Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/60912?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/60912?format=api", "purl": "pkg:pypi/calibreweb@0.6.17", "type": "pypi", "namespace": "", "name": "calibreweb", "version": "0.6.17", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57709?format=api", "vulnerability_id": "VCID-4xd2-y3tq-ckh8", "summary": "Calibre Web and Autocaliweb have OS Command Injection vulnerability\nImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Calibre Web, Autocaliweb allows Blind OS Command Injection. This issue affects Calibre Web: 0.6.24 (Nicolette); Autocaliweb: from 0.7.0 before 0.7.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-7404", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02327", "scoring_system": "epss", "scoring_elements": "0.8514", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02327", "scoring_system": "epss", "scoring_elements": "0.85129", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.02327", "scoring_system": "epss", "scoring_elements": "0.85139", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.02327", "scoring_system": "epss", "scoring_elements": "0.85145", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-7404" }, { "reference_url": "https://fluidattacks.com/advisories/kino", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-25T13:33:27Z/" } ], "url": "https://fluidattacks.com/advisories/kino" }, { "reference_url": "https://github.com/gelbphoenix/autocaliweb", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-25T13:33:27Z/" } ], "url": "https://github.com/gelbphoenix/autocaliweb" }, { "reference_url": "https://github.com/janeczku/calibre-web", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-25T13:33:27Z/" } ], "url": "https://github.com/janeczku/calibre-web" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7404", "reference_id": "CVE-2025-7404", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7404" }, { "reference_url": "https://github.com/advisories/GHSA-qc4j-v7h6-xr5h", "reference_id": "GHSA-qc4j-v7h6-xr5h", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-qc4j-v7h6-xr5h" } ], "fixed_packages": [], "aliases": [ "CVE-2025-7404", "GHSA-qc4j-v7h6-xr5h" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4xd2-y3tq-ckh8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44956?format=api", "vulnerability_id": "VCID-bkzx-fvcv-t3g8", "summary": "Weak Password Requirements in GitHub repository janeczku/calibre-web prior to 0.6.20.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2106", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.58297", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.58279", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.58295", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.58305", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2106" }, { "reference_url": "https://github.com/janeczku/calibre-web", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/janeczku/calibre-web" }, { "reference_url": "https://github.com/janeczku/calibre-web/commit/49e4f540c9b204c7e39b3c27ceadecd83ed60e7e", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-06T15:32:47Z/" } ], "url": "https://github.com/janeczku/calibre-web/commit/49e4f540c9b204c7e39b3c27ceadecd83ed60e7e" }, { "reference_url": "https://huntr.dev/bounties/c3d5c647-7557-40a9-aee4-24dc14882781", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-06T15:32:47Z/" } ], "url": "https://huntr.dev/bounties/c3d5c647-7557-40a9-aee4-24dc14882781" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2106", "reference_id": "CVE-2023-2106", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2106" }, { "reference_url": "https://github.com/advisories/GHSA-mhmp-m6g7-7c24", "reference_id": "GHSA-mhmp-m6g7-7c24", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mhmp-m6g7-7c24" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64720?format=api", "purl": "pkg:pypi/calibreweb@0.6.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4xd2-y3tq-ckh8" }, { "vulnerability": "VCID-gb1g-yf4f-tygr" }, { "vulnerability": "VCID-gwc3-dztv-37dw" }, { "vulnerability": "VCID-m8wg-f36t-pygt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/calibreweb@0.6.20" } ], "aliases": [ "CVE-2023-2106", "GHSA-mhmp-m6g7-7c24" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bkzx-fvcv-t3g8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49323?format=api", "vulnerability_id": "VCID-gb1g-yf4f-tygr", "summary": "Calibre-Web Has a Stored Cross-Site Scripting (XSS) Vulnerability via the 'username' Field During User Creation\nA Stored Cross-Site Scripting (XSS) vulnerability in Calibre-Web v0.6.25 allows attackers to inject malicious JavaScript into the 'username' field during user creation. The payload is stored unsanitized and later executed when the /ajax/listusers endpoint is accessed.