Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.hibernate/hibernate-validator@5.4.0.Beta1
Typemaven
Namespaceorg.hibernate
Namehibernate-validator
Version5.4.0.Beta1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.2.0.Final
Latest_non_vulnerable_version7.0.0.CR1
Affected_by_vulnerabilities
0
url VCID-gghq-w7r9-57hs
vulnerability_id VCID-gghq-w7r9-57hs
summary 
hibernate-validator Cross-site Scripting vulnerability
A flaw was found in hibernate-validator's 'isValid' method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed by omitting the tag ending in a less-than character. Browsers may render an invalid html, allowing HTML injection or Cross-Site-Scripting (XSS) attacks.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1932.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1932.json
1
reference_url https://access.redhat.com/security/cve/CVE-2023-1932
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:09:13Z/
url https://access.redhat.com/security/cve/CVE-2023-1932
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1932
reference_id
reference_type
scores
0
value 0.00846
scoring_system epss
scoring_elements 0.74868
published_at 2026-04-18T12:55:00Z
1
value 0.00846
scoring_system epss
scoring_elements 0.74783
published_at 2026-04-02T12:55:00Z
2
value 0.00846
scoring_system epss
scoring_elements 0.74811
published_at 2026-04-04T12:55:00Z
3
value 0.00846
scoring_system epss
scoring_elements 0.74784
published_at 2026-04-07T12:55:00Z
4
value 0.00846
scoring_system epss
scoring_elements 0.74817
published_at 2026-04-08T12:55:00Z
5
value 0.00846
scoring_system epss
scoring_elements 0.74831
published_at 2026-04-09T12:55:00Z
6
value 0.00846
scoring_system epss
scoring_elements 0.74855
published_at 2026-04-11T12:55:00Z
7
value 0.00846
scoring_system epss
scoring_elements 0.74834
published_at 2026-04-12T12:55:00Z
8
value 0.00846
scoring_system epss
scoring_elements 0.74824
published_at 2026-04-13T12:55:00Z
9
value 0.00846
scoring_system epss
scoring_elements 0.7486
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1932
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1809444
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:09:13Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=1809444
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1932
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1932
5
reference_url https://github.com/hibernate/hibernate-validator
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hibernate/hibernate-validator
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-1932
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-1932
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063540
reference_id 1063540
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063540
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_broker:7
reference_id cpe:/a:redhat:amq_broker:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_broker:7
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:a_mq_clients:2
reference_id cpe:/a:redhat:a_mq_clients:2
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:a_mq_clients:2
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_online:1
reference_id cpe:/a:redhat:amq_online:1
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_online:1
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_streams:1
reference_id cpe:/a:redhat:amq_streams:1
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_streams:1
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:cryostat:2
reference_id cpe:/a:redhat:cryostat:2
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:cryostat:2
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
reference_id cpe:/a:redhat:jboss_data_grid:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
reference_id cpe:/a:redhat:jboss_data_grid:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_virtualization:6
reference_id cpe:/a:redhat:jboss_data_virtualization:6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_virtualization:6
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_developer_studio:12.
reference_id cpe:/a:redhat:jboss_developer_studio:12.
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_developer_studio:12.
