Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/edk2@0?distro=trixie

Type deb

Namespace debian

Name edk2

Version 0

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 2020.05-4

Latest_non_vulnerable_version 2025.11-5

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-6xr7-4aq5-rye5

vulnerability_id VCID-6xr7-4aq5-rye5

summary Integer overflow in the Drive Execution Environment (DXE) phase in the Capsule Update feature in the UEFI implementation in EDK2 allows physically proximate attackers to bypass intended access restrictions via crafted data.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-4859

reference_id

reference_type

scores

value	0.00039
scoring_system	epss
scoring_elements	0.11803
published_at	2026-04-01T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11919
published_at	2026-04-02T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11966
published_at	2026-04-04T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11755
published_at	2026-04-07T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11838
published_at	2026-04-08T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11889
published_at	2026-04-09T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.119
published_at	2026-04-11T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11862
published_at	2026-04-12T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11834
published_at	2026-04-13T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11698
published_at	2026-04-16T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11697
published_at	2026-04-18T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11814
published_at	2026-04-21T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.17358
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-4859

fixed_packages

url	pkg:deb/debian/edk2@0?distro=trixie
purl	pkg:deb/debian/edk2@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@0%3Fdistro=trixie

url pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b7a9-w2fs-dbh7

vulnerability	VCID-k7zd-s9nc-r3hb

vulnerability	VCID-mg21-k76s-sqfp

vulnerability	VCID-quq1-8rke-c3gf

vulnerability	VCID-r48c-b4df-ffhx

vulnerability	VCID-sd4b-3g4z-mubq

vulnerability	VCID-z1gk-5f8t-tqau

vulnerability	VCID-zd64-tjtu-sua3

vulnerability	VCID-zwx2-8yhh-7yef

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2?distro=trixie

purl pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b7a9-w2fs-dbh7

vulnerability	VCID-k7zd-s9nc-r3hb

vulnerability	VCID-mg21-k76s-sqfp

vulnerability	VCID-quq1-8rke-c3gf

vulnerability	VCID-r48c-b4df-ffhx

vulnerability	VCID-sd4b-3g4z-mubq

vulnerability	VCID-z1gk-5f8t-tqau

vulnerability	VCID-zd64-tjtu-sua3

vulnerability	VCID-zwx2-8yhh-7yef

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u2%3Fdistro=trixie

url pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zd64-tjtu-sua3

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1%3Fdistro=trixie

url pkg:deb/debian/edk2@2025.02-9?distro=trixie

purl pkg:deb/debian/edk2@2025.02-9?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zd64-tjtu-sua3

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-9%3Fdistro=trixie

url	pkg:deb/debian/edk2@2025.11-4?distro=trixie
purl	pkg:deb/debian/edk2@2025.11-4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-4%3Fdistro=trixie

url	pkg:deb/debian/edk2@2025.11-5?distro=trixie
purl	pkg:deb/debian/edk2@2025.11-5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-5%3Fdistro=trixie

aliases CVE-2014-4859

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6xr7-4aq5-rye5

url VCID-stpq-vk6v-k3g4

vulnerability_id VCID-stpq-vk6v-k3g4

summary Multiple integer overflows in the Pre-EFI Initialization (PEI) boot phase in the Capsule Update feature in the UEFI implementation in EDK2 allow physically proximate attackers to bypass intended access restrictions by providing crafted data that is not properly handled during the coalescing phase.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-4860

reference_id

reference_type

scores

value	0.00037
scoring_system	epss
scoring_elements	0.11025
published_at	2026-04-01T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.11155
published_at	2026-04-02T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.11218
published_at	2026-04-04T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.11035
published_at	2026-04-07T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.11114
published_at	2026-04-08T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.1117
published_at	2026-04-09T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.11174
published_at	2026-04-11T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.11142
published_at	2026-04-12T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.11119
published_at	2026-04-13T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.10984
published_at	2026-04-16T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.10998
published_at	2026-04-18T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.11134
published_at	2026-04-21T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12776
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-4860

fixed_packages

url	pkg:deb/debian/edk2@0?distro=trixie
purl	pkg:deb/debian/edk2@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@0%3Fdistro=trixie

url pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b7a9-w2fs-dbh7

vulnerability	VCID-k7zd-s9nc-r3hb

vulnerability	VCID-mg21-k76s-sqfp

vulnerability	VCID-quq1-8rke-c3gf

vulnerability	VCID-r48c-b4df-ffhx

vulnerability	VCID-sd4b-3g4z-mubq

vulnerability	VCID-z1gk-5f8t-tqau

vulnerability	VCID-zd64-tjtu-sua3

vulnerability	VCID-zwx2-8yhh-7yef

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2?distro=trixie

purl pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b7a9-w2fs-dbh7

vulnerability	VCID-k7zd-s9nc-r3hb

vulnerability	VCID-mg21-k76s-sqfp

vulnerability	VCID-quq1-8rke-c3gf

vulnerability	VCID-r48c-b4df-ffhx

vulnerability	VCID-sd4b-3g4z-mubq

vulnerability	VCID-z1gk-5f8t-tqau

vulnerability	VCID-zd64-tjtu-sua3

vulnerability	VCID-zwx2-8yhh-7yef

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u2%3Fdistro=trixie

url pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zd64-tjtu-sua3

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1%3Fdistro=trixie

url pkg:deb/debian/edk2@2025.02-9?distro=trixie

purl pkg:deb/debian/edk2@2025.02-9?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zd64-tjtu-sua3

