Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/roundup@1.4.20
Typepypi
Namespace
Nameroundup
Version1.4.20
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.5.0
Latest_non_vulnerable_version2.5.0
Affected_by_vulnerabilities
0
url VCID-csmv-58s1-5bde
vulnerability_id VCID-csmv-58s1-5bde
summary Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and roundup/cgi/wsgi_handler.py mishandle 404 errors.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10904
reference_id
reference_type
scores
0
value 0.00595
scoring_system epss
scoring_elements 0.69649
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10904
1
reference_url https://bugs.python.org/issue36391
reference_id
reference_type
scores
url https://bugs.python.org/issue36391
2
reference_url https://github.com/advisories/GHSA-926q-wxr6-3crq
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-926q-wxr6-3crq
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2019-201.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2019-201.yaml
4
reference_url https://github.com/python/bugs.python.org/issues/34
reference_id
reference_type
scores
url https://github.com/python/bugs.python.org/issues/34
5
reference_url https://github.com/roundup-tracker/roundup
reference_id
reference_type
scores
url https://github.com/roundup-tracker/roundup
6
reference_url https://lists.debian.org/debian-lts-announce/2019/04/msg00009.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2019/04/msg00009.html
7
reference_url https://pypi.org/project/roundup/2.0.0alpha0
reference_id
reference_type
scores
url https://pypi.org/project/roundup/2.0.0alpha0
8
reference_url https://www.openwall.com/lists/oss-security/2019/04/05/1
reference_id
reference_type
scores
url https://www.openwall.com/lists/oss-security/2019/04/05/1
9
reference_url http://www.openwall.com/lists/oss-security/2019/04/07/1
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2019/04/07/1
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10904
reference_id CVE-2019-10904
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2019-10904
fixed_packages
0
url pkg:pypi/roundup@2.0.0a0
purl pkg:pypi/roundup@2.0.0a0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-csmv-58s1-5bde
1
vulnerability VCID-ntht-6gus-87cv
2
vulnerability VCID-uk8q-2vzm-hbhu
3
vulnerability VCID-wjqt-h4bh-gbgr
4
vulnerability VCID-zk4h-xznt-n3c3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/roundup@2.0.0a0
1
url pkg:pypi/roundup@2.0.0
purl pkg:pypi/roundup@2.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ntht-6gus-87cv
1
vulnerability VCID-uk8q-2vzm-hbhu
2
vulnerability VCID-wjqt-h4bh-gbgr
3
vulnerability VCID-zk4h-xznt-n3c3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/roundup@2.0.0
aliases CVE-2019-10904, GHSA-926q-wxr6-3crq, PYSEC-2019-201
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-csmv-58s1-5bde
1
url VCID-fg7q-khn3-q7hr
vulnerability_id VCID-fg7q-khn3-q7hr
summary schema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing user details.
references
0
reference_url http://hg.code.sf.net/p/roundup/code/rev/a403c29ffaf9
reference_id
reference_type
scores
url http://hg.code.sf.net/p/roundup/code/rev/a403c29ffaf9
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-6276
reference_id
reference_type
scores
0
value 0.0013
scoring_system epss
scoring_elements 0.32171
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-6276
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2016-33.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2016-33.yaml
3
reference_url https://github.com/roundup-tracker/roundup
reference_id
reference_type
scores
url https://github.com/roundup-tracker/roundup
4
reference_url https://sourceforge.net/p/roundup/code/ci/tip/tree/CHANGES.txt
reference_id
reference_type
scores
url https://sourceforge.net/p/roundup/code/ci/tip/tree/CHANGES.txt
5
reference_url http://www.debian.org/security/2016/dsa-3502
reference_id
reference_type
scores
url http://www.debian.org/security/2016/dsa-3502
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-6276
reference_id CVE-2014-6276
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2014-6276
7
reference_url https://github.com/advisories/GHSA-j556-q367-2gw6
reference_id GHSA-j556-q367-2gw6
reference_type
scores
url https://github.com/advisories/GHSA-j556-q367-2gw6
fixed_packages
0
url pkg:pypi/roundup@1.5.1
purl pkg:pypi/roundup@1.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-csmv-58s1-5bde
1
vulnerability VCID-ntht-6gus-87cv
2
vulnerability VCID-uk8q-2vzm-hbhu
3
vulnerability VCID-wjqt-h4bh-gbgr
4
vulnerability VCID-zk4h-xznt-n3c3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/roundup@1.5.1
aliases CVE-2014-6276, GHSA-j556-q367-2gw6, PYSEC-2016-33
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fg7q-khn3-q7hr
2
url VCID-ntht-6gus-87cv
vulnerability_id VCID-ntht-6gus-87cv
