Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/appwrite/server-ce@0.12.2

Type composer

Namespace appwrite

Name server-ce

Version 0.12.2

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url VCID-4ptx-3zht-g7b8

vulnerability_id VCID-4ptx-3zht-g7b8

summary

Appwrite Vulnerable to Cross-site Scripting
Appwrite is vulnerable to stored cross-site scripting in usernames, function names, storage bucket names, and database collection names.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-2925

reference_id

reference_type

scores

value	0.00348
scoring_system	epss
scoring_elements	0.57651
published_at	2026-06-05T12:55:00Z

value	0.00348
scoring_system	epss
scoring_elements	0.57599
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-2925

reference_url

https://drive.google.com/file/d/1JoMQy1KTodVtIVOzH3vKcC3AwZz0PrFb/view?usp=sharing

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://drive.google.com/file/d/1JoMQy1KTodVtIVOzH3vKcC3AwZz0PrFb/view?usp=sharing

reference_url

https://github.com/appwrite/appwrite

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/appwrite/appwrite

reference_url

https://github.com/appwrite/appwrite/commit/b5b4d92623c13fa8e5c71736db461e81fb7a7ade

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/appwrite/appwrite/commit/b5b4d92623c13fa8e5c71736db461e81fb7a7ade

reference_url

https://huntr.dev/bounties/a3b4148f-165f-4583-abed-5568696d99dc

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://huntr.dev/bounties/a3b4148f-165f-4583-abed-5568696d99dc

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-2925

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-2925

reference_url

https://github.com/advisories/GHSA-5ffj-mph5-c5hv

reference_id

GHSA-5ffj-mph5-c5hv

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-5ffj-mph5-c5hv

fixed_packages

url pkg:composer/appwrite/server-ce@1.0.0-RC1

purl pkg:composer/appwrite/server-ce@1.0.0-RC1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dtju-jew3-3qgz

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/appwrite/server-ce@1.0.0-RC1

url pkg:composer/appwrite/server-ce@1.0.0

purl pkg:composer/appwrite/server-ce@1.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dtju-jew3-3qgz

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/appwrite/server-ce@1.0.0

aliases CVE-2022-2925, GHSA-5ffj-mph5-c5hv

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4ptx-3zht-g7b8

url

VCID-dtju-jew3-3qgz

vulnerability_id

VCID-dtju-jew3-3qgz

summary

Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /v1/avatars/favicon. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request.

references

reference_url

http://appwrite.com

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-18T15:08:46Z/

url

http://appwrite.com

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-27159

reference_id

reference_type

scores

value	0.76972
scoring_system	epss
scoring_elements	0.9898
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-27159

reference_url

https://gist.github.com/b33t1e/43b26c31e895baf7e7aea2dbf9743a9a

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-18T15:08:46Z/

url

https://gist.github.com/b33t1e/43b26c31e895baf7e7aea2dbf9743a9a

reference_url

https://gist.github.com/b33t1e/e9e8192317c111e7897e04d2f9bf5fdb

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-18T15:08:46Z/

url

https://gist.github.com/b33t1e/e9e8192317c111e7897e04d2f9bf5fdb

reference_url

https://github.com/appwrite/appwrite

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-18T15:08:46Z/

url

https://github.com/appwrite/appwrite

reference_url

https://notes.sjtu.edu.cn/gMNlpByZSDiwrl9uZyHTKA

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-18T15:08:46Z/

url

https://notes.sjtu.edu.cn/gMNlpByZSDiwrl9uZyHTKA

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-27159

reference_id

CVE-2023-27159

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-27159

fixed_packages

aliases

CVE-2023-27159, GHSA-hxgx-584x-vwm8

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-dtju-jew3-3qgz

Fixing_vulnerabilities

url VCID-qx2s-2peg-2fa6

vulnerability_id VCID-qx2s-2peg-2fa6

summary

Appwrite Directory Traversal vulnerability
The ACME-challenge endpoint in Appwrite 0.5.0 through 0.12.x before 0.12.2 allows remote attackers to read arbitrary local files via ../ directory traversal. In order to be vulnerable, `APP_STORAGE_CERTIFICATES/.well-known/acme-challenge` must exist on disk. (This pathname is automatically created if the user chooses to install Let's Encrypt certificates via Appwrite.)