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-9%3Fdistro=trixie

url	pkg:deb/debian/edk2@2025.11-4?distro=trixie
purl	pkg:deb/debian/edk2@2025.11-4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-4%3Fdistro=trixie

url	pkg:deb/debian/edk2@2025.11-5?distro=trixie
purl	pkg:deb/debian/edk2@2025.11-5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-5%3Fdistro=trixie

aliases CVE-2014-4860

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-stpq-vk6v-k3g4

url VCID-z6dd-929s-n7cr

vulnerability_id VCID-z6dd-929s-n7cr

summary edk2: insufficient memory write in SMM service leads to privilege escalation

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12182.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12182.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-12182

reference_id

reference_type

scores

value	0.00095
scoring_system	epss
scoring_elements	0.26389
published_at	2026-04-01T12:55:00Z

value	0.00095
scoring_system	epss
scoring_elements	0.26152
published_at	2026-04-24T12:55:00Z

value	0.00095
scoring_system	epss
scoring_elements	0.26262
published_at	2026-04-18T12:55:00Z

value	0.00095
scoring_system	epss
scoring_elements	0.26227
published_at	2026-04-21T12:55:00Z

value	0.00095
scoring_system	epss
scoring_elements	0.2644
published_at	2026-04-02T12:55:00Z

value	0.00095
scoring_system	epss
scoring_elements	0.26484
published_at	2026-04-04T12:55:00Z

value	0.00095
scoring_system	epss
scoring_elements	0.26258
published_at	2026-04-07T12:55:00Z

value	0.00095
scoring_system	epss
scoring_elements	0.26326
published_at	2026-04-08T12:55:00Z

value	0.00095
scoring_system	epss
scoring_elements	0.26377
published_at	2026-04-09T12:55:00Z

value	0.00095
scoring_system	epss
scoring_elements	0.26386
published_at	2026-04-11T12:55:00Z

value	0.00095
scoring_system	epss
scoring_elements	0.2634
published_at	2026-04-12T12:55:00Z

value	0.00095
scoring_system	epss
scoring_elements	0.26281
published_at	2026-04-13T12:55:00Z

value	0.00095
scoring_system	epss
scoring_elements	0.26287
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-12182

reference_url	https://edk2-docs.gitbooks.io/security-advisory/content/sw-smi-confused-deputy-smramsavestate_c.html
reference_id
reference_type
scores
url	https://edk2-docs.gitbooks.io/security-advisory/content/sw-smi-confused-deputy-smramsavestate_c.html

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQYVZRFEXSN3KS43AVH4D7QX553EZQYP/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQYVZRFEXSN3KS43AVH4D7QX553EZQYP/

reference_url	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03912en_us
reference_id
reference_type
scores
url	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03912en_us

reference_url	http://www.securityfocus.com/bid/107648
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/107648

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1694081
reference_id	1694081
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1694081

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tianocore:edk_ii:-:::::::*
reference_id	cpe:2.3:a:tianocore:edk_ii:-:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tianocore:edk_ii:-:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-12182

reference_id

CVE-2018-12182

reference_type

scores

value	4.6
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:N/C:P/I:P/A:P

value	6.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-12182

reference_url	https://usn.ubuntu.com/6920-1/
reference_id	USN-6920-1
reference_type
scores
url	https://usn.ubuntu.com/6920-1/

fixed_packages

url	pkg:deb/debian/edk2@0?distro=trixie
purl	pkg:deb/debian/edk2@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@0%3Fdistro=trixie

url pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b7a9-w2fs-dbh7

vulnerability	VCID-k7zd-s9nc-r3hb

vulnerability	VCID-mg21-k76s-sqfp

vulnerability	VCID-quq1-8rke-c3gf

vulnerability	VCID-r48c-b4df-ffhx

vulnerability	VCID-sd4b-3g4z-mubq

vulnerability	VCID-z1gk-5f8t-tqau

vulnerability	VCID-zd64-tjtu-sua3

vulnerability	VCID-zwx2-8yhh-7yef

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2?distro=trixie

purl pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b7a9-w2fs-dbh7

vulnerability	VCID-k7zd-s9nc-r3hb

vulnerability	VCID-mg21-k76s-sqfp

vulnerability	VCID-quq1-8rke-c3gf

vulnerability	VCID-r48c-b4df-ffhx

vulnerability	VCID-sd4b-3g4z-mubq

vulnerability	VCID-z1gk-5f8t-tqau

vulnerability	VCID-zd64-tjtu-sua3

vulnerability	VCID-zwx2-8yhh-7yef

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u2%3Fdistro=trixie

url pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zd64-tjtu-sua3

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1%3Fdistro=trixie

url pkg:deb/debian/edk2@2025.02-9?distro=trixie

purl pkg:deb/debian/edk2@2025.02-9?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zd64-tjtu-sua3

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-9%3Fdistro=trixie

url	pkg:deb/debian/edk2@2025.11-4?distro=trixie
purl	pkg:deb/debian/edk2@2025.11-4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-4%3Fdistro=trixie

url	pkg:deb/debian/edk2@2025.11-5?distro=trixie
purl	pkg:deb/debian/edk2@2025.11-5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-5%3Fdistro=trixie

aliases CVE-2018-12182

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z6dd-929s-n7cr

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@0%3Fdistro=trixie

Package Instance