Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/botan@2.5.0-r0?arch=aarch64&distroversion=v3.20&reponame=main
Typeapk
Namespacealpine
Namebotan
Version2.5.0-r0
Qualifiers
arch aarch64
distroversion v3.20
reponame main
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version2.6.0-r0
Latest_non_vulnerable_version2.19.5-r0
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-wqt2-m3gv-6fgk
vulnerability_id VCID-wqt2-m3gv-6fgk
summary Botan 2.2.0 - 2.4.0 (fixed in 2.5.0) improperly handled wildcard certificates and could accept certain certificates as valid for hostnames when, under RFC 6125 rules, they should not match. This only affects certificates issued to the same domain as the host, so to impersonate a host one must already have a wildcard certificate matching other hosts in the same domain. For example, b*.example.com would match some hostnames that do not begin with a 'b' character.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-9127
reference_id
reference_type
scores
0
value 0.00179
scoring_system epss
scoring_elements 0.3933
published_at 2026-04-01T12:55:00Z
1
value 0.00179
scoring_system epss
scoring_elements 0.39492
published_at 2026-04-02T12:55:00Z
2
value 0.00179
scoring_system epss
scoring_elements 0.39515
published_at 2026-04-04T12:55:00Z
3
value 0.00179
scoring_system epss
scoring_elements 0.39429
published_at 2026-04-07T12:55:00Z
4
value 0.00179
scoring_system epss
scoring_elements 0.39485
published_at 2026-04-08T12:55:00Z
5
value 0.00179
scoring_system epss
scoring_elements 0.395
published_at 2026-04-09T12:55:00Z
6
value 0.00179
scoring_system epss
scoring_elements 0.39511
published_at 2026-04-11T12:55:00Z
7
value 0.00179
scoring_system epss
scoring_elements 0.39472
published_at 2026-04-12T12:55:00Z
8
value 0.00179
scoring_system epss
scoring_elements 0.39455
published_at 2026-04-13T12:55:00Z
9
value 0.00179
scoring_system epss
scoring_elements 0.39507
published_at 2026-04-16T12:55:00Z
10
value 0.00179
scoring_system epss
scoring_elements 0.39478
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-9127
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9127
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9127
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894648
reference_id 894648
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894648
fixed_packages
0
url pkg:apk/alpine/botan@2.5.0-r0?arch=aarch64&distroversion=v3.20&reponame=main
purl pkg:apk/alpine/botan@2.5.0-r0?arch=aarch64&distroversion=v3.20&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/botan@2.5.0-r0%3Farch=aarch64&distroversion=v3.20&reponame=main
aliases CVE-2018-9127
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wqt2-m3gv-6fgk
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/botan@2.5.0-r0%3Farch=aarch64&distroversion=v3.20&reponame=main