Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/roundup@0.7.12
Typepypi
Namespace
Nameroundup
Version0.7.12
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.4.5
Latest_non_vulnerable_version2.5.0
Affected_by_vulnerabilities
0
url VCID-3tr4-c65w-fbay
vulnerability_id VCID-3tr4-c65w-fbay
summary Cross-site scripting (XSS) vulnerability in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the otk parameter.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-6132
reference_id
reference_type
scores
0
value 0.00256
scoring_system epss
scoring_elements 0.49124
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-6132
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=722672
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=722672
2
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/84191
reference_id
reference_type
scores
url https://exchange.xforce.ibmcloud.com/vulnerabilities/84191
3
reference_url http://www.openwall.com/lists/oss-security/2012/11/10/2
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2012/11/10/2
4
reference_url http://www.openwall.com/lists/oss-security/2013/02/13/8
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2013/02/13/8
fixed_packages
0
url pkg:pypi/roundup@1.4.20
purl pkg:pypi/roundup@1.4.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-csmv-58s1-5bde
1
vulnerability VCID-fg7q-khn3-q7hr
2
vulnerability VCID-ntht-6gus-87cv
3
vulnerability VCID-uk8q-2vzm-hbhu
4
vulnerability VCID-wjqt-h4bh-gbgr
5
vulnerability VCID-zk4h-xznt-n3c3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/roundup@1.4.20
aliases CVE-2012-6132, PYSEC-2014-96
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3tr4-c65w-fbay
1
url VCID-bqn7-yjp5-6yf6
vulnerability_id VCID-bqn7-yjp5-6yf6
summary Multiple cross-site scripting (XSS) vulnerabilities in Roundup before 1.4.20 allow remote attackers to inject arbitrary web script or HTML via the (1) @ok_message or (2) @error_message parameter to issue*.
references
0
reference_url http://issues.roundup-tracker.org/issue2550724
reference_id
reference_type
scores
url http://issues.roundup-tracker.org/issue2550724
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-6133
reference_id
reference_type
scores
0
value 0.00479
scoring_system epss
scoring_elements 0.65346
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-6133
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=722672
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=722672
3
reference_url https://github.com/advisories/GHSA-5jq3-8437-x35p
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-5jq3-8437-x35p
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2020-212.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2020-212.yaml
5
reference_url https://pypi.python.org/pypi/roundup/1.4.20
reference_id
reference_type
scores
url https://pypi.python.org/pypi/roundup/1.4.20
6
reference_url http://www.openwall.com/lists/oss-security/2012/11/10/2
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2012/11/10/2
7
reference_url http://www.openwall.com/lists/oss-security/2013/02/13/8
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2013/02/13/8
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-6133
reference_id CVE-2012-6133
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2012-6133
fixed_packages
0
url pkg:pypi/roundup@1.4.20
purl pkg:pypi/roundup@1.4.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-csmv-58s1-5bde
1
vulnerability VCID-fg7q-khn3-q7hr
2
vulnerability VCID-ntht-6gus-87cv
3
vulnerability VCID-uk8q-2vzm-hbhu
4
vulnerability VCID-wjqt-h4bh-gbgr
5
vulnerability VCID-zk4h-xznt-n3c3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/roundup@1.4.20
aliases CVE-2012-6133, GHSA-5jq3-8437-x35p, PYSEC-2020-212
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bqn7-yjp5-6yf6
2
url VCID-csmv-58s1-5bde
vulnerability_id VCID-csmv-58s1-5bde
summary Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and roundup/cgi/wsgi_handler.py mishandle 404 errors.
