Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:apk/alpine/py3-urllib3@1.26.4-r0?arch=x86&distroversion=v3.23&reponame=main

Type apk

Namespace alpine

Name py3-urllib3

Version 1.26.4-r0

Qualifiers

arch	x86
distroversion	v3.23
reponame	main

Subpath

Is_vulnerable false

Next_non_vulnerable_version 1.26.17-r0

Latest_non_vulnerable_version 2.6.3-r0

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-pu6r-vafw-gfe4

vulnerability_id VCID-pu6r-vafw-gfe4

summary The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy (if an SSLContext isn't given via proxy_config) doesn't verify the hostname of the certificate. This means certificates for different servers that still validate properly with the default urllib3 SSLContext will be silently accepted.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28363.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28363.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-28363

reference_id

reference_type

scores

value	0.00107
scoring_system	epss
scoring_elements	0.28825
published_at	2026-04-16T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.28804
published_at	2026-04-13T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.28853
published_at	2026-04-12T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.28897
published_at	2026-04-11T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.28891
published_at	2026-04-09T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.28851
published_at	2026-04-08T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.28783
published_at	2026-04-07T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.28976
published_at	2026-04-04T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.28927
published_at	2026-04-02T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.2885
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-28363

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28363
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28363

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2021-59.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2021-59.yaml

reference_url

https://github.com/pypa/advisory-db/tree/main/vulns/urllib3/PYSEC-2021-59.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-db/tree/main/vulns/urllib3/PYSEC-2021-59.yaml

reference_url

https://github.com/urllib3/urllib3

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/urllib3/urllib3

reference_url

https://github.com/urllib3/urllib3/blob/main/CHANGES.rst#1264-2021-03-15

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/urllib3/urllib3/blob/main/CHANGES.rst#1264-2021-03-15

reference_url

https://github.com/urllib3/urllib3/commit/8d65ea1ecf6e2cdc27d42124e587c1b83a3118b0

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/urllib3/urllib3/commit/8d65ea1ecf6e2cdc27d42124e587c1b83a3118b0

reference_url

https://github.com/urllib3/urllib3/commits/main

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/urllib3/urllib3/commits/main

reference_url

https://github.com/urllib3/urllib3/releases/tag/1.26.4

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/urllib3/urllib3/releases/tag/1.26.4

reference_url

https://github.com/urllib3/urllib3/security/advisories/GHSA-5phf-pp7p-vc2r

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/urllib3/urllib3/security/advisories/GHSA-5phf-pp7p-vc2r

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S65ZQVZ2ODGB52IC7VJDBUK4M5INCXL

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S65ZQVZ2ODGB52IC7VJDBUK4M5INCXL

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4S65ZQVZ2ODGB52IC7VJDBUK4M5INCXL

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4S65ZQVZ2ODGB52IC7VJDBUK4M5INCXL

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-28363

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-28363

reference_url

https://pypi.org/project/urllib3/1.26.4

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://pypi.org/project/urllib3/1.26.4

reference_url	https://pypi.org/project/urllib3/1.26.4/
reference_id
reference_type
scores
url	https://pypi.org/project/urllib3/1.26.4/

reference_url

https://security.gentoo.org/glsa/202107-36

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/202107-36

reference_url

https://security.gentoo.org/glsa/202305-02

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/202305-02

reference_url

https://security.netapp.com/advisory/ntap-20240621-0007

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20240621-0007

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1945136
reference_id	1945136
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1945136

reference_url

https://security.archlinux.org/AVG-1691

reference_id

AVG-1691

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1691

reference_url

https://github.com/advisories/GHSA-5phf-pp7p-vc2r

reference_id

GHSA-5phf-pp7p-vc2r

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-5phf-pp7p-vc2r

fixed_packages

url	pkg:apk/alpine/py3-urllib3@1.26.4-r0?arch=x86&distroversion=v3.23&reponame=main
purl	pkg:apk/alpine/py3-urllib3@1.26.4-r0?arch=x86&distroversion=v3.23&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/py3-urllib3@1.26.4-r0%3Farch=x86&distroversion=v3.23&reponame=main

aliases CVE-2021-28363, GHSA-5phf-pp7p-vc2r, PYSEC-2021-59

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pu6r-vafw-gfe4

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/py3-urllib3@1.26.4-r0%3Farch=x86&distroversion=v3.23&reponame=main

Package Instance