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-65858", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.09226", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.09149", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.09207", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.09208", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-65858" }, { "reference_url": "https://github.com/janeczku/calibre-web", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/janeczku/calibre-web" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65858", "reference_id": "CVE-2025-65858", "reference_type": "", "scores": [ { "value": "1.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65858" }, { "reference_url": "https://github.com/KhanhDuy155/calibre-web-CVE-2025-65858/blob/main/CVE-2025-65858.md", "reference_id": "CVE-2025-65858.MD", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N" }, { "value": "1.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-02T15:12:45Z/" } ], "url": "https://github.com/KhanhDuy155/calibre-web-CVE-2025-65858/blob/main/CVE-2025-65858.md" }, { "reference_url": "https://github.com/advisories/GHSA-pc5g-j9j7-p4q3", "reference_id": "GHSA-pc5g-j9j7-p4q3", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pc5g-j9j7-p4q3" } ], "fixed_packages": [], "aliases": [ "CVE-2025-65858", "GHSA-pc5g-j9j7-p4q3" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gb1g-yf4f-tygr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57708?format=api", "vulnerability_id": "VCID-gwc3-dztv-37dw", "summary": "Calibre Web and Autocaliweb have a ReDoS vulnerability\nReDoS in strip_whitespaces() function in cps/string_helper.py in Calibre Web and Autocaliweb allows unauthenticated remote attackers to cause denial of service via specially crafted username parameter that triggers catastrophic backtracking during login. This issue affects Calibre Web: 0.6.24 (Nicolette); Autocaliweb: from 0.7.0 before 0.7.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6998", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00202", "scoring_system": "epss", "scoring_elements": "0.42311", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00202", "scoring_system": "epss", "scoring_elements": "0.42247", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00202", "scoring_system": "epss", "scoring_elements": "0.42283", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00202", "scoring_system": "epss", "scoring_elements": "0.423", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6998" }, { "reference_url": "https://fluidattacks.com/advisories/megadeth", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-24T19:50:08Z/" } ], "url": "https://fluidattacks.com/advisories/megadeth" }, { "reference_url": "https://github.com/gelbphoenix/autocaliweb", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-24T19:50:08Z/" } ], "url": "https://github.com/gelbphoenix/autocaliweb" }, { "reference_url": "https://github.com/janeczku/calibre-web", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-24T19:50:08Z/" } ], "url": "https://github.com/janeczku/calibre-web" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6998", "reference_id": "CVE-2025-6998", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6998" }, { "reference_url": "https://github.com/advisories/GHSA-2g7m-ph9x-7q7m", "reference_id": "GHSA-2g7m-ph9x-7q7m", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-2g7m-ph9x-7q7m" } ], "fixed_packages": [], "aliases": [ "CVE-2025-6998", "GHSA-2g7m-ph9x-7q7m" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gwc3-dztv-37dw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111589?format=api", "vulnerability_id": "VCID-jcpd-2fkh-mkc1", "summary": "SQL injection in calibreweb\nCalibre-Web before 0.6.18 allows user table SQL Injection.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-30765", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.50051", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.50078", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.50106", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.50121", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.50113", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-30765" }, { "reference_url": "https://github.com/janeczku/calibre-web", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/janeczku/calibre-web" }, { "reference_url": "https://github.com/janeczku/calibre-web/blob/master/SECURITY.