summary In Roundup before 2.5.0, XSS can occur via interaction between URLs and issue tracker templates (devel and responsive).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-53865
reference_id
reference_type
scores
0
value 0.00172
scoring_system epss
scoring_elements 0.38404
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-53865
1
reference_url https://www.roundup-tracker.org/docs/security.html
reference_id
reference_type
scores
url https://www.roundup-tracker.org/docs/security.html
2
reference_url https://www.roundup-tracker.org/docs/upgrading.html#cve-2025-53865
reference_id
reference_type
scores
url https://www.roundup-tracker.org/docs/upgrading.html#cve-2025-53865
fixed_packages
0
url pkg:pypi/roundup@2.5.0
purl pkg:pypi/roundup@2.5.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/roundup@2.5.0
aliases CVE-2025-53865, PYSEC-2025-69
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ntht-6gus-87cv
3
url VCID-uk8q-2vzm-hbhu
vulnerability_id VCID-uk8q-2vzm-hbhu
summary Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-39126
reference_id
reference_type
scores
0
value 0.00927
scoring_system epss
scoring_elements 0.76407
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-39126
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2024-65.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2024-65.yaml
2
reference_url https://github.com/roundup-tracker/roundup/commit/860e3c8d07b05b77c6cdf5d0b6e7dbfe51b11631
reference_id
reference_type
scores
url https://github.com/roundup-tracker/roundup/commit/860e3c8d07b05b77c6cdf5d0b6e7dbfe51b11631
3
reference_url https://www.roundup-tracker.org
reference_id
reference_type
scores
url https://www.roundup-tracker.org
4
reference_url https://www.roundup-tracker.org/docs/security.html#cve-announcements
reference_id
reference_type
scores
url https://www.roundup-tracker.org/docs/security.html#cve-announcements
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-39126
reference_id CVE-2024-39126
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-39126
6
reference_url https://github.com/advisories/GHSA-x37x-qf4v-f54f
reference_id GHSA-x37x-qf4v-f54f
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x37x-qf4v-f54f
fixed_packages
0
url pkg:pypi/roundup@2.4.0
purl pkg:pypi/roundup@2.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ntht-6gus-87cv
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/roundup@2.4.0
aliases CVE-2024-39126, GHSA-x37x-qf4v-f54f, PYSEC-2024-65
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uk8q-2vzm-hbhu
4
url VCID-wjqt-h4bh-gbgr
vulnerability_id VCID-wjqt-h4bh-gbgr
summary In Roundup before 2.4.0, classhelpers (_generic.help.html) allow XSS.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-39124
reference_id
reference_type
scores
0
value 0.00729
scoring_system epss
scoring_elements 0.7297
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-39124
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2024-63.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2024-63.yaml
2
reference_url https://github.com/roundup-tracker/roundup/commit/860e3c8d07b05b77c6cdf5d0b6e7dbfe51b11631
reference_id
reference_type
scores
url https://github.com/roundup-tracker/roundup/commit/860e3c8d07b05b77c6cdf5d0b6e7dbfe51b11631
3
reference_url https://www.roundup-tracker.org
reference_id
reference_type
scores
url https://www.roundup-tracker.org
4
reference_url https://www.roundup-tracker.org/
reference_id
reference_type
scores
url https://www.roundup-tracker.org/
5
reference_url https://www.roundup-tracker.org/docs/security.html#cve-announcements
reference_id
reference_type
scores
url https://www.roundup-tracker.org/docs/security.html#cve-announcements
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-39124
reference_id CVE-2024-39124
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-39124
7
reference_url https://github.com/advisories/GHSA-w8vc-cwv9-wx67
reference_id GHSA-w8vc-cwv9-wx67
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w8vc-cwv9-wx67
fixed_packages
0
url pkg:pypi/roundup@2.4.0
purl pkg:pypi/roundup@2.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ntht-6gus-87cv
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/roundup@2.4.0
aliases CVE-2024-39124, GHSA-w8vc-cwv9-wx67, PYSEC-2024-63
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wjqt-h4bh-gbgr
5
url VCID-zk4h-xznt-n3c3
vulnerability_id VCID-zk4h-xznt-n3c3
summary Roundup before 2.4.0 allows XSS via a SCRIPT element in an HTTP Referer header.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-39125
reference_id
reference_type
scores
0
value 0.00729
scoring_system epss
scoring_elements 0.7297
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-39125
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2024-64.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2024-64.yaml
2
reference_url https://github.com/roundup-tracker/roundup/commit/860e3c8d07b05b77c6cdf5d0b6e7dbfe51b11631
