=riscv64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/hdf5@1.12.1-r0%3Farch=riscv64&distroversion=v3.23&reponame=community

aliases CVE-2019-9151

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nmw3-6t79-pubv

url VCID-p78p-43n3-yqgg

vulnerability_id VCID-p78p-43n3-yqgg

summary An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_link_decode in H5Olink.c.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-13870.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-13870.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-13870

reference_id

reference_type

scores

value	0.00546
scoring_system	epss
scoring_elements	0.68189
published_at	2026-06-04T12:55:00Z

value	0.00546
scoring_system	epss
scoring_elements	0.68228
published_at	2026-06-07T12:55:00Z

value	0.00546
scoring_system	epss
scoring_elements	0.68236
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-13870

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13870
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13870

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.6
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1601468
reference_id	1601468
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1601468

fixed_packages

url	pkg:apk/alpine/hdf5@1.12.1-r0?arch=riscv64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/hdf5@1.12.1-r0?arch=riscv64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/hdf5@1.12.1-r0%3Farch=riscv64&distroversion=v3.23&reponame=community

aliases CVE-2018-13870

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p78p-43n3-yqgg

url VCID-pmtb-wxmw-2yh2

vulnerability_id VCID-pmtb-wxmw-2yh2

summary An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_sdspace_decode in H5Osdspace.c.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14460.json

reference_id

reference_type

scores

value	4.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14460.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-14460

reference_id

reference_type

scores

value	0.00546
scoring_system	epss
scoring_elements	0.68189
published_at	2026-06-04T12:55:00Z

value	0.00546
scoring_system	epss
scoring_elements	0.68228
published_at	2026-06-07T12:55:00Z

value	0.00546
scoring_system	epss
scoring_elements	0.68236
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-14460

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14460
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14460

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.6
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1607608
reference_id	1607608
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1607608

fixed_packages

url	pkg:apk/alpine/hdf5@1.12.1-r0?arch=riscv64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/hdf5@1.12.1-r0?arch=riscv64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/hdf5@1.12.1-r0%3Farch=riscv64&distroversion=v3.23&reponame=community

aliases CVE-2018-14460

risk_score 2.1

exploitability 0.5

weighted_severity 4.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pmtb-wxmw-2yh2

url VCID-ua6h-y2bc-jqdy

vulnerability_id VCID-ua6h-y2bc-jqdy

summary

Out-of-bounds Read
An issue was discovered in HDF5. A heap-based buffer over-read exists in the function `H5O__layout_decode()` located in `H5Olayout.c`. It allows an attacker to cause Denial of Service.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10811.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10811.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-10811

reference_id

reference_type

scores

value	0.0043
scoring_system	epss
scoring_elements	0.62848
published_at	2026-06-04T12:55:00Z

value	0.0043
scoring_system	epss
scoring_elements	0.62891
published_at	2026-06-05T12:55:00Z

value	0.0043
scoring_system	epss
scoring_elements	0.629
published_at	2026-06-06T12:55:00Z

value	0.0043
scoring_system	epss
scoring_elements	0.6289
published_at	2026-06-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-10811

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10811
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10811

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1827478
reference_id	1827478
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1827478

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2020-10811
reference_id	CVE-2020-10811
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2020-10811

fixed_packages

url	pkg:apk/alpine/hdf5@1.12.1-r0?arch=riscv64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/hdf5@1.12.1-r0?arch=riscv64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/hdf5@1.12.1-r0%3Farch=riscv64&distroversion=v3.23&reponame=community

aliases CVE-2020-10811

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ua6h-y2bc-jqdy

url VCID-untx-ks69-4yc3

vulnerability_id VCID-untx-ks69-4yc3

summary An out of bounds read was discovered in H5O_fill_new_decode and H5O_fill_old_decode in H5Ofill.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11206.json

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11206.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-11206

reference_id

reference_type

scores

value	0.00768
scoring_system	epss
scoring_elements	0.73848
published_at	2026-06-04T12:55:00Z

value	0.00768
scoring_system	epss
scoring_elements	0.73884
published_at	2026-06-05T12:55:00Z

value	0.00768
scoring_system	epss
scoring_elements	0.7389
published_at	2026-06-06T12:55:00Z

value	0.00768
scoring_system	epss
scoring_elements	0.73875
published_at	2026-06-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-11206

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11206
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11206

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1579960
reference_id	1579960
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1579960

fixed_packages

url	pkg:apk/alpine/hdf5@1.12.1-r0?arch=riscv64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/hdf5@1.12.1-r0?arch=riscv64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/hdf5@1.12.1-r0%3Farch=riscv64&distroversion=v3.23&reponame=community

aliases CVE-2018-11206

risk_score 1.5

exploitability 0.5

weighted_severity 3.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-untx-ks69-4yc3

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/hdf5@1.12.1-r0%3Farch=riscv64&distroversion=v3.23&reponame=community

Package Instance