references
0
reference_url https://bugs.python.org/issue36391
reference_id
reference_type
scores
url https://bugs.python.org/issue36391
1
reference_url https://github.com/advisories/GHSA-926q-wxr6-3crq
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-926q-wxr6-3crq
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2019-201.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2019-201.yaml
3
reference_url https://github.com/python/bugs.python.org/issues/34
reference_id
reference_type
scores
url https://github.com/python/bugs.python.org/issues/34
4
reference_url https://github.com/roundup-tracker/roundup
reference_id
reference_type
scores
url https://github.com/roundup-tracker/roundup
5
reference_url https://lists.debian.org/debian-lts-announce/2019/04/msg00009.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2019/04/msg00009.html
6
reference_url https://pypi.org/project/roundup/2.0.0alpha0
reference_id
reference_type
scores
url https://pypi.org/project/roundup/2.0.0alpha0
7
reference_url https://www.openwall.com/lists/oss-security/2019/04/05/1
reference_id
reference_type
scores
url https://www.openwall.com/lists/oss-security/2019/04/05/1
8
reference_url http://www.openwall.com/lists/oss-security/2019/04/07/1
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2019/04/07/1
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10904
reference_id CVE-2019-10904
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2019-10904
fixed_packages
0
url pkg:pypi/roundup@2.0.0a0
purl pkg:pypi/roundup@2.0.0a0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-csmv-58s1-5bde
1
vulnerability VCID-ntht-6gus-87cv
2
vulnerability VCID-uk8q-2vzm-hbhu
3
vulnerability VCID-wjqt-h4bh-gbgr
4
vulnerability VCID-zk4h-xznt-n3c3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/roundup@2.0.0a0
1
url pkg:pypi/roundup@2.0.0
purl pkg:pypi/roundup@2.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ntht-6gus-87cv
1
vulnerability VCID-uk8q-2vzm-hbhu
2
vulnerability VCID-wjqt-h4bh-gbgr
3
vulnerability VCID-zk4h-xznt-n3c3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/roundup@2.0.0
aliases CVE-2019-10904, GHSA-926q-wxr6-3crq, PYSEC-2019-201
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-csmv-58s1-5bde
3
url VCID-fg7q-khn3-q7hr
vulnerability_id VCID-fg7q-khn3-q7hr
summary schema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing user details.
references
0
reference_url http://hg.code.sf.net/p/roundup/code/rev/a403c29ffaf9
reference_id
reference_type
scores
url http://hg.code.sf.net/p/roundup/code/rev/a403c29ffaf9
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-6276
reference_id
reference_type
scores
0
value 0.0013
scoring_system epss
scoring_elements 0.32171
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-6276
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2016-33.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2016-33.yaml
3
reference_url https://github.com/roundup-tracker/roundup
reference_id
reference_type
scores
url https://github.com/roundup-tracker/roundup
4
reference_url https://sourceforge.net/p/roundup/code/ci/tip/tree/CHANGES.txt
reference_id
reference_type
scores
url https://sourceforge.net/p/roundup/code/ci/tip/tree/CHANGES.txt
5
reference_url http://www.debian.org/security/2016/dsa-3502
reference_id
reference_type
scores
url http://www.debian.org/security/2016/dsa-3502
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-6276
reference_id CVE-2014-6276
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2014-6276
7
reference_url https://github.com/advisories/GHSA-j556-q367-2gw6
reference_id GHSA-j556-q367-2gw6
reference_type
scores
url https://github.com/advisories/GHSA-j556-q367-2gw6
fixed_packages
0
url pkg:pypi/roundup@1.5.1
purl pkg:pypi/roundup@1.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-csmv-58s1-5bde
1
vulnerability VCID-ntht-6gus-87cv
2
vulnerability VCID-uk8q-2vzm-hbhu
3
vulnerability VCID-wjqt-h4bh-gbgr
4
vulnerability VCID-zk4h-xznt-n3c3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/roundup@1.5.1
aliases CVE-2014-6276, GHSA-j556-q367-2gw6, PYSEC-2016-33
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fg7q-khn3-q7hr
4
url VCID-fnpw-g6sy-1ucd
vulnerability_id VCID-fnpw-g6sy-1ucd
summary Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the template argument to the /issue program.
