Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/lnbits@0.12.8
Typepypi
Namespace
Namelnbits
Version0.12.8
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-67ee-6hu6-mue1
vulnerability_id VCID-67ee-6hu6-mue1
summary LNbits is a Lightning wallet and accounts system. A Server-Side Request Forgery (SSRF) vulnerability has been discovered in LNbits' LNURL authentication handling functionality. When processing LNURL authentication requests, the application accepts a callback URL parameter and makes an HTTP request to that URL using the httpx library with redirect following enabled. The application doesn't properly validate the callback URL, allowing attackers to specify internal network addresses and access internal resources.
references
0
reference_url https://github.com/lnbits/lnbits
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/lnbits/lnbits
1
reference_url https://github.com/lnbits/lnbits/security/advisories/GHSA-qp8j-p87f-c8cc
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/lnbits/lnbits/security/advisories/GHSA-qp8j-p87f-c8cc
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/lnbits/PYSEC-2025-16.yaml
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/lnbits/PYSEC-2025-16.yaml
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-32013
reference_id CVE-2025-32013
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-32013
4
reference_url https://github.com/advisories/GHSA-qp8j-p87f-c8cc
reference_id GHSA-qp8j-p87f-c8cc
reference_type
scores
url https://github.com/advisories/GHSA-qp8j-p87f-c8cc
fixed_packages
0
url pkg:pypi/lnbits@0.12.12
purl pkg:pypi/lnbits@0.12.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-67ee-6hu6-mue1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/lnbits@0.12.12
aliases CVE-2025-32013, GHSA-qp8j-p87f-c8cc, PYSEC-2025-16
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-67ee-6hu6-mue1
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/lnbits@0.12.8