Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/net.sourceforge.pmd/pmd-core@5.8.1
Typemaven
Namespacenet.sourceforge.pmd
Namepmd-core
Version5.8.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version7.22.0
Latest_non_vulnerable_version7.22.0
Affected_by_vulnerabilities
0
url VCID-5qps-qejj-pybk
vulnerability_id VCID-5qps-qejj-pybk
summary 
PMD Designer has Stored XSS in VBHTMLRenderer and YAHTMLRenderer via unescaped violation messages
PMD's `vbhtml` and `yahtml` report formats insert rule violation messages into HTML output without escaping. When PMD analyzes untrusted source code containing crafted string literals, the generated HTML report contains executable JavaScript that runs when opened in a browser.

While the default `html` format is not affected via rule violation messages (it correctly uses `StringEscapeUtils.escapeHtml4()`), it has a similar problem when rendering suppressed violations. The user supplied message (the reason for the suppression) was not escaped.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-28338
reference_id
reference_type
scores
0
value 0.00022
scoring_system epss
scoring_elements 0.06474
published_at 2026-06-07T12:55:00Z
1
value 0.00022
scoring_system epss
scoring_elements 0.06484
published_at 2026-06-06T12:55:00Z
2
value 0.00022
scoring_system epss
scoring_elements 0.0649
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-28338
1
reference_url https://github.com/pmd/pmd
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pmd/pmd
2
reference_url https://github.com/pmd/pmd/commit/c140c0e1de5853a08efb84c9f91dfeb015882442
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-03T20:25:54Z/
url https://github.com/pmd/pmd/commit/c140c0e1de5853a08efb84c9f91dfeb015882442
3
reference_url https://github.com/pmd/pmd/pull/6475
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-03T20:25:54Z/
url https://github.com/pmd/pmd/pull/6475
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-28338
reference_id CVE-2026-28338
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-28338
5
reference_url https://github.com/advisories/GHSA-8rr6-2qw5-pc7r
reference_id GHSA-8rr6-2qw5-pc7r
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8rr6-2qw5-pc7r
6
reference_url https://github.com/pmd/pmd/security/advisories/GHSA-8rr6-2qw5-pc7r
reference_id GHSA-8rr6-2qw5-pc7r
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-03T20:25:54Z/
url https://github.com/pmd/pmd/security/advisories/GHSA-8rr6-2qw5-pc7r
fixed_packages
0
url pkg:maven/net.sourceforge.pmd/pmd-core@7.22.0
purl pkg:maven/net.sourceforge.pmd/pmd-core@7.22.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/net.sourceforge.pmd/pmd-core@7.22.0
aliases CVE-2026-28338, GHSA-8rr6-2qw5-pc7r
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5qps-qejj-pybk
1
url VCID-frtg-nj69-aych
vulnerability_id VCID-frtg-nj69-aych
summary 
Improper Restriction of XML External Entity Reference
PMD processes XML external entities in ruleset files it parses as part of the analysis process, allowing attackers tampering it (either by direct modification or MITM attacks when using remote rulesets) to perform information disclosure, denial of service, or request forgery attacks.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-7722
reference_id
reference_type
scores
0
value 0.00451
scoring_system epss
scoring_elements 0.6403
published_at 2026-06-04T12:55:00Z
1
value 0.00451
scoring_system epss
scoring_elements 0.64069
published_at 2026-06-07T12:55:00Z
2
value 0.00451
scoring_system epss
scoring_elements 0.6408
published_at 2026-06-06T12:55:00Z
3
value 0.00451
scoring_system epss
scoring_elements 0.64071
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-7722
1
reference_url https://github.com/pmd/pmd
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pmd/pmd
2
reference_url https://github.com/pmd/pmd/issues/1650
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pmd/pmd/issues/1650
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-7722
reference_id CVE-2019-7722
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-7722
4
reference_url https://github.com/advisories/GHSA-57qj-79gh-69w8
reference_id GHSA-57qj-79gh-69w8
reference_type
scores
url https://github.com/advisories/GHSA-57qj-79gh-69w8
fixed_packages
0
url pkg:maven/net.sourceforge.pmd/pmd-core@6.0.0
purl pkg:maven/net.sourceforge.pmd/pmd-core@6.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5qps-qejj-pybk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/net.sourceforge.pmd/pmd-core@6.0.0
aliases CVE-2019-7722, GHSA-57qj-79gh-69w8
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-frtg-nj69-aych
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/net.sourceforge.pmd/pmd-core@5.8.1