references
0
reference_url http://bugs.gentoo.org/show_bug.cgi?id=326395
reference_id
reference_type
scores
url http://bugs.gentoo.org/show_bug.cgi?id=326395
1
reference_url http://issues.roundup-tracker.org/issue2550654
reference_id
reference_type
scores
url http://issues.roundup-tracker.org/issue2550654
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048018.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048018.html
3
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048061.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048061.html
4
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048221.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048221.html
5
reference_url http://roundup.svn.sourceforge.net/viewvc/roundup/roundup/trunk/roundup/cgi/client.py?r1=4486&r2=4485&pathrev=4486
reference_id
reference_type
scores
url http://roundup.svn.sourceforge.net/viewvc/roundup/roundup/trunk/roundup/cgi/client.py?r1=4486&r2=4485&pathrev=4486
6
reference_url http://roundup.svn.sourceforge.net/viewvc/roundup?view=revision&revision=4486
reference_id
reference_type
scores
url http://roundup.svn.sourceforge.net/viewvc/roundup?view=revision&revision=4486
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2010-2491
reference_id
reference_type
scores
0
value 0.0072
scoring_system epss
scoring_elements 0.72798
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2010-2491
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=610861
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=610861
9
reference_url http://secunia.com/advisories/40433
reference_id
reference_type
scores
url http://secunia.com/advisories/40433
10
reference_url http://secunia.com/advisories/41585
reference_id
reference_type
scores
url http://secunia.com/advisories/41585
11
reference_url http://sourceforge.net/mailarchive/message.php?msg_name=AANLkTimIYtyRzTAReGmTSCEqPYBvwkkxrP6YKrdVm_nU%40mail.gmail.com
reference_id
reference_type
scores
url http://sourceforge.net/mailarchive/message.php?msg_name=AANLkTimIYtyRzTAReGmTSCEqPYBvwkkxrP6YKrdVm_nU%40mail.gmail.com
12
reference_url http://www.openwall.com/lists/oss-security/2010/07/02/12
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2010/07/02/12
13
reference_url http://www.openwall.com/lists/oss-security/2010/07/02/3
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2010/07/02/3
14
reference_url http://www.securityfocus.com/bid/41326
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/41326
fixed_packages
0
url pkg:pypi/roundup@1.4.14
purl pkg:pypi/roundup@1.4.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3tr4-c65w-fbay
1
vulnerability VCID-bqn7-yjp5-6yf6
2
vulnerability VCID-csmv-58s1-5bde
3
vulnerability VCID-fg7q-khn3-q7hr
4
vulnerability VCID-mmv7-4kw7-kbex
5
vulnerability VCID-ntht-6gus-87cv
6
vulnerability VCID-uk8q-2vzm-hbhu
7
vulnerability VCID-wjqt-h4bh-gbgr
8
vulnerability VCID-x33h-j6fk-g3hm
9
vulnerability VCID-zk4h-xznt-n3c3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/roundup@1.4.14
aliases CVE-2010-2491, PYSEC-2010-31
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fnpw-g6sy-1ucd
5
url VCID-fp9t-1frx-hucu
vulnerability_id VCID-fp9t-1frx-hucu
summary Multiple unspecified vulnerabilities in Roundup before 1.4.4 have unknown impact and attack vectors, some of which may be related to cross-site scripting (XSS).
references
0
reference_url http://roundup.cvs.sourceforge.net/roundup/roundup/CHANGES.txt?revision=1.939&view=markup
reference_id
reference_type
scores
url http://roundup.cvs.sourceforge.net/roundup/roundup/CHANGES.txt?revision=1.939&view=markup
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2008-1474
reference_id
reference_type
scores
0
value 0.015
scoring_system epss
scoring_elements 0.81442
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2008-1474
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=436546
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=436546
3
reference_url http://secunia.com/advisories/29336
reference_id
reference_type
scores
url http://secunia.com/advisories/29336
4
reference_url http://secunia.com/advisories/29375
reference_id
reference_type
scores
url http://secunia.com/advisories/29375
5
reference_url http://secunia.com/advisories/29848
reference_id
reference_type
scores
url http://secunia.com/advisories/29848
6
reference_url http://secunia.com/advisories/30274
reference_id
reference_type
scores
url http://secunia.com/advisories/30274
7
reference_url http://security.gentoo.org/glsa/glsa-200805-21.xml
reference_id
reference_type
scores
url http://security.gentoo.org/glsa/glsa-200805-21.xml
8
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/41241
reference_id
reference_type
scores
url https://exchange.xforce.ibmcloud.com/vulnerabilities/41241
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2008-9.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2008-9.yaml
10
reference_url https://github.com/roundup-tracker/roundup
reference_id
reference_type
scores
url https://github.com/roundup-tracker/roundup
11
reference_url https://github.com/roundup-tracker/roundup/commit/151ffd3367e7af563a92aabb3a8034a0f49063d9
reference_id
reference_type
scores
url https://github.com/roundup-tracker/roundup/commit/151ffd3367e7af563a92aabb3a8034a0f49063d9
12
reference_url https://lists.debian.org/debian-security-announce/2008/msg00125.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-security-announce/2008/msg00125.html
13
reference_url https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00264.html
reference_id
reference_type
scores
url https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00264.html