reference_id
reference_type
scores
url https://github.com/roundup-tracker/roundup/commit/860e3c8d07b05b77c6cdf5d0b6e7dbfe51b11631
3
reference_url https://www.roundup-tracker.org
reference_id
reference_type
scores
url https://www.roundup-tracker.org
4
reference_url https://www.roundup-tracker.org/docs/security.html#cve-announcements
reference_id
reference_type
scores
url https://www.roundup-tracker.org/docs/security.html#cve-announcements
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-39125
reference_id CVE-2024-39125
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-39125
6
reference_url https://github.com/advisories/GHSA-xjgw-ghrx-wfff
reference_id GHSA-xjgw-ghrx-wfff
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xjgw-ghrx-wfff
fixed_packages
0
url pkg:pypi/roundup@2.4.0
purl pkg:pypi/roundup@2.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ntht-6gus-87cv
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/roundup@2.4.0
aliases CVE-2024-39125, GHSA-xjgw-ghrx-wfff, PYSEC-2024-64
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zk4h-xznt-n3c3
Fixing_vulnerabilities
0
url VCID-3tr4-c65w-fbay
vulnerability_id VCID-3tr4-c65w-fbay
summary Cross-site scripting (XSS) vulnerability in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the otk parameter.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-6132
reference_id
reference_type
scores
0
value 0.00256
scoring_system epss
scoring_elements 0.49124
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-6132
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=722672
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=722672
2
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/84191
reference_id
reference_type
scores
url https://exchange.xforce.ibmcloud.com/vulnerabilities/84191
3
reference_url http://www.openwall.com/lists/oss-security/2012/11/10/2
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2012/11/10/2
4
reference_url http://www.openwall.com/lists/oss-security/2013/02/13/8
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2013/02/13/8
fixed_packages
0
url pkg:pypi/roundup@1.4.20
purl pkg:pypi/roundup@1.4.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-csmv-58s1-5bde
1
vulnerability VCID-fg7q-khn3-q7hr
2
vulnerability VCID-ntht-6gus-87cv
3
vulnerability VCID-uk8q-2vzm-hbhu
4
vulnerability VCID-wjqt-h4bh-gbgr
5
vulnerability VCID-zk4h-xznt-n3c3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/roundup@1.4.20
aliases CVE-2012-6132, PYSEC-2014-96
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3tr4-c65w-fbay
1
url VCID-bqn7-yjp5-6yf6
vulnerability_id VCID-bqn7-yjp5-6yf6
summary Multiple cross-site scripting (XSS) vulnerabilities in Roundup before 1.4.20 allow remote attackers to inject arbitrary web script or HTML via the (1) @ok_message or (2) @error_message parameter to issue*.
references
0
reference_url http://issues.roundup-tracker.org/issue2550724
reference_id
reference_type
scores
url http://issues.roundup-tracker.org/issue2550724
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-6133
reference_id
reference_type
scores
0
value 0.00479
scoring_system epss
scoring_elements 0.65346
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-6133
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=722672
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=722672
3
reference_url https://github.com/advisories/GHSA-5jq3-8437-x35p
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5jq3-8437-x35p
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2020-212.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2020-212.yaml
5
reference_url https://pypi.python.org/pypi/roundup/1.4.20
reference_id
reference_type
scores
url https://pypi.python.org/pypi/roundup/1.4.20
6
reference_url http://www.openwall.com/lists/oss-security/2012/11/10/2
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2012/11/10/2
7
reference_url http://www.openwall.com/lists/oss-security/2013/02/13/8
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2013/02/13/8
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-6133
reference_id CVE-2012-6133
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2012-6133
fixed_packages
0
url pkg:pypi/roundup@1.4.20
purl pkg:pypi/roundup@1.4.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-csmv-58s1-5bde
1
vulnerability VCID-fg7q-khn3-q7hr
2
vulnerability VCID-ntht-6gus-87cv
3
vulnerability VCID-uk8q-2vzm-hbhu
4
vulnerability VCID-wjqt-h4bh-gbgr
5
vulnerability VCID-zk4h-xznt-n3c3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/roundup@1.4.20
aliases CVE-2012-6133, GHSA-5jq3-8437-x35p, PYSEC-2020-212
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bqn7-yjp5-6yf6
2
url VCID-mmv7-4kw7-kbex
vulnerability_id VCID-mmv7-4kw7-kbex
summary Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the @action parameter to support/issue1.
