Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/mbedtls@3.6.3-r0?arch=armv7&distroversion=v3.20&reponame=main
Typeapk
Namespacealpine
Namembedtls
Version3.6.3-r0
Qualifiers
arch armv7
distroversion v3.20
reponame main
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version3.6.4-r0
Latest_non_vulnerable_version3.6.6-r0
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-gvkn-6e2m-dyez
vulnerability_id VCID-gvkn-6e2m-dyez
summary Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted certificates for arbitrary hostnames unless the TLS client application calls mbedtls_ssl_set_hostname.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-27809
reference_id
reference_type
scores
0
value 0.00081
scoring_system epss
scoring_elements 0.23595
published_at 2026-04-24T12:55:00Z
1
value 0.00081
scoring_system epss
scoring_elements 0.23741
published_at 2026-04-16T12:55:00Z
2
value 0.00081
scoring_system epss
scoring_elements 0.23729
published_at 2026-04-18T12:55:00Z
3
value 0.00081
scoring_system epss
scoring_elements 0.23706
published_at 2026-04-21T12:55:00Z
4
value 0.00081
scoring_system epss
scoring_elements 0.23872
published_at 2026-04-02T12:55:00Z
5
value 0.00081
scoring_system epss
scoring_elements 0.23912
published_at 2026-04-04T12:55:00Z
6
value 0.00081
scoring_system epss
scoring_elements 0.23701
published_at 2026-04-07T12:55:00Z
7
value 0.00081
scoring_system epss
scoring_elements 0.23771
published_at 2026-04-08T12:55:00Z
8
value 0.00081
scoring_system epss
scoring_elements 0.23818
published_at 2026-04-09T12:55:00Z
9
value 0.00081
scoring_system epss
scoring_elements 0.23832
published_at 2026-04-11T12:55:00Z
10
value 0.00081
scoring_system epss
scoring_elements 0.23788
published_at 2026-04-12T12:55:00Z
11
value 0.00081
scoring_system epss
scoring_elements 0.23731
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-27809
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27809
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27809
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101499
reference_id 1101499
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101499
3
reference_url https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-1/
reference_id mbedtls-security-advisory-2025-03-1
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-25T14:41:49Z/
url https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-1/
4
reference_url https://github.com/Mbed-TLS/mbedtls/releases
reference_id releases
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-25T14:41:49Z/
url https://github.com/Mbed-TLS/mbedtls/releases
fixed_packages
0
url pkg:apk/alpine/mbedtls@3.6.3-r0?arch=armv7&distroversion=v3.20&reponame=main
purl pkg:apk/alpine/mbedtls@3.6.3-r0?arch=armv7&distroversion=v3.20&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.3-r0%3Farch=armv7&distroversion=v3.20&reponame=main
aliases CVE-2025-27809
risk_score 2.5
exploitability 0.5
weighted_severity 4.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gvkn-6e2m-dyez
1
url VCID-kchn-2wez-bbb2
vulnerability_id VCID-kchn-2wez-bbb2
summary Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialized stack memory to compose the TLS Finished message, potentially leading to authentication bypasses such as replays.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-27810
reference_id
reference_type
scores
0
value 0.00099
scoring_system epss
scoring_elements 0.26951
published_at 2026-04-24T12:55:00Z
1
value 0.00099
scoring_system epss
scoring_elements 0.2706
published_at 2026-04-16T12:55:00Z
2
value 0.00099
scoring_system epss
scoring_elements 0.27035
published_at 2026-04-18T12:55:00Z
3
value 0.00099
scoring_system epss
scoring_elements 0.26997
published_at 2026-04-21T12:55:00Z
4
value 0.00099
scoring_system epss
scoring_elements 0.27203
published_at 2026-04-02T12:55:00Z
5
value 0.00099
scoring_system epss
scoring_elements 0.27239
published_at 2026-04-04T12:55:00Z
6
value 0.00099
scoring_system epss
scoring_elements 0.27032
published_at 2026-04-07T12:55:00Z
7
value 0.00099
scoring_system epss
scoring_elements 0.27101
published_at 2026-04-08T12:55:00Z
8
value 0.00099
scoring_system epss
scoring_elements 0.27147
published_at 2026-04-09T12:55:00Z
9
value 0.00099
scoring_system epss
scoring_elements 0.27153
published_at 2026-04-11T12:55:00Z
10
value 0.00099
scoring_system epss
scoring_elements 0.27109
published_at 2026-04-12T12:55:00Z
11
value 0.00099
scoring_system epss
scoring_elements 0.27051
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-27810
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27810
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27810
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101499
reference_id 1101499
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101499
3
reference_url https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-2/
reference_id mbedtls-security-advisory-2025-03-2
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-25T14:36:57Z/
url https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-2/
4
reference_url https://github.com/Mbed-TLS/mbedtls/releases
reference_id releases
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-25T14:36:57Z/
url https://github.com/Mbed-TLS/mbedtls/releases
5
reference_url https://usn.ubuntu.com/8123-1/
reference_id USN-8123-1
reference_type
scores
url https://usn.ubuntu.com/8123-1/
fixed_packages
0
url pkg:apk/alpine/mbedtls@3.6.3-r0?arch=armv7&distroversion=v3.20&reponame=main
purl pkg:apk/alpine/mbedtls@3.6.3-r0?arch=armv7&distroversion=v3.20&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.3-r0%3Farch=armv7&distroversion=v3.20&reponame=main
aliases CVE-2025-27810
risk_score 2.5
exploitability 0.5
weighted_severity 4.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kchn-2wez-bbb2
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.3-r0%3Farch=armv7&distroversion=v3.20&reponame=main