14
reference_url https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00375.html
reference_id
reference_type
scores
url https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00375.html
15
reference_url http://www.debian.org/security/2008/dsa-1554
reference_id
reference_type
scores
url http://www.debian.org/security/2008/dsa-1554
16
reference_url http://www.securityfocus.com/bid/28239
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/28239
17
reference_url http://www.vupen.com/english/advisories/2008/0891
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2008/0891
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2008-1474
reference_id CVE-2008-1474
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2008-1474
19
reference_url https://github.com/advisories/GHSA-c3qv-mf8h-434r
reference_id GHSA-c3qv-mf8h-434r
reference_type
scores
url https://github.com/advisories/GHSA-c3qv-mf8h-434r
fixed_packages
0
url pkg:pypi/roundup@1.4.4
purl pkg:pypi/roundup@1.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3tr4-c65w-fbay
1
vulnerability VCID-bqn7-yjp5-6yf6
2
vulnerability VCID-csmv-58s1-5bde
3
vulnerability VCID-fg7q-khn3-q7hr
4
vulnerability VCID-fnpw-g6sy-1ucd
5
vulnerability VCID-jt1z-2fwz-kfgg
6
vulnerability VCID-mmv7-4kw7-kbex
7
vulnerability VCID-ntht-6gus-87cv
8
vulnerability VCID-uk8q-2vzm-hbhu
9
vulnerability VCID-wjqt-h4bh-gbgr
10
vulnerability VCID-x33h-j6fk-g3hm
11
vulnerability VCID-zk4h-xznt-n3c3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/roundup@1.4.4
aliases CVE-2008-1474, GHSA-c3qv-mf8h-434r, PYSEC-2008-9
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fp9t-1frx-hucu
6
url VCID-jt1z-2fwz-kfgg
vulnerability_id VCID-jt1z-2fwz-kfgg
summary The xml-rpc server in Roundup 1.4.4 does not check property permissions, which allows attackers to bypass restrictions and edit or read restricted properties via the (1) list, (2) display, and (3) set methods.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2008-1475
reference_id
reference_type
scores
0
value 0.00598
scoring_system epss
scoring_elements 0.69731
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2008-1475
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=436546
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=436546
2
reference_url http://secunia.com/advisories/29336
reference_id
reference_type
scores
url http://secunia.com/advisories/29336
3
reference_url http://secunia.com/advisories/29375
reference_id
reference_type
scores
url http://secunia.com/advisories/29375
4
reference_url http://secunia.com/advisories/30274
reference_id
reference_type
scores
url http://secunia.com/advisories/30274
5
reference_url http://secunia.com/advisories/32805
reference_id
reference_type
scores
url http://secunia.com/advisories/32805
6
reference_url http://security.gentoo.org/glsa/glsa-200805-21.xml
reference_id
reference_type
scores
url http://security.gentoo.org/glsa/glsa-200805-21.xml
7
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/41240
reference_id
reference_type
scores
url https://exchange.xforce.ibmcloud.com/vulnerabilities/41240
8
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2008-10.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2008-10.yaml
9
reference_url https://github.com/roundup-tracker/roundup
reference_id
reference_type
scores
url https://github.com/roundup-tracker/roundup
10
reference_url https://github.com/roundup-tracker/roundup/commit/c00b7e5801f8baa246fa76b4aad5287882310189
reference_id
reference_type
scores
url https://github.com/roundup-tracker/roundup/commit/c00b7e5801f8baa246fa76b4aad5287882310189
11
reference_url http://sourceforge.net/tracker/index.php?func=detail&aid=1907211&group_id=31577&atid=402788
reference_id
reference_type
scores
url http://sourceforge.net/tracker/index.php?func=detail&aid=1907211&group_id=31577&atid=402788
12
reference_url https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00264.html
reference_id
reference_type
scores
url https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00264.html
13
reference_url https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00375.html
reference_id
reference_type
scores
url https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00375.html
14
reference_url https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00452.html
reference_id
reference_type
scores
url https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00452.html
15
reference_url https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00478.html
reference_id
reference_type
scores
url https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00478.html
16
reference_url http://www.securityfocus.com/bid/28238
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/28238
17
reference_url http://www.vupen.com/english/advisories/2008/0891
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2008/0891
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2008-1475
reference_id CVE-2008-1475
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2008-1475
19
reference_url https://github.com/advisories/GHSA-j59j-h3g7-cpmf
reference_id GHSA-j59j-h3g7-cpmf
reference_type
scores
url https://github.com/advisories/GHSA-j59j-h3g7-cpmf
fixed_packages
0
url pkg:pypi/roundup@1.4.5
purl pkg:pypi/roundup@1.4.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/roundup@1.4.5
aliases CVE-2008-1475, GHSA-j59j-h3g7-cpmf, PYSEC-2008-10
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jt1z-2fwz-kfgg
7
url VCID-mmv7-4kw7-kbex
vulnerability_id VCID-mmv7-4kw7-kbex
summary Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the @action parameter to support/issue1.