references
0
reference_url http://issues.roundup-tracker.org/issue2550711
reference_id
reference_type
scores
url http://issues.roundup-tracker.org/issue2550711
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-6131
reference_id
reference_type
scores
0
value 0.00407
scoring_system epss
scoring_elements 0.61417
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-6131
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=722672
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=722672
3
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/84190
reference_id
reference_type
scores
url https://exchange.xforce.ibmcloud.com/vulnerabilities/84190
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2014-16.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2014-16.yaml
5
reference_url https://github.com/roundup-tracker/roundup
reference_id
reference_type
scores
url https://github.com/roundup-tracker/roundup
6
reference_url https://github.com/roundup-tracker/roundup/commit/38193cc7d93567e04dae71cf526427473685d35e
reference_id
reference_type
scores
url https://github.com/roundup-tracker/roundup/commit/38193cc7d93567e04dae71cf526427473685d35e
7
reference_url https://github.com/roundup-tracker/roundup/commit/ea29de37416f5b2126b3249cdd6bf12e5098c646
reference_id
reference_type
scores
url https://github.com/roundup-tracker/roundup/commit/ea29de37416f5b2126b3249cdd6bf12e5098c646
8
reference_url https://pypi.python.org/pypi/roundup/1.4.20
reference_id
reference_type
scores
url https://pypi.python.org/pypi/roundup/1.4.20
9
reference_url http://www.openwall.com/lists/oss-security/2012/11/10/2
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2012/11/10/2
10
reference_url http://www.openwall.com/lists/oss-security/2013/02/13/8
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2013/02/13/8
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-6131
reference_id CVE-2012-6131
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2012-6131
12
reference_url https://github.com/advisories/GHSA-gw2q-cgvq-9g3v
reference_id GHSA-gw2q-cgvq-9g3v
reference_type
scores
url https://github.com/advisories/GHSA-gw2q-cgvq-9g3v
fixed_packages
0
url pkg:pypi/roundup@1.4.20
purl pkg:pypi/roundup@1.4.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-csmv-58s1-5bde
1
vulnerability VCID-fg7q-khn3-q7hr
2
vulnerability VCID-ntht-6gus-87cv
3
vulnerability VCID-uk8q-2vzm-hbhu
4
vulnerability VCID-wjqt-h4bh-gbgr
5
vulnerability VCID-zk4h-xznt-n3c3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/roundup@1.4.20
aliases CVE-2012-6131, GHSA-gw2q-cgvq-9g3v, PYSEC-2014-16
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mmv7-4kw7-kbex
3
url VCID-x33h-j6fk-g3hm
vulnerability_id VCID-x33h-j6fk-g3hm
summary Cross-site scripting (XSS) vulnerability in the history display in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via a username, related to generating a link.
references
0
reference_url http://issues.roundup-tracker.org/issue2550684
reference_id
reference_type
scores
url http://issues.roundup-tracker.org/issue2550684
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-6130
reference_id
reference_type
scores
0
value 0.00407
scoring_system epss
scoring_elements 0.61417
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-6130
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=722672
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=722672
3
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/84189
reference_id
reference_type
scores
url https://exchange.xforce.ibmcloud.com/vulnerabilities/84189
4
reference_url https://pypi.python.org/pypi/roundup/1.4.20
reference_id
reference_type
scores
url https://pypi.python.org/pypi/roundup/1.4.20
5
reference_url http://www.openwall.com/lists/oss-security/2012/11/10/2
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2012/11/10/2
6
reference_url http://www.openwall.com/lists/oss-security/2013/02/13/8
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2013/02/13/8
fixed_packages
0
url pkg:pypi/roundup@1.4.20
purl pkg:pypi/roundup@1.4.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-csmv-58s1-5bde
1
vulnerability VCID-fg7q-khn3-q7hr
2
vulnerability VCID-ntht-6gus-87cv
3
vulnerability VCID-uk8q-2vzm-hbhu
4
vulnerability VCID-wjqt-h4bh-gbgr
5
vulnerability VCID-zk4h-xznt-n3c3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/roundup@1.4.20
aliases CVE-2012-6130, PYSEC-2014-15
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x33h-j6fk-g3hm
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/roundup@1.4.20