Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/awstats@6.4-1sarge3

Type deb

Namespace debian

Name awstats

Version 6.4-1sarge3

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 7.8-2+deb11u1

Latest_non_vulnerable_version 7.8-2+deb11u1

Affected_by_vulnerabilities

url VCID-7jzt-1m61-cqct

vulnerability_id VCID-7jzt-1m61-cqct

summary Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-1000501

reference_id

reference_type

scores

value	0.06548
scoring_system	epss
scoring_elements	0.91302
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-1000501

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000501
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000501

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885835
reference_id	885835
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885835

reference_url	https://security.gentoo.org/glsa/202007-37
reference_id	GLSA-202007-37
reference_type
scores
url	https://security.gentoo.org/glsa/202007-37

fixed_packages

url pkg:deb/debian/awstats@7.2%2Bdfsg-1%2Bdeb8u1

purl pkg:deb/debian/awstats@7.2%2Bdfsg-1%2Bdeb8u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y1kf-udqd-mbhh

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.2%252Bdfsg-1%252Bdeb8u1

aliases CVE-2017-1000501

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7jzt-1m61-cqct

url VCID-y1kf-udqd-mbhh

vulnerability_id VCID-y1kf-udqd-mbhh

summary directory traversal

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-35176

reference_id

reference_type

scores

value	0.00937
scoring_system	epss
scoring_elements	0.76568
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-35176

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35176
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35176

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977190
reference_id	977190
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977190

reference_url	https://security.archlinux.org/ASA-202103-15
reference_id	ASA-202103-15
reference_type
scores
url	https://security.archlinux.org/ASA-202103-15

reference_url

https://security.archlinux.org/AVG-1356

reference_id

AVG-1356

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1356

fixed_packages

url	pkg:deb/debian/awstats@7.8-2%2Bdeb11u1
purl	pkg:deb/debian/awstats@7.8-2%2Bdeb11u1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-2%252Bdeb11u1

aliases CVE-2020-35176

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y1kf-udqd-mbhh

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@6.4-1sarge3

Package Instance