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/janeczku/calibre-web/blob/master/SECURITY.md" }, { "reference_url": "https://github.com/janeczku/calibre-web/releases/tag/0.6.18", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/janeczku/calibre-web/releases/tag/0.6.18" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30765", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30765" }, { "reference_url": "https://github.com/advisories/GHSA-8ppf-x4gr-2x7g", "reference_id": "GHSA-8ppf-x4gr-2x7g", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8ppf-x4gr-2x7g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/153106?format=api", "purl": "pkg:pypi/calibreweb@0.6.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4xd2-y3tq-ckh8" }, { "vulnerability": "VCID-bkzx-fvcv-t3g8" }, { "vulnerability": "VCID-gb1g-yf4f-tygr" }, { "vulnerability": "VCID-gwc3-dztv-37dw" }, { "vulnerability": "VCID-m8wg-f36t-pygt" }, { "vulnerability": "VCID-s28v-vbvy-3bgb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/calibreweb@0.6.18" } ], "aliases": [ "CVE-2022-30765", "GHSA-8ppf-x4gr-2x7g" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jcpd-2fkh-mkc1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55546?format=api", "vulnerability_id": "VCID-m8wg-f36t-pygt", "summary": "Calibre-Web Cross Site Scripting (XSS)\nIn janeczku Calibre-Web 0.6.0 to 0.6.21, the edit_book_comments function is vulnerable to Cross Site Scripting (XSS) due to improper sanitization performed by the clean_string function. The vulnerability arises from the way the clean_string function handles HTML sanitization.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39123", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.16445", "scoring_system": "epss", "scoring_elements": "0.95016", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.16445", "scoring_system": "epss", "scoring_elements": "0.95014", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.16445", "scoring_system": "epss", "scoring_elements": "0.95013", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39123" }, { "reference_url": "https://github.com/janeczku/calibre-web", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/janeczku/calibre-web" }, { "reference_url": "https://github.com/pentesttoolscom/vulnerability-research/tree/master/CVE-2024-39123", "reference_id": "CVE-2024-39123", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-23T15:47:04Z/" } ], "url": "https://github.com/pentesttoolscom/vulnerability-research/tree/master/CVE-2024-39123" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39123", "reference_id": "CVE-2024-39123", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39123" }, { "reference_url": "https://github.com/advisories/GHSA-j22r-3rf3-cv25", "reference_id": "GHSA-j22r-3rf3-cv25", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j22r-3rf3-cv25" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/752005?format=api", "purl": "pkg:pypi/calibreweb@0.6.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4xd2-y3tq-ckh8" }, { "vulnerability": "VCID-gb1g-yf4f-tygr" }, { "vulnerability": "VCID-gwc3-dztv-37dw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/calibreweb@0.6.22" } ], "aliases": [ "CVE-2024-39123", "GHSA-j22r-3rf3-cv25" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m8wg-f36t-pygt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44955?format=api", "vulnerability_id": "VCID-s28v-vbvy-3bgb", "summary": "Improper Restriction of Excessive Authentication Attempts in GitHub repository janeczku/calibre-web prior to 0.6.20.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2525", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57887", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57863", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57825", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57876", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57878", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2525" }, { "reference_url": "https://github.com/janeczku/calibre-web/commit/49e4f540c9b204c7e39b3c27ceadecd83ed60e7e", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-06T16:02:14Z/" } ], "url": "https://github.com/janeczku/calibre-web/commit/49e4f540c9b204c7e39b3c27ceadecd83ed60e7e" }, { "reference_url": "https://huntr.dev/bounties/9ff87820-c14c-4454-9764-406496254ef0", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-06T16:02:14Z/" } ], "url": "https://huntr.dev/bounties/9ff87820-c14c-4454-9764-406496254ef0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2525", "reference_id": "CVE-2022-2525", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2525" }, { "reference_url": "https://github.com/advisories/GHSA-jg8w-wgx2-g7q4", "reference_id": "GHSA-jg8w-wgx2-g7q4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jg8w-wgx2-g7q4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64720?format=api", "purl": "pkg:pypi/calibreweb@0.6.