Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/mayan-edms@4.7.9
Typepypi
Namespace
Namemayan-edms
Version4.7.9
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.10.2
Latest_non_vulnerable_version4.10.2
Affected_by_vulnerabilities
0
url VCID-92gn-k1jm-47fe
vulnerability_id VCID-92gn-k1jm-47fe
summary A vulnerability was detected in Mayan EDMS up to 4.10.1. The affected element is an unknown function of the file /authentication/. The manipulation results in cross site scripting. The attack may be performed from remote. The exploit is now public and may be used. Upgrading to version 4.10.2 is sufficient to fix this issue. You should upgrade the affected component. The vendor confirms that this is "[f]ixed in version 4.10.2". Furthermore, that "[b]ackports for older versions in process and will be out as soon as their respective CI pipelines complete."
references
0
reference_url https://docs.mayan-edms.com/chapters/releases/4.10.2.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://docs.mayan-edms.com/chapters/releases/4.10.2.html
1
reference_url https://docs.mayan-edms.com/chapters/releases/4.10.2.html#security
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://docs.mayan-edms.com/chapters/releases/4.10.2.html#security
2
reference_url https://github.com/ionutluca888/Mayan-EDMS-XSS-POC
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://github.com/ionutluca888/Mayan-EDMS-XSS-POC
3
reference_url https://github.com/mayan-edms/Mayan-EDMS
reference_id
reference_type
scores
url https://github.com/mayan-edms/Mayan-EDMS
4
reference_url https://gitlab.com/mayan-edms/mayan-edms/-/commit/45355cbb45a28f61f38f719112d0ff422e6dc688
reference_id
reference_type
scores
url https://gitlab.com/mayan-edms/mayan-edms/-/commit/45355cbb45a28f61f38f719112d0ff422e6dc688
5
reference_url https://gitlab.com/mayan-edms/mayan-edms/-/commit/94032fbe553e97b33e4e9b9e731b4fc45f9d9f91
reference_id
reference_type
scores
url https://gitlab.com/mayan-edms/mayan-edms/-/commit/94032fbe553e97b33e4e9b9e731b4fc45f9d9f91
6
reference_url https://gitlab.com/mayan-edms/mayan-edms/-/commit/da9de60a9b84f11d5d2c7bbf118fe696b4f6357e
reference_id
reference_type
scores
url https://gitlab.com/mayan-edms/mayan-edms/-/commit/da9de60a9b84f11d5d2c7bbf118fe696b4f6357e
7
reference_url https://vuldb.com/?ctiid.336409
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://vuldb.com/?ctiid.336409
8
reference_url https://vuldb.com/?id.336409
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://vuldb.com/?id.336409
9
reference_url https://vuldb.com/?submit.711713
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://vuldb.com/?submit.711713
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-14691
reference_id CVE-2025-14691
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2025-14691
11
reference_url https://github.com/advisories/GHSA-774q-r975-vqwp
reference_id GHSA-774q-r975-vqwp
reference_type
scores
url https://github.com/advisories/GHSA-774q-r975-vqwp
fixed_packages
0
url pkg:pypi/mayan-edms@4.8.10
purl pkg:pypi/mayan-edms@4.8.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-92gn-k1jm-47fe
1
vulnerability VCID-mynh-sahb-2be8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mayan-edms@4.8.10
1
url pkg:pypi/mayan-edms@4.9.7
purl pkg:pypi/mayan-edms@4.9.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-92gn-k1jm-47fe
1
vulnerability VCID-mynh-sahb-2be8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mayan-edms@4.9.7
2
url pkg:pypi/mayan-edms@4.10.2
purl pkg:pypi/mayan-edms@4.10.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mayan-edms@4.10.2
aliases CVE-2025-14691, GHSA-774q-r975-vqwp, PYSEC-2025-134
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-92gn-k1jm-47fe
1
url VCID-mynh-sahb-2be8
vulnerability_id VCID-mynh-sahb-2be8
summary A flaw has been found in Mayan EDMS up to 4.10.1. The impacted element is an unknown function of the file /authentication/. This manipulation causes open redirect. It is possible to initiate the attack remotely. The exploit has been published and may be used. Upgrading to version 4.10.2 is sufficient to resolve this issue. The affected component should be upgraded. The vendor confirms that this is "[f]ixed in version 4.10.2". Furthermore, that "[b]ackports for older versions in process and will be out as soon as their respective CI pipelines complete."
references
0
reference_url https://docs.mayan-edms.com/chapters/releases/4.10.2.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://docs.mayan-edms.com/chapters/releases/4.10.2.html
1
reference_url https://docs.mayan-edms.com/chapters/releases/4.10.2.html#security
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://docs.mayan-edms.com/chapters/releases/4.10.2.html#security
2
reference_url https://github.com/ionutluca888/Mayan-EDMS-OpenRedirect-POC/tree/main
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://github.com/ionutluca888/Mayan-EDMS-OpenRedirect-POC/tree/main
3
reference_url https://gitlab.com/mayan-edms/mayan-edms
reference_id
reference_type
scores
url https://gitlab.com/mayan-edms/mayan-edms
4
reference_url https://gitlab.com/mayan-edms/mayan-edms/-/commit/45355cbb45a28f61f38f719112d0ff422e6dc688
reference_id
reference_type
scores
url https://gitlab.com/mayan-edms/mayan-edms/-/commit/45355cbb45a28f61f38f719112d0ff422e6dc688
5
reference_url https://gitlab.com/mayan-edms/mayan-edms/-/commit/94032fbe553e97b33e4e9b9e731b4fc45f9d9f91
reference_id
reference_type
scores
url https://gitlab.com/mayan-edms/mayan-edms/-/commit/94032fbe553e97b33e4e9b9e731b4fc45f9d9f91
6
reference_url https://gitlab.com/mayan-edms/mayan-edms/-/commit/da9de60a9b84f11d5d2c7bbf118fe696b4f6357e
reference_id
reference_type
scores
url https://gitlab.com/mayan-edms/mayan-edms/-/commit/da9de60a9b84f11d5d2c7bbf118fe696b4f6357e
7
reference_url https://vuldb.com/?ctiid.336410
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://vuldb.com/?ctiid.336410
8
reference_url https://vuldb.com/?id.336410
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://vuldb.com/?id.336410
9
reference_url https://vuldb.com/?submit.711729
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://vuldb.com/?submit.711729
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-14692
reference_id CVE-2025-14692
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2025-14692
11
reference_url https://github.com/advisories/GHSA-x37w-7p52-8f49
reference_id GHSA-x37w-7p52-8f49
reference_type
scores
url https://github.com/advisories/GHSA-x37w-7p52-8f49
fixed_packages
0
url pkg:pypi/mayan-edms@4.8.10
purl pkg:pypi/mayan-edms@4.8.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-92gn-k1jm-47fe
1
vulnerability VCID-mynh-sahb-2be8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mayan-edms@4.8.10
1
url pkg:pypi/mayan-edms@4.9.7
purl pkg:pypi/mayan-edms@4.9.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-92gn-k1jm-47fe
1
vulnerability VCID-mynh-sahb-2be8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mayan-edms@4.9.7
2
url pkg:pypi/mayan-edms@4.10.2
purl pkg:pypi/mayan-edms@4.10.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mayan-edms@4.10.2
aliases CVE-2025-14692, GHSA-x37w-7p52-8f49, PYSEC-2025-135
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mynh-sahb-2be8
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/mayan-edms@4.7.9