Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/com.vaadin/vaadin@23.0.0
Typemaven
Namespacecom.vaadin
Namevaadin
Version23.0.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version23.0.9
Latest_non_vulnerable_version25.0.2
Affected_by_vulnerabilities
0
url VCID-bu4z-98dk-gugn
vulnerability_id VCID-bu4z-98dk-gugn
summary 
Vaadin Platform possible file bypass via upload validation on the server-side
When the Vaadin Upload's start listener is used to validate metadata about an incoming upload, it is possible to bypass the upload validation. Users of affected versions should apply the upgrade to a more recent Vaadin version.
references
0
reference_url https://github.com/vaadin/flow-components/commit/bfe9e507cdcc5d90a2312c8f0162f798a29ba635
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/S:N/AU:N/R:U/V:D/RE:L/U:Green
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/flow-components/commit/bfe9e507cdcc5d90a2312c8f0162f798a29ba635
1
reference_url https://github.com/vaadin/flow-components/pull/7616
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/S:N/AU:N/R:U/V:D/RE:L/U:Green
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/flow-components/pull/7616
2
reference_url https://github.com/vaadin/platform
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/S:N/AU:N/R:U/V:D/RE:L/U:Green
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/platform
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-9467
reference_id CVE-2025-9467
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/S:N/AU:N/R:U/V:D/RE:L/U:Green
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-9467
4
reference_url https://vaadin.com/security/cve-2025-9467
reference_id CVE-2025-9467
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/S:N/AU:N/R:U/V:D/RE:L/U:Green
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://vaadin.com/security/cve-2025-9467
5
reference_url https://github.com/advisories/GHSA-c7v7-rqfm-f44j
reference_id GHSA-c7v7-rqfm-f44j
reference_type
scores
url https://github.com/advisories/GHSA-c7v7-rqfm-f44j
6
reference_url https://github.com/vaadin/platform/security/advisories/GHSA-c7v7-rqfm-f44j
reference_id GHSA-c7v7-rqfm-f44j
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/S:N/AU:N/R:U/V:D/RE:L/U:Green
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/platform/security/advisories/GHSA-c7v7-rqfm-f44j
fixed_packages
0
url pkg:maven/com.vaadin/vaadin@23.6.2
purl pkg:maven/com.vaadin/vaadin@23.6.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin@23.6.2
1
url pkg:maven/com.vaadin/vaadin@24.7.7
purl pkg:maven/com.vaadin/vaadin@24.7.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin@24.7.7
aliases GHSA-c7v7-rqfm-f44j
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bu4z-98dk-gugn
1
url VCID-qdgn-1rqg-vuae
vulnerability_id VCID-qdgn-1rqg-vuae
summary 
Exposure of Sensitive Information to an Unauthorized Actor
When adding non-visible components to the UI in server side, content is sent to the browser in Vaadin 10.0.0 through 10.0.22, 11.0.0 through 14.10.0, 15.0.0 through 22.0.28, 23.0.0 through 23.3.12, 24.0.0 through 24.0.5 and 24.1.0.alpha1 to 24.1.0.beta1, resulting in potential information disclosure.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-25499
reference_id
reference_type
scores
0
value 0.00243
scoring_system epss
scoring_elements 0.4775
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-25499
1
reference_url https://github.com/vaadin/flow/pull/15885
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/flow/pull/15885
2
reference_url https://github.com/vaadin/platform
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/platform
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-25499
reference_id CVE-2023-25499
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-25499
4
reference_url https://vaadin.com/security/CVE-2023-25499
reference_id CVE-2023-25499
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://vaadin.com/security/CVE-2023-25499
5
reference_url https://github.com/advisories/GHSA-5f9v-mv5g-jh5q
reference_id GHSA-5f9v-mv5g-jh5q
reference_type
scores
url https://github.com/advisories/GHSA-5f9v-mv5g-jh5q
6
reference_url https://github.com/vaadin/platform/security/advisories/GHSA-5f9v-mv5g-jh5q
reference_id GHSA-5f9v-mv5g-jh5q
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/platform/security/advisories/GHSA-5f9v-mv5g-jh5q
fixed_packages
0
url pkg:maven/com.vaadin/vaadin@23.3.13
purl pkg:maven/com.vaadin/vaadin@23.3.13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin@23.3.13
1
url pkg:maven/com.vaadin/vaadin@24.0.6
purl pkg:maven/com.vaadin/vaadin@24.0.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin@24.0.6
2
url pkg:maven/com.vaadin/vaadin@24.1.0
purl pkg:maven/com.vaadin/vaadin@24.1.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin@24.1.0
aliases CVE-2023-25499, GHSA-5f9v-mv5g-jh5q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qdgn-1rqg-vuae
2
url VCID-tfwa-kphb-j3b8
vulnerability_id VCID-tfwa-kphb-j3b8
summary 
Exposure of Sensitive Information to an Unauthorized Actor
Possible information disclosure in Vaadin 10.0.0 to 10.0.23, 11.0.0 to 14.10.1, 15.0.0 to 22.0.28, 23.0.0 to 23.3.13, 24.0.0 to 24.0.6, 24.1.0.alpha1 to 24.1.0.rc2, resulting in potential information disclosure of class and method names in RPC responses by sending modified requests.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-25500
reference_id
reference_type
scores
0
value 0.00305
scoring_system epss
scoring_elements 0.54068
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-25500
1
reference_url https://github.com/vaadin/flow/pull/16935
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/flow/pull/16935
2
reference_url https://github.com/vaadin/platform
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/platform
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-25500
reference_id CVE-2023-25500
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-25500
4
reference_url https://vaadin.com/security/cve-2023-25500
reference_id CVE-2023-25500
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://vaadin.com/security/cve-2023-25500
5
reference_url https://github.com/advisories/GHSA-ch48-9r3q-pv7x
reference_id GHSA-ch48-9r3q-pv7x
reference_type
scores
url https://github.com/advisories/GHSA-ch48-9r3q-pv7x
6
reference_url https://github.com/vaadin/platform/security/advisories/GHSA-ch48-9r3q-pv7x
reference_id GHSA-ch48-9r3q-pv7x
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/platform/security/advisories/GHSA-ch48-9r3q-pv7x
fixed_packages
0
url pkg:maven/com.vaadin/vaadin@23.3.14
purl pkg:maven/com.vaadin/vaadin@23.3.14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin@23.3.14
1
url pkg:maven/com.vaadin/vaadin@24.0.7
purl pkg:maven/com.vaadin/vaadin@24.0.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin@24.0.7
2
url pkg:maven/com.vaadin/vaadin@24.1.0
purl pkg:maven/com.vaadin/vaadin@24.1.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin@24.1.0
aliases CVE-2023-25500, GHSA-ch48-9r3q-pv7x
risk_score 1.6
exploitability 0.5
weighted_severity 3.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tfwa-kphb-j3b8
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin@23.0.0