references
0
reference_url http://issues.roundup-tracker.org/issue2550711
reference_id
reference_type
scores
url http://issues.roundup-tracker.org/issue2550711
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-6131
reference_id
reference_type
scores
0
value 0.00407
scoring_system epss
scoring_elements 0.61417
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-6131
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=722672
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=722672
3
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/84190
reference_id
reference_type
scores
url https://exchange.xforce.ibmcloud.com/vulnerabilities/84190
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2014-16.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2014-16.yaml
5
reference_url https://github.com/roundup-tracker/roundup
reference_id
reference_type
scores
url https://github.com/roundup-tracker/roundup
6
reference_url https://github.com/roundup-tracker/roundup/commit/38193cc7d93567e04dae71cf526427473685d35e
reference_id
reference_type
scores
url https://github.com/roundup-tracker/roundup/commit/38193cc7d93567e04dae71cf526427473685d35e
7
reference_url https://github.com/roundup-tracker/roundup/commit/ea29de37416f5b2126b3249cdd6bf12e5098c646
reference_id
reference_type
scores
url https://github.com/roundup-tracker/roundup/commit/ea29de37416f5b2126b3249cdd6bf12e5098c646
8
reference_url https://pypi.python.org/pypi/roundup/1.4.20
reference_id
reference_type
scores
url https://pypi.python.org/pypi/roundup/1.4.20
9
reference_url http://www.openwall.com/lists/oss-security/2012/11/10/2
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2012/11/10/2
10
reference_url http://www.openwall.com/lists/oss-security/2013/02/13/8
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2013/02/13/8
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-6131
reference_id CVE-2012-6131
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2012-6131
12
reference_url https://github.com/advisories/GHSA-gw2q-cgvq-9g3v
reference_id GHSA-gw2q-cgvq-9g3v
reference_type
scores
url https://github.com/advisories/GHSA-gw2q-cgvq-9g3v
fixed_packages
0
url pkg:pypi/roundup@1.4.20
purl pkg:pypi/roundup@1.4.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-csmv-58s1-5bde
1
vulnerability VCID-fg7q-khn3-q7hr
2
vulnerability VCID-ntht-6gus-87cv
3
vulnerability VCID-uk8q-2vzm-hbhu
4
vulnerability VCID-wjqt-h4bh-gbgr
5
vulnerability VCID-zk4h-xznt-n3c3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/roundup@1.4.20
aliases CVE-2012-6131, GHSA-gw2q-cgvq-9g3v, PYSEC-2014-16
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mmv7-4kw7-kbex
8
url VCID-ntht-6gus-87cv
vulnerability_id VCID-ntht-6gus-87cv
summary In Roundup before 2.5.0, XSS can occur via interaction between URLs and issue tracker templates (devel and responsive).
references
0
reference_url https://www.roundup-tracker.org/docs/security.html
reference_id
reference_type
scores
url https://www.roundup-tracker.org/docs/security.html
1
reference_url https://www.roundup-tracker.org/docs/upgrading.html#cve-2025-53865
reference_id
reference_type
scores
url https://www.roundup-tracker.org/docs/upgrading.html#cve-2025-53865
fixed_packages
0
url pkg:pypi/roundup@2.5.0
purl pkg:pypi/roundup@2.5.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/roundup@2.5.0
aliases CVE-2025-53865, PYSEC-2025-69
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ntht-6gus-87cv
9
url VCID-uk8q-2vzm-hbhu
vulnerability_id VCID-uk8q-2vzm-hbhu
summary Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents.