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-25377

reference_id

reference_type

scores

value	0.00139
scoring_system	epss
scoring_elements	0.33643
published_at	2026-06-04T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.33744
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-25377

reference_url

https://dubell.io/unauthenticated-lfi-in-appwrite-0.5.0-0.12.1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://dubell.io/unauthenticated-lfi-in-appwrite-0.5.0-0.12.1

reference_url

https://github.com/appwrite/appwrite

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/appwrite/appwrite

reference_url

https://github.com/appwrite/appwrite/blob/0.12.0/app/controllers/general.php#L539

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-21T14:55:02Z/

url

https://github.com/appwrite/appwrite/blob/0.12.0/app/controllers/general.php#L539

reference_url

https://github.com/appwrite/appwrite/commit/892f6fa4ba0d44e2435ffad1a84542400cfb7a9b

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/appwrite/appwrite/commit/892f6fa4ba0d44e2435ffad1a84542400cfb7a9b

reference_url

https://github.com/appwrite/appwrite/pull/2780

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-21T14:55:02Z/

url

https://github.com/appwrite/appwrite/pull/2780

reference_url

https://github.com/appwrite/appwrite/releases/tag/0.12.2

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-21T14:55:02Z/

url

https://github.com/appwrite/appwrite/releases/tag/0.12.2

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-25377

reference_id

CVE-2022-25377

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-25377

reference_url

https://github.com/advisories/GHSA-wfm3-gq9h-mrjm

reference_id

GHSA-wfm3-gq9h-mrjm

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-wfm3-gq9h-mrjm

reference_url

https://dubell.io/unauthenticated-lfi-in-appwrite-0.5.0-0.12.1/

reference_id

unauthenticated-lfi-in-appwrite-0.5.0-0.12.1

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-21T14:55:02Z/

url

https://dubell.io/unauthenticated-lfi-in-appwrite-0.5.0-0.12.1/

fixed_packages

url pkg:composer/appwrite/server-ce@0.12.2

purl pkg:composer/appwrite/server-ce@0.12.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4ptx-3zht-g7b8

vulnerability	VCID-dtju-jew3-3qgz

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/appwrite/server-ce@0.12.2

aliases CVE-2022-25377, GHSA-wfm3-gq9h-mrjm

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qx2s-2peg-2fa6

url VCID-x7wu-vcge-33g6

vulnerability_id VCID-x7wu-vcge-33g6

summary

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
This affects the package litespeed.js before 0.3.12; the package appwrite/server-ce from 0.12.0 and before 0.12.2, before 0.11.1. When parsing the query string in the getJsonFromUrl function, the key that is set in the result object is not properly sanitized leading to a Prototype Pollution vulnerability.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-23682

reference_id

reference_type

scores

value	0.05384
scoring_system	epss
scoring_elements	0.90292
published_at	2026-06-05T12:55:00Z

value	0.05384
scoring_system	epss
scoring_elements	0.90277
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-23682

reference_url

https://github.com/appwrite/appwrite/pull/2778

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/appwrite/appwrite/pull/2778

reference_url

https://github.com/appwrite/appwrite/releases/tag/0.11.1

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/appwrite/appwrite/releases/tag/0.11.1

reference_url

https://github.com/appwrite/appwrite/releases/tag/0.12.2

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/appwrite/appwrite/releases/tag/0.12.2

reference_url

https://github.com/litespeed-js/litespeed.js/pull/18

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/litespeed-js/litespeed.js/pull/18

reference_url

https://snyk.io/vuln/SNYK-JS-LITESPEEDJS-2359250

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JS-LITESPEEDJS-2359250

reference_url

https://snyk.io/vuln/SNYK-PHP-APPWRITESERVERCE-2401820

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-PHP-APPWRITESERVERCE-2401820

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-23682

reference_id

CVE-2021-23682

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-23682

reference_url

https://github.com/advisories/GHSA-v9p9-535w-4285

reference_id

GHSA-v9p9-535w-4285

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-v9p9-535w-4285

fixed_packages

url pkg:composer/appwrite/server-ce@0.11.1

purl pkg:composer/appwrite/server-ce@0.11.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4ptx-3zht-g7b8

vulnerability	VCID-dtju-jew3-3qgz

vulnerability	VCID-qx2s-2peg-2fa6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/appwrite/server-ce@0.11.1

url pkg:composer/appwrite/server-ce@0.12.2

purl pkg:composer/appwrite/server-ce@0.12.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4ptx-3zht-g7b8

vulnerability	VCID-dtju-jew3-3qgz

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/appwrite/server-ce@0.12.2

aliases CVE-2021-23682, GHSA-v9p9-535w-4285

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x7wu-vcge-33g6

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/appwrite/server-ce@0.12.2

Package Instance