Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.grails/grails-core@2.1.0
Typemaven
Namespaceorg.grails
Namegrails-core
Version2.1.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.3.17
Latest_non_vulnerable_version6.1.0
Affected_by_vulnerabilities
0
url VCID-fbhx-m96w-6ycw
vulnerability_id VCID-fbhx-m96w-6ycw
summary 
MITM vulnerability
Grails uses cleartext HTTP to resolve the SDKMan notification service.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12728
reference_id
reference_type
scores
0
value 0.00151
scoring_system epss
scoring_elements 0.35412
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12728
1
reference_url https://github.com/grails/grails-core/issues/11250
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/grails/grails-core/issues/11250
2
reference_url https://objectcomputing.com/news/2019/05/30/possible-grails-mitm-vulnerability
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://objectcomputing.com/news/2019/05/30/possible-grails-mitm-vulnerability
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12728
reference_id CVE-2019-12728
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12728
fixed_packages
0
url pkg:maven/org.grails/grails-core@3.3.10
purl pkg:maven/org.grails/grails-core@3.3.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6qs8-wphx-nuh8
1
vulnerability VCID-y7pe-611b-y3by
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.grails/grails-core@3.3.10
aliases CVE-2019-12728, GHSA-pmxf-4v8c-rwr7
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fbhx-m96w-6ycw
1
url VCID-km5j-a2bt-hfhq
vulnerability_id VCID-km5j-a2bt-hfhq
summary 
Stored Cross Site Scripting in Grails Fields Plugin
Grails Fields plugin version 2.2.7 contains a Cross Site Scripting (XSS) vulnerability in using the display tag that can result in XSS. This vulnerability has been fixed in version 2.2.8.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1000529
reference_id
reference_type
scores
0
value 0.00345
scoring_system epss
scoring_elements 0.5728
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1000529
1
reference_url https://github.com/grails-fields-plugin/grails-fields
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/grails-fields-plugin/grails-fields
2
reference_url https://github.com/grails-fields-plugin/grails-fields/issues/278
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/grails-fields-plugin/grails-fields/issues/278
3
reference_url https://github.com/martinfrancois/CVE-2018-1000529
reference_id CVE-2018-1000529
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/martinfrancois/CVE-2018-1000529
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1000529
reference_id CVE-2018-1000529
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1000529
5
reference_url https://github.com/advisories/GHSA-q25j-gcmv-5qpp
reference_id GHSA-q25j-gcmv-5qpp
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-q25j-gcmv-5qpp
fixed_packages
0
url pkg:maven/org.grails/grails-core@3.3.6
purl pkg:maven/org.grails/grails-core@3.3.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.grails/grails-core@3.3.6
1
url pkg:maven/org.grails/grails-core@3.3.10
purl pkg:maven/org.grails/grails-core@3.3.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6qs8-wphx-nuh8
1
vulnerability VCID-y7pe-611b-y3by
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.grails/grails-core@3.3.10
aliases CVE-2018-1000529, GHSA-q25j-gcmv-5qpp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-km5j-a2bt-hfhq
2
url VCID-q12x-zezy-6qg9
vulnerability_id VCID-q12x-zezy-6qg9
summary 
Information disclosure
The default configuration of the Resources plugin does not properly restrict access to files in the WEB-INF directory, which allows remote attackers to obtain sensitive information via a direct request. NOTE: this identifier has been SPLIT due to different researchers and different vulnerability types. See CVE-2014-2857 for the META-INF variant and CVE-2014-2858 for the directory traversal.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-0053
reference_id
reference_type
scores
0
value 0.0069
scoring_system epss
scoring_elements 0.72115
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-0053
1
reference_url https://grails.org/version/2.3.7%20Release%20Notes/9
reference_id
reference_type
scores
url https://grails.org/version/2.3.7%20Release%20Notes/9
2
reference_url https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0053
reference_id
reference_type
scores
url https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0053
3
reference_url http://www.pivotal.io/security/cve-2014-0053
reference_id CVE-2014-0053
reference_type
scores
url http://www.pivotal.io/security/cve-2014-0053
fixed_packages
0
url pkg:maven/org.grails/grails-core@2.3.7
purl pkg:maven/org.grails/grails-core@2.3.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fbhx-m96w-6ycw
1
vulnerability VCID-km5j-a2bt-hfhq
2
vulnerability VCID-y7pe-611b-y3by
