Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/nystudio107/craft-seomatic@3.4.12
Typecomposer
Namespacenystudio107
Namecraft-seomatic
Version3.4.12
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.4.13
Latest_non_vulnerable_version3.4.13
Affected_by_vulnerabilities
0
url VCID-pnen-ufkp-pqct
vulnerability_id VCID-pnen-ufkp-pqct
summary 
Improper Control of Generation of Code ('Code Injection')
A Server-side Template Injection (SSTI) vulnerability exists in Nystudio107 Seomatic 3.4.12 in src/helpers/UrlHelper.php via the host header.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-44618
reference_id
reference_type
scores
0
value 0.00513
scoring_system epss
scoring_elements 0.66916
published_at 2026-06-06T12:55:00Z
1
value 0.00513
scoring_system epss
scoring_elements 0.66885
published_at 2026-06-08T12:55:00Z
2
value 0.00513
scoring_system epss
scoring_elements 0.669
published_at 2026-06-07T12:55:00Z
3
value 0.00513
scoring_system epss
scoring_elements 0.66867
published_at 2026-06-04T12:55:00Z
4
value 0.00513
scoring_system epss
scoring_elements 0.66907
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-44618
1
reference_url https://github.com/nystudio107/craft-seomatic
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/nystudio107/craft-seomatic
2
reference_url https://github.com/nystudio107/craft-seomatic/commit/0c5c0c0e0cb61000d12ec55ebf174745a5bf6469
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/nystudio107/craft-seomatic/commit/0c5c0c0e0cb61000d12ec55ebf174745a5bf6469
3
reference_url https://github.com/nystudio107/craft-seomatic/releases/tag/3.4.12
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/nystudio107/craft-seomatic/releases/tag/3.4.12
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-44618
reference_id CVE-2021-44618
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-44618
5
reference_url https://github.com/advisories/GHSA-m3xv-x3ph-mq22
reference_id GHSA-m3xv-x3ph-mq22
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m3xv-x3ph-mq22
fixed_packages
0
url pkg:composer/nystudio107/craft-seomatic@3.4.13
purl pkg:composer/nystudio107/craft-seomatic@3.4.13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/nystudio107/craft-seomatic@3.4.13
aliases CVE-2021-44618, GHSA-m3xv-x3ph-mq22
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pnen-ufkp-pqct
Fixing_vulnerabilities
0
url VCID-pnen-ufkp-pqct
vulnerability_id VCID-pnen-ufkp-pqct
summary 
Improper Control of Generation of Code ('Code Injection')
A Server-side Template Injection (SSTI) vulnerability exists in Nystudio107 Seomatic 3.4.12 in src/helpers/UrlHelper.php via the host header.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-44618
reference_id
reference_type
scores
0
value 0.00513
scoring_system epss
scoring_elements 0.66916
published_at 2026-06-06T12:55:00Z
1
value 0.00513
scoring_system epss
scoring_elements 0.66885
published_at 2026-06-08T12:55:00Z
2
value 0.00513
scoring_system epss
scoring_elements 0.669
published_at 2026-06-07T12:55:00Z
3
value 0.00513
scoring_system epss
scoring_elements 0.66867
published_at 2026-06-04T12:55:00Z
4
value 0.00513
scoring_system epss
scoring_elements 0.66907
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-44618
1
reference_url https://github.com/nystudio107/craft-seomatic
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/nystudio107/craft-seomatic
2
reference_url https://github.com/nystudio107/craft-seomatic/commit/0c5c0c0e0cb61000d12ec55ebf174745a5bf6469
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/nystudio107/craft-seomatic/commit/0c5c0c0e0cb61000d12ec55ebf174745a5bf6469
3
reference_url https://github.com/nystudio107/craft-seomatic/releases/tag/3.4.12
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/nystudio107/craft-seomatic/releases/tag/3.4.12
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-44618
reference_id CVE-2021-44618
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-44618
5
reference_url https://github.com/advisories/GHSA-m3xv-x3ph-mq22
reference_id GHSA-m3xv-x3ph-mq22
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m3xv-x3ph-mq22
fixed_packages
0
url pkg:composer/nystudio107/craft-seomatic@3.4.12
purl pkg:composer/nystudio107/craft-seomatic@3.4.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pnen-ufkp-pqct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/nystudio107/craft-seomatic@3.4.12
1
url pkg:composer/nystudio107/craft-seomatic@3.4.13
purl pkg:composer/nystudio107/craft-seomatic@3.4.13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/nystudio107/craft-seomatic@3.4.13
aliases CVE-2021-44618, GHSA-m3xv-x3ph-mq22
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pnen-ufkp-pqct
1
url VCID-qjyr-4hen-gbhm
vulnerability_id VCID-qjyr-4hen-gbhm
summary 
Code Injection in SEOmatic
In the SEOmatic plugin up to 3.4.11 for Craft CMS 3, it is possible for unauthenticated attackers to perform a Server-Side Template Injection, allowing for remote code execution.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-41749
reference_id
reference_type
scores
0
value 0.85815
scoring_system epss
scoring_elements 0.99398
published_at 2026-06-04T12:55:00Z
1
value 0.85815
scoring_system epss
scoring_elements 0.994
published_at 2026-06-07T12:55:00Z
2
value 0.85815
scoring_system epss
scoring_elements 0.99399
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-41749
1
reference_url https://github.com/nystudio107/craft-seomatic
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/nystudio107/craft-seomatic
2
reference_url https://github.com/nystudio107/craft-seomatic/blob/develop/CHANGELOG.md
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/nystudio107/craft-seomatic/blob/develop/CHANGELOG.md
3
reference_url https://github.com/nystudio107/craft-seomatic/commit/3fee7d50147cdf3f999cfc1e04cbc3fb3d9f2f7d
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/nystudio107/craft-seomatic/commit/3fee7d50147cdf3f999cfc1e04cbc3fb3d9f2f7d
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41749
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-41749
5
reference_url https://github.com/advisories/GHSA-g7xr-v82w-qggq
reference_id GHSA-g7xr-v82w-qggq
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g7xr-v82w-qggq
fixed_packages
0
url pkg:composer/nystudio107/craft-seomatic@3.4.11
purl pkg:composer/nystudio107/craft-seomatic@3.4.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qjyr-4hen-gbhm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/nystudio107/craft-seomatic@3.4.11
1
url pkg:composer/nystudio107/craft-seomatic@3.4.12
purl pkg:composer/nystudio107/craft-seomatic@3.4.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pnen-ufkp-pqct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/nystudio107/craft-seomatic@3.4.12
aliases CVE-2021-41749, GHSA-g7xr-v82w-qggq
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qjyr-4hen-gbhm
Risk_score4.4
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/nystudio107/craft-seomatic@3.4.12