Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:gem/actionview@3.0.0

Type gem

Namespace

Name actionview

Version 3.0.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 7.2.3.1

Latest_non_vulnerable_version 8.1.2.1

Affected_by_vulnerabilities

url VCID-fj3n-g8wp-bbaj

vulnerability_id VCID-fj3n-g8wp-bbaj

summary

Possible XSS Vulnerability in ActionView
There is a possible XSS vulnerability in Action View. Text declared as `HTML safe` will not have quotes escaped when used as attribute values in tag helpers.

references

reference_url

http://rhn.redhat.com/errata/RHSA-2016-1855.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2016-1855.html

reference_url

http://rhn.redhat.com/errata/RHSA-2016-1856.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2016-1856.html

reference_url

http://rhn.redhat.com/errata/RHSA-2016-1857.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2016-1857.html

reference_url

http://rhn.redhat.com/errata/RHSA-2016-1858.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2016-1858.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6316.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6316.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-6316

reference_id

reference_type

scores

value	0.01626
scoring_system	epss
scoring_elements	0.82202
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-6316

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6316
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6316

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-6316.yml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-6316.yml

reference_url

https://groups.google.com/forum/#!topic/rubyonrails-security/I-VWr034ouk

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/I-VWr034ouk

reference_url

https://groups.google.com/forum/#!topic/ruby-security-ann/8B2iV2tPRSE

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/ruby-security-ann/8B2iV2tPRSE

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-6316

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-6316

reference_url

https://web.archive.org/web/20200227202008/http://www.securityfocus.com/bid/92430

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200227202008/http://www.securityfocus.com/bid/92430

reference_url

https://web.archive.org/web/20200812154343/https://puppet.com/security/cve/cve-2016-6316

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200812154343/https://puppet.com/security/cve/cve-2016-6316

reference_url

http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released

reference_url

http://www.debian.org/security/2016/dsa-3651

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2016/dsa-3651

reference_url

http://www.openwall.com/lists/oss-security/2016/08/11/3

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2016/08/11/3

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1365008
reference_id	1365008
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1365008

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834155
reference_id	834155
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834155

reference_url	https://access.redhat.com/errata/RHSA-2016:1855
reference_id	RHSA-2016:1855
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1855

reference_url	https://access.redhat.com/errata/RHSA-2016:1856
reference_id	RHSA-2016:1856
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1856

reference_url	https://access.redhat.com/errata/RHSA-2016:1857
reference_id	RHSA-2016:1857
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1857

reference_url	https://access.redhat.com/errata/RHSA-2016:1858
reference_id	RHSA-2016:1858
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1858

fixed_packages

url	pkg:gem/actionview@3.2.22.3
purl	pkg:gem/actionview@3.2.22.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:gem/actionview@3.2.22.3

url pkg:gem/actionview@4.2.7.1

purl pkg:gem/actionview@4.2.7.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xc5-88jj-yya5

vulnerability	VCID-fs3e-5muq-5qas

vulnerability	VCID-mz5z-rp6w-hqf3

vulnerability	VCID-nd1r-p5cw-8kcz

vulnerability	VCID-qs1d-fexs-dfek

vulnerability	VCID-vh4s-n814-g7dr

vulnerability	VCID-ygbt-c5f8-byfc

vulnerability	VCID-z21g-8h32-yyf6

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionview@4.2.7.1

url pkg:gem/actionview@5.0.0.1

purl pkg:gem/actionview@5.0.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xc5-88jj-yya5

vulnerability	VCID-fs3e-5muq-5qas

vulnerability	VCID-mz5z-rp6w-hqf3

vulnerability	VCID-nd1r-p5cw-8kcz

vulnerability	VCID-qs1d-fexs-dfek

vulnerability	VCID-vh4s-n814-g7dr

vulnerability	VCID-ygbt-c5f8-byfc

vulnerability	VCID-z21g-8h32-yyf6

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionview@5.0.0.1

aliases CVE-2016-6316, GHSA-pc3m-v286-2jwj

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fj3n-g8wp-bbaj

url VCID-z21g-8h32-yyf6

vulnerability_id VCID-z21g-8h32-yyf6

summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Multiple cross-site scripting (XSS) vulnerabilities in the mail_to helper in Ruby on Rails before 2.3.11, and 3.x before 3.0.4, when javascript encoding is used, allow remote attackers to inject arbitrary web script or HTML via a crafted (1) name or (2) email value.

references

reference_url

http://groups.google.com/group/rubyonrails-security/msg/365b8a23b76a6b4a?dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://groups.google.com/group/rubyonrails-security/msg/365b8a23b76a6b4a?dmode=source&output=gplain

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2011-0446

reference_id

reference_type

scores

value	0.0067
scoring_system	epss
scoring_elements	0.71743
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2011-0446

reference_url	http://secunia.com/advisories/43274
reference_id
reference_type
scores
url	http://secunia.com/advisories/43274

reference_url	http://secunia.com/advisories/43666
reference_id
reference_type
scores
url	http://secunia.com/advisories/43666

reference_url

https://github.com/rails/rails

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails

reference_url

https://github.com/rails/rails/commit/abe97736b8316f1b714cac56c115c0779aa73217

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/abe97736b8316f1b714cac56c115c0779aa73217

reference_url

https://github.com/rails/rails/commit/e3dd2107c57a8efaaea5d61cf8da65f7444760b2

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/e3dd2107c57a8efaaea5d61cf8da65f7444760b2

reference_url

https://groups.google.com/g/rubyonrails-security/c/8CpI7egxX4E/m/SmtqtyOKWzYJ

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/rubyonrails-security/c/8CpI7egxX4E/m/SmtqtyOKWzYJ

reference_url

https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43274

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43274

reference_url

https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43666

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43666

reference_url

https://web.archive.org/web/20120527023027/http://www.securityfocus.com/bid/46291

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20120527023027/http://www.securityfocus.com/bid/46291

reference_url

https://web.archive.org/web/20200812054342/http://www.securitytracker.com/id?1025064

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200812054342/http://www.securitytracker.com/id?1025064

reference_url

http://www.debian.org/security/2011/dsa-2247

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2011/dsa-2247

reference_url	http://www.securityfocus.com/bid/46291
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/46291

reference_url	http://www.securitytracker.com/id?1025064
reference_id
reference_type
scores
url	http://www.securitytracker.com/id?1025064

reference_url	http://www.vupen.com/english/advisories/2011/0587
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2011/0587

reference_url	http://www.vupen.com/english/advisories/2011/0877
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2011/0877

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614864
reference_id	614864
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614864

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2011-0446

reference_id

CVE-2011-0446

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2011-0446

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0446.yml

reference_id

CVE-2011-0446.YML

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0446.yml

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2011-0446.yml

reference_id

CVE-2011-0446.YML

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2011-0446.yml

reference_url	https://github.com/advisories/GHSA-75w6-p6mg-vh8j
reference_id	GHSA-75w6-p6mg-vh8j
reference_type
scores
url	https://github.com/advisories/GHSA-75w6-p6mg-vh8j

reference_url	https://security.gentoo.org/glsa/201412-28
reference_id	GLSA-201412-28
reference_type
scores
url	https://security.gentoo.org/glsa/201412-28

fixed_packages

url	pkg:gem/actionview@3.0.4
purl	pkg:gem/actionview@3.0.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:gem/actionview@3.0.4

aliases CVE-2011-0446, GHSA-75w6-p6mg-vh8j

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z21g-8h32-yyf6

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionview@3.0.0

Package Instance