Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/com.vaadin/vaadin@10.0.24

Type maven

Namespace com.vaadin

Name vaadin

Version 10.0.24

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 14.8.10

Latest_non_vulnerable_version 25.0.2

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-tfwa-kphb-j3b8

vulnerability_id VCID-tfwa-kphb-j3b8

summary

Exposure of Sensitive Information to an Unauthorized Actor
Possible information disclosure in Vaadin 10.0.0 to 10.0.23, 11.0.0 to 14.10.1, 15.0.0 to 22.0.28, 23.0.0 to 23.3.13, 24.0.0 to 24.0.6, 24.1.0.alpha1 to 24.1.0.rc2, resulting in potential information disclosure of class and method names in RPC responses by sending modified requests.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-25500

reference_id

reference_type

scores

value	0.00305
scoring_system	epss
scoring_elements	0.54068
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-25500

reference_url

https://github.com/vaadin/flow/pull/16935

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/vaadin/flow/pull/16935

reference_url

https://github.com/vaadin/platform

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/vaadin/platform

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-25500

reference_id

CVE-2023-25500

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-25500

reference_url

https://vaadin.com/security/cve-2023-25500

reference_id

CVE-2023-25500

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://vaadin.com/security/cve-2023-25500

reference_url	https://github.com/advisories/GHSA-ch48-9r3q-pv7x
reference_id	GHSA-ch48-9r3q-pv7x
reference_type
scores
url	https://github.com/advisories/GHSA-ch48-9r3q-pv7x

reference_url

https://github.com/vaadin/platform/security/advisories/GHSA-ch48-9r3q-pv7x

reference_id

GHSA-ch48-9r3q-pv7x

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/vaadin/platform/security/advisories/GHSA-ch48-9r3q-pv7x

fixed_packages

url	pkg:maven/com.vaadin/vaadin@10.0.24
purl	pkg:maven/com.vaadin/vaadin@10.0.24
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin@10.0.24

url	pkg:maven/com.vaadin/vaadin@14.10.2
purl	pkg:maven/com.vaadin/vaadin@14.10.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin@14.10.2

url	pkg:maven/com.vaadin/vaadin@22.1.0
purl	pkg:maven/com.vaadin/vaadin@22.1.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin@22.1.0

url	pkg:maven/com.vaadin/vaadin@23.3.14
purl	pkg:maven/com.vaadin/vaadin@23.3.14
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin@23.3.14

url	pkg:maven/com.vaadin/vaadin@24.0.7
purl	pkg:maven/com.vaadin/vaadin@24.0.7
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin@24.0.7

url	pkg:maven/com.vaadin/vaadin@24.1.0
purl	pkg:maven/com.vaadin/vaadin@24.1.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin@24.1.0

aliases CVE-2023-25500, GHSA-ch48-9r3q-pv7x

risk_score 1.6

exploitability 0.5

weighted_severity 3.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tfwa-kphb-j3b8

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin@10.0.24

Package Instance