Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/curl@0?arch=ppc64le&distroversion=edge&reponame=main
Typeapk
Namespacealpine
Namecurl
Version0
Qualifiers
arch ppc64le
distroversion edge
reponame main
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version7.36.0-r0
Latest_non_vulnerable_version8.19.0-r0
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-d3s1-3qs7-2uhw
vulnerability_id VCID-d3s1-3qs7-2uhw
summary curl: Cipher settings shared for all connections when using schannel TLS backed
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22897.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22897.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22897
reference_id
reference_type
scores
0
value 0.00791
scoring_system epss
scoring_elements 0.73845
published_at 2026-04-01T12:55:00Z
1
value 0.00791
scoring_system epss
scoring_elements 0.73936
published_at 2026-04-16T12:55:00Z
2
value 0.00791
scoring_system epss
scoring_elements 0.73903
published_at 2026-04-12T12:55:00Z
3
value 0.00791
scoring_system epss
scoring_elements 0.73894
published_at 2026-04-13T12:55:00Z
4
value 0.00791
scoring_system epss
scoring_elements 0.73855
published_at 2026-04-02T12:55:00Z
5
value 0.00791
scoring_system epss
scoring_elements 0.7388
published_at 2026-04-04T12:55:00Z
6
value 0.00791
scoring_system epss
scoring_elements 0.73851
published_at 2026-04-07T12:55:00Z
7
value 0.00791
scoring_system epss
scoring_elements 0.73886
published_at 2026-04-08T12:55:00Z
8
value 0.00791
scoring_system epss
scoring_elements 0.73899
published_at 2026-04-09T12:55:00Z
9
value 0.00791
scoring_system epss
scoring_elements 0.73921
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22897
2
reference_url https://curl.se/docs/CVE-2021-22897.html
reference_id
reference_type
scores
0
value Low
scoring_system cvssv3.1
scoring_elements
url https://curl.se/docs/CVE-2021-22897.html
3
reference_url https://hackerone.com/reports/1172857
reference_id
reference_type
scores
url https://hackerone.com/reports/1172857
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1964904
reference_id 1964904
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1964904
5
reference_url https://security.archlinux.org/AVG-2016
reference_id AVG-2016
reference_type
scores
0
value Low
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2016
fixed_packages
0
url pkg:apk/alpine/curl@0?arch=ppc64le&distroversion=edge&reponame=main
purl pkg:apk/alpine/curl@0?arch=ppc64le&distroversion=edge&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/curl@0%3Farch=ppc64le&distroversion=edge&reponame=main
aliases CVE-2021-22897
risk_score 1.6
exploitability 0.5
weighted_severity 3.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d3s1-3qs7-2uhw
1
url VCID-kt4b-7ffh-4bch
vulnerability_id VCID-kt4b-7ffh-4bch
summary 
When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `--pinnedpubkey`
with the curl tool,curl should check the public key of the server certificate
to verify the peer.

This check was skipped in a certain condition that would then make curl allow
the connection without performing the proper check, thus not noticing a
possible impostor. To skip this check, the connection had to be done with QUIC
with ngtcp2 built to use GnuTLS and the user had to explicitly disable the
standard certificate verification.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13034.json
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13034.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-13034
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01204
published_at 2026-04-02T12:55:00Z
1
value 0.00011
scoring_system epss
scoring_elements 0.012
published_at 2026-04-16T12:55:00Z
2
value 0.00011
scoring_system epss
scoring_elements 0.0122
published_at 2026-04-07T12:55:00Z
3
value 0.00011
scoring_system epss
scoring_elements 0.01226
published_at 2026-04-08T12:55:00Z
4
value 0.00011
scoring_system epss
scoring_elements 0.0123
published_at 2026-04-09T12:55:00Z
5
value 0.00011
scoring_system epss
scoring_elements 0.01213
published_at 2026-04-11T12:55:00Z
6
value 0.00011
scoring_system epss
scoring_elements 0.01207
published_at 2026-04-12T12:55:00Z
7
value 0.00011
scoring_system epss
scoring_elements 0.01209
published_at 2026-04-13T12:55:00Z
8
value 0.00011
scoring_system epss
scoring_elements 0.01211
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-13034
2
reference_url https://curl.se/docs/CVE-2025-13034.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Medium
scoring_system cvssv3.1
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T14:56:11Z/
url https://curl.se/docs/CVE-2025-13034.html
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2426406
reference_id 2426406
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2426406
5
reference_url https://curl.se/docs/CVE-2025-13034.json
reference_id CVE-2025-13034.json
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T14:56:11Z/
url https://curl.se/docs/CVE-2025-13034.json
6
reference_url https://usn.ubuntu.com/8062-1/
reference_id USN-8062-1
reference_type
scores
url https://usn.ubuntu.com/8062-1/
fixed_packages
0
url pkg:apk/alpine/curl@0?arch=ppc64le&distroversion=edge&reponame=main
purl pkg:apk/alpine/curl@0?arch=ppc64le&distroversion=edge&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/curl@0%3Farch=ppc64le&distroversion=edge&reponame=main
aliases CVE-2025-13034
risk_score 3.0
exploitability 0.5
weighted_severity 6.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kt4b-7ffh-4bch
2
url VCID-nvzd-v3bs-6qek
vulnerability_id VCID-nvzd-v3bs-6qek