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4xd2-y3tq-ckh8" }, { "vulnerability": "VCID-gb1g-yf4f-tygr" }, { "vulnerability": "VCID-gwc3-dztv-37dw" }, { "vulnerability": "VCID-m8wg-f36t-pygt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/calibreweb@0.6.20" } ], "aliases": [ "CVE-2022-2525", "GHSA-jg8w-wgx2-g7q4" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s28v-vbvy-3bgb" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42596?format=api", "vulnerability_id": "VCID-g6g1-rcqv-wkdj", "summary": "Server-Side Request Forgery in calibreweb\nServer-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0767", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41532", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.4147", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41502", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.4145", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41525", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0767" }, { "reference_url": "https://github.com/janeczku/calibre-web", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/janeczku/calibre-web" }, { "reference_url": "https://github.com/janeczku/calibre-web/commit/965352c8d96c9eae7a6867ff76b0db137d04b0b8", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/janeczku/calibre-web/commit/965352c8d96c9eae7a6867ff76b0db137d04b0b8" }, { "reference_url": "https://huntr.dev/bounties/b26fc127-9b6a-4be7-a455-58aefbb62d9e", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/b26fc127-9b6a-4be7-a455-58aefbb62d9e" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0767", "reference_id": "CVE-2022-0767", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0767" }, { "reference_url": "https://github.com/advisories/GHSA-h65g-jfqg-2w6m", "reference_id": "GHSA-h65g-jfqg-2w6m", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h65g-jfqg-2w6m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60912?format=api", "purl": "pkg:pypi/calibreweb@0.6.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4xd2-y3tq-ckh8" }, { "vulnerability": "VCID-bkzx-fvcv-t3g8" }, { "vulnerability": "VCID-gb1g-yf4f-tygr" }, { "vulnerability": "VCID-gwc3-dztv-37dw" }, { "vulnerability": "VCID-jcpd-2fkh-mkc1" }, { "vulnerability": "VCID-m8wg-f36t-pygt" }, { "vulnerability": "VCID-s28v-vbvy-3bgb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/calibreweb@0.6.17" } ], "aliases": [ "CVE-2022-0767", "GHSA-h65g-jfqg-2w6m" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g6g1-rcqv-wkdj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42595?format=api", "vulnerability_id": "VCID-kekh-f74c-m7bt", "summary": "Server-Side Request Forgery in calibreweb\nServer-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0766", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52542", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52563", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52591", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.5261", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52602", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0766" }, { "reference_url": "https://github.com/janeczku/calibre-web", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/janeczku/calibre-web" }, { "reference_url": "https://github.com/janeczku/calibre-web/commit/965352c8d96c9eae7a6867ff76b0db137d04b0b8", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/janeczku/calibre-web/commit/965352c8d96c9eae7a6867ff76b0db137d04b0b8" }, { "reference_url": "https://huntr.dev/bounties/7f2a5bb4-e6c7-4b6a-b8eb-face9e3add7b", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/7f2a5bb4-e6c7-4b6a-b8eb-face9e3add7b" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0766", "reference_id": "CVE-2022-0766", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0766" }, { "reference_url": "https://github.com/advisories/GHSA-2647-c639-qv2j", "reference_id": "GHSA-2647-c639-qv2j", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2647-c639-qv2j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60912?format=api", "purl": "pkg:pypi/calibreweb@0.6.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4xd2-y3tq-ckh8" }, { "vulnerability": "VCID-bkzx-fvcv-t3g8" }, { "vulnerability": "VCID-gb1g-yf4f-tygr" }, { "vulnerability": "VCID-gwc3-dztv-37dw" }, { "vulnerability": "VCID-jcpd-2fkh-mkc1" }, { "vulnerability": "VCID-m8wg-f36t-pygt" }, { "vulnerability": "VCID-s28v-vbvy-3bgb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/calibreweb@0.6.17" } ], "aliases": [ "CVE-2022-0766", "GHSA-2647-c639-qv2j" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kekh-f74c-m7bt" } ], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/calibreweb@0.6.17" }