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.grails/grails-core@2.3.7
aliases CVE-2014-0053
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q12x-zezy-6qg9
3
url VCID-y7pe-611b-y3by
vulnerability_id VCID-y7pe-611b-y3by
summary 
Uncontrolled Resource Consumption
Grails is a framework used to build web applications with the Groovy programming language. A specially crafted web request can lead to a JVM crash or denial of service. Any Grails framework application using Grails data binding is vulnerable. This issue has been patched in version 3.3.17, 4.1.3, 5.3.4, 6.1.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-46131
reference_id
reference_type
scores
0
value 0.00544
scoring_system epss
scoring_elements 0.68069
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-46131
1
reference_url https://github.com/grails/grails-core
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/grails/grails-core
2
reference_url https://github.com/grails/grails-core/commit/74326bdd2cf7dcb594092165e9464520f8366c60
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/grails/grails-core/commit/74326bdd2cf7dcb594092165e9464520f8366c60
3
reference_url https://github.com/grails/grails-core/commit/c401faaa6c24c021c758b95f72304a0e855a8db3
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/grails/grails-core/commit/c401faaa6c24c021c758b95f72304a0e855a8db3
4
reference_url https://github.com/grails/grails-core/issues/13302
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/grails/grails-core/issues/13302
5
reference_url https://grails.org/blog/2023-12-20-cve-data-binding-dos.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://grails.org/blog/2023-12-20-cve-data-binding-dos.html
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-46131
reference_id CVE-2023-46131
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-46131
7
reference_url https://github.com/advisories/GHSA-3pjv-r7w4-2cf5
reference_id GHSA-3pjv-r7w4-2cf5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3pjv-r7w4-2cf5
8
reference_url https://github.com/grails/grails-core/security/advisories/GHSA-3pjv-r7w4-2cf5
reference_id GHSA-3pjv-r7w4-2cf5
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/grails/grails-core/security/advisories/GHSA-3pjv-r7w4-2cf5
fixed_packages
0
url pkg:maven/org.grails/grails-core@3.3.17
purl pkg:maven/org.grails/grails-core@3.3.17
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.grails/grails-core@3.3.17
1
url pkg:maven/org.grails/grails-core@4.1.3
purl pkg:maven/org.grails/grails-core@4.1.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.grails/grails-core@4.1.3
2
url pkg:maven/org.grails/grails-core@5.3.4
purl pkg:maven/org.grails/grails-core@5.3.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.grails/grails-core@5.3.4
3
url pkg:maven/org.grails/grails-core@6.1.0
purl pkg:maven/org.grails/grails-core@6.1.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.grails/grails-core@6.1.0
aliases CVE-2023-46131, GHSA-3pjv-r7w4-2cf5
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y7pe-611b-y3by
Fixing_vulnerabilities
0
url VCID-p1x6-tbtm-kueg
vulnerability_id VCID-p1x6-tbtm-kueg
summary 
Cross-Site Request Forgery (CSRF)
Cross-site request forgery (CSRF) vulnerability in Grails console (aka Grails Debug Console and Grails Web Console) allows remote attackers to hijack the authentication of users for requests that execute arbitrary Groovy code via unspecified vectors.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-6521
reference_id
reference_type
scores
0
value 0.00286
scoring_system epss
scoring_elements 0.52251
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-6521
1
reference_url https://github.com/sheehan/grails-console/issues/54
reference_id
reference_type
scores
url https://github.com/sheehan/grails-console/issues/54
2
reference_url https://github.com/sheehan/grails-console/issues/55
reference_id
reference_type
scores
url https://github.com/sheehan/grails-console/issues/55
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-6521
reference_id CVE-2016-6521
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2016-6521
fixed_packages
0
url pkg:maven/org.grails/grails-core@2.0.1
purl pkg:maven/org.grails/grails-core@2.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fbhx-m96w-6ycw
1
vulnerability VCID-km5j-a2bt-hfhq
2
vulnerability VCID-q12x-zezy-6qg9
3
vulnerability VCID-y7pe-611b-y3by
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.grails/grails-core@2.0.1
1
url pkg:maven/org.grails/grails-core@2.1.0
purl pkg:maven/org.grails/grails-core@2.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fbhx-m96w-6ycw
1
vulnerability VCID-km5j-a2bt-hfhq
2
vulnerability VCID-q12x-zezy-6qg9
3
vulnerability VCID-y7pe-611b-y3by
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.grails/grails-core@2.1.0
aliases CVE-2016-6521
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p1x6-tbtm-kueg
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.grails/grails-core@2.1.0