references
0
reference_url https://www.roundup-tracker.org
reference_id
reference_type
scores
url https://www.roundup-tracker.org
1
reference_url https://www.roundup-tracker.org/docs/security.html#cve-announcements
reference_id
reference_type
scores
url https://www.roundup-tracker.org/docs/security.html#cve-announcements
fixed_packages
0
url pkg:pypi/roundup@2.4.0
purl pkg:pypi/roundup@2.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ntht-6gus-87cv
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/roundup@2.4.0
aliases CVE-2024-39126, PYSEC-2024-65
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uk8q-2vzm-hbhu
10
url VCID-wjqt-h4bh-gbgr
vulnerability_id VCID-wjqt-h4bh-gbgr
summary In Roundup before 2.4.0, classhelpers (_generic.help.html) allow XSS.
references
0
reference_url https://www.roundup-tracker.org/
reference_id
reference_type
scores
url https://www.roundup-tracker.org/
1
reference_url https://www.roundup-tracker.org/docs/security.html#cve-announcements
reference_id
reference_type
scores
url https://www.roundup-tracker.org/docs/security.html#cve-announcements
fixed_packages
0
url pkg:pypi/roundup@2.4.0
purl pkg:pypi/roundup@2.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ntht-6gus-87cv
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/roundup@2.4.0
aliases CVE-2024-39124, PYSEC-2024-63
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wjqt-h4bh-gbgr
11
url VCID-x33h-j6fk-g3hm
vulnerability_id VCID-x33h-j6fk-g3hm
summary Cross-site scripting (XSS) vulnerability in the history display in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via a username, related to generating a link.
references
0
reference_url http://issues.roundup-tracker.org/issue2550684
reference_id
reference_type
scores
url http://issues.roundup-tracker.org/issue2550684
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-6130
reference_id
reference_type
scores
0
value 0.00407
scoring_system epss
scoring_elements 0.61417
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-6130
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=722672
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=722672
3
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/84189
reference_id
reference_type
scores
url https://exchange.xforce.ibmcloud.com/vulnerabilities/84189
4
reference_url https://pypi.python.org/pypi/roundup/1.4.20
reference_id
reference_type
scores
url https://pypi.python.org/pypi/roundup/1.4.20
5
reference_url http://www.openwall.com/lists/oss-security/2012/11/10/2
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2012/11/10/2
6
reference_url http://www.openwall.com/lists/oss-security/2013/02/13/8
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2013/02/13/8
fixed_packages
0
url pkg:pypi/roundup@1.4.20
purl pkg:pypi/roundup@1.4.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-csmv-58s1-5bde
1
vulnerability VCID-fg7q-khn3-q7hr
2
vulnerability VCID-ntht-6gus-87cv
3
vulnerability VCID-uk8q-2vzm-hbhu
4
vulnerability VCID-wjqt-h4bh-gbgr
5
vulnerability VCID-zk4h-xznt-n3c3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/roundup@1.4.20
aliases CVE-2012-6130, PYSEC-2014-15
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x33h-j6fk-g3hm
12
url VCID-zk4h-xznt-n3c3
vulnerability_id VCID-zk4h-xznt-n3c3
summary Roundup before 2.4.0 allows XSS via a SCRIPT element in an HTTP Referer header.
references
0
reference_url https://www.roundup-tracker.org
reference_id
reference_type
scores
url https://www.roundup-tracker.org
1
reference_url https://www.roundup-tracker.org/docs/security.html#cve-announcements
reference_id
reference_type
scores
url https://www.roundup-tracker.org/docs/security.html#cve-announcements
fixed_packages
0
url pkg:pypi/roundup@2.4.0
purl pkg:pypi/roundup@2.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ntht-6gus-87cv
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/roundup@2.4.0
aliases CVE-2024-39125, PYSEC-2024-64
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zk4h-xznt-n3c3
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/roundup@0.7.12