summary When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts *not present* in the specified file if they were added as recognized in the libssh *global* known_hosts file.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-15079.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-15079.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-15079
reference_id
reference_type
scores
0
value 0.00035
scoring_system epss
scoring_elements 0.10292
published_at 2026-04-02T12:55:00Z
1
value 0.00035
scoring_system epss
scoring_elements 0.10237
published_at 2026-04-16T12:55:00Z
2
value 0.00035
scoring_system epss
scoring_elements 0.10359
published_at 2026-04-04T12:55:00Z
3
value 0.00035
scoring_system epss
scoring_elements 0.1026
published_at 2026-04-07T12:55:00Z
4
value 0.00035
scoring_system epss
scoring_elements 0.10333
published_at 2026-04-08T12:55:00Z
5
value 0.00035
scoring_system epss
scoring_elements 0.10399
published_at 2026-04-09T12:55:00Z
6
value 0.00035
scoring_system epss
scoring_elements 0.10428
published_at 2026-04-11T12:55:00Z
7
value 0.00035
scoring_system epss
scoring_elements 0.10388
published_at 2026-04-12T12:55:00Z
8
value 0.00035
scoring_system epss
scoring_elements 0.10366
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-15079
2
reference_url https://curl.se/docs/CVE-2025-15079.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value Low
scoring_system cvssv3.1
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T14:45:34Z/
url https://curl.se/docs/CVE-2025-15079.html
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15079
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15079
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://hackerone.com/reports/3477116
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T14:45:34Z/
url https://hackerone.com/reports/3477116
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2426409
reference_id 2426409
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2426409
7
reference_url https://curl.se/docs/CVE-2025-15079.json
reference_id CVE-2025-15079.json
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T14:45:34Z/
url https://curl.se/docs/CVE-2025-15079.json
8
reference_url https://usn.ubuntu.com/8062-1/
reference_id USN-8062-1
reference_type
scores
url https://usn.ubuntu.com/8062-1/
9
reference_url https://usn.ubuntu.com/8062-2/
reference_id USN-8062-2
reference_type
scores
url https://usn.ubuntu.com/8062-2/
fixed_packages
0
url pkg:apk/alpine/curl@0?arch=ppc64le&distroversion=edge&reponame=main
purl pkg:apk/alpine/curl@0?arch=ppc64le&distroversion=edge&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/curl@0%3Farch=ppc64le&distroversion=edge&reponame=main
aliases CVE-2025-15079
risk_score 3.6
exploitability 0.5
weighted_severity 7.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nvzd-v3bs-6qek
3
url VCID-vbbv-k1r7-kkas
vulnerability_id VCID-vbbv-k1r7-kkas
summary When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-15224.json
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-15224.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-15224
reference_id
reference_type
scores
0
value 0.00084
scoring_system epss
scoring_elements 0.24629
published_at 2026-04-02T12:55:00Z
1
value 0.00084
scoring_system epss
scoring_elements 0.24485
published_at 2026-04-16T12:55:00Z
2
value 0.00084
scoring_system epss
scoring_elements 0.24667
published_at 2026-04-04T12:55:00Z
3
value 0.00084
scoring_system epss
scoring_elements 0.24442
published_at 2026-04-07T12:55:00Z
4
value 0.00084
scoring_system epss
scoring_elements 0.2451
published_at 2026-04-08T12:55:00Z
5
value 0.00084
scoring_system epss
scoring_elements 0.24554
published_at 2026-04-09T12:55:00Z
6
value 0.00084
scoring_system epss
scoring_elements 0.2457
published_at 2026-04-11T12:55:00Z
7
value 0.00084
scoring_system epss
scoring_elements 0.24526
published_at 2026-04-12T12:55:00Z
8
value 0.00084
scoring_system epss
scoring_elements 0.2447
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-15224
2
reference_url https://curl.se/docs/CVE-2025-15224.html
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value Low
scoring_system cvssv3.1
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T14:38:20Z/
url https://curl.se/docs/CVE-2025-15224.html
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15224
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15224
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://hackerone.com/reports/3480925
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T14:38:20Z/
url https://hackerone.com/reports/3480925
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2426410
reference_id 2426410
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2426410
7
reference_url https://curl.se/docs/CVE-2025-15224.json
reference_id CVE-2025-15224.json
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T14:38:20Z/
url https://curl.se/docs/CVE-2025-15224.json
8
reference_url https://usn.ubuntu.com/8062-1/
reference_id USN-8062-1
reference_type
scores
url https://usn.ubuntu.com/8062-1/
9
reference_url https://usn.ubuntu.com/8062-2/
reference_id USN-8062-2
reference_type
scores
url https://usn.ubuntu.com/8062-2/
fixed_packages
0
url pkg:apk/alpine/curl@0?arch=ppc64le&distroversion=edge&reponame=main
purl pkg:apk/alpine/curl@0?arch=ppc64le&distroversion=edge&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/curl@0%3Farch=ppc64le&distroversion=edge&reponame=main
aliases CVE-2025-15224
risk_score 2.1
exploitability 0.5
weighted_severity 4.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vbbv-k1r7-kkas
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/curl@0%3Farch=ppc64le&distroversion=edge&reponame=main