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:5
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:5
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:5
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_cd
reference_id cpe:/a:redhat:jboss_enterprise_application_platform_cd
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_cd
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:6
reference_id cpe:/a:redhat:jboss_enterprise_bpms_platform:6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:6
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_id cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:5
reference_id cpe:/a:redhat:jboss_enterprise_brms_platform:5
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:5
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7
reference_id cpe:/a:redhat:jboss_enterprise_brms_platform:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_soa_platform:5
reference_id cpe:/a:redhat:jboss_enterprise_soa_platform:5
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_soa_platform:5
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:6
reference_id cpe:/a:redhat:jboss_fuse:6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:6
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
reference_id cpe:/a:redhat:jboss_fuse:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse_service_works:6
reference_id cpe:/a:redhat:jboss_fuse_service_works:6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse_service_works:6
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_operations_network:3
reference_id cpe:/a:redhat:jboss_operations_network:3
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_operations_network:3
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_application_runtimes:1.0
reference_id cpe:/a:redhat:openshift_application_runtimes:1.0
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_application_runtimes:1.0
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack:10
reference_id cpe:/a:redhat:openstack:10
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack:10
32
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack:13
reference_id cpe:/a:redhat:openstack:13
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack:13
33
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
34
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6
reference_id cpe:/a:redhat:satellite:6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6
35
reference_url https://github.com/advisories/GHSA-x83m-pf6f-pf9g
reference_id GHSA-x83m-pf6f-pf9g
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x83m-pf6f-pf9g
fixed_packages
0
url pkg:maven/org.hibernate/hibernate-validator@6.2.0.Final
purl pkg:maven/org.hibernate/hibernate-validator@6.2.0.Final
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.hibernate/hibernate-validator@6.2.0.Final
aliases CVE-2023-1932, GHSA-x83m-pf6f-pf9g
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gghq-w7r9-57hs
1
url VCID-gvv3-4r9v-7kau
vulnerability_id VCID-gvv3-4r9v-7kau
summary 
Hibernate Validator may interpolate user-supplied input in a constraint violation message with Expression Language
Hibernate Validator before 6.2.0 and 7.0.0, by default and depending how it is used, may interpolate user-supplied input in a constraint violation message with Expression Language. This could allow an attacker to access sensitive information or execute arbitrary Java code. Hibernate Validator as of 6.2.0 and 7.0.0 no longer interpolates custom constraint violation messages with Expression Language and strongly recommends not allowing user-supplied input in constraint violation messages. CVE-2020-5245 and CVE-2025-4428 are examples of related, downstream vulnerabilities involving Expression Language intepolation of user-supplied data.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-35036.json
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-35036.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-35036
reference_id
reference_type
scores
0
value 0.01693
scoring_system epss
scoring_elements 0.82289
published_at 2026-04-18T12:55:00Z
1
value 0.01693
scoring_system epss
scoring_elements 0.8229
published_at 2026-04-16T12:55:00Z
2
value 0.01693
scoring_system epss
scoring_elements 0.82253
published_at 2026-04-13T12:55:00Z
3
value 0.01693
scoring_system epss
scoring_elements 0.82259
published_at 2026-04-12T12:55:00Z
4
value 0.01693
scoring_system epss
scoring_elements 0.82196
published_at 2026-04-02T12:55:00Z
5
value 0.01693
scoring_system epss
scoring_elements 0.82217
published_at 2026-04-04T12:55:00Z
6
value 0.01693
scoring_system epss
scoring_elements 0.82212
published_at 2026-04-07T12:55:00Z
7
value 0.01693
scoring_system epss
scoring_elements 0.82239
published_at 2026-04-08T12:55:00Z
8
value 0.01693
scoring_system epss
scoring_elements 0.82246
published_at 2026-04-09T12:55:00Z
9
value 0.01693
scoring_system epss
scoring_elements 0.82266
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-35036
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-35036
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-35036
3
reference_url https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-03T18:00:12Z/
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:41:11Z/
url https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext
4
reference_url https://github.com/hibernate/hibernate-validator
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hibernate/hibernate-validator
5
reference_url https://github.com/hibernate/hibernate-validator/commit/05f795bb7cf18856004f40e5042709e550ed0d6e
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-03T18:00:12Z/
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:41:11Z/
url https://github.com/hibernate/hibernate-validator/commit/05f795bb7cf18856004f40e5042709e550ed0d6e
6
reference_url https://github.com/hibernate/hibernate-validator/commit/254858d9dcc4e7cd775d1b0f47f482218077c5e1
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-03T18:00:12Z/
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:41:11Z/
url https://github.com/hibernate/hibernate-validator/commit/254858d9dcc4e7cd775d1b0f47f482218077c5e1
7
reference_url https://github.com/hibernate/hibernate-validator/commit/d2db40b9e7d22c7a0b44d7665242dfc7b4d14d78
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:41:11Z/
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-03T18:00:12Z/
url https://github.com/hibernate/hibernate-validator/commit/d2db40b9e7d22c7a0b44d7665242dfc7b4d14d78
8
reference_url https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:41:11Z/
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-03T18:00:12Z/
url https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893
9
reference_url https://github.com/hibernate/hibernate-validator/compare/6.1.7.Final...6.2.0.Final
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:41:11Z/
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-03T18:00:12Z/
url https://github.com/hibernate/hibernate-validator/compare/6.1.7.Final...6.2.0.Final
10
reference_url https://github.com/hibernate/hibernate-validator/pull/1138
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-03T18:00:12Z/
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:41:11Z/
url https://github.com/hibernate/hibernate-validator/pull/1138
11
reference_url https://hibernate.atlassian.net/browse/HV-1816
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-03T18:00:12Z/
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:41:11Z/
url https://hibernate.atlassian.net/browse/HV-1816
12
reference_url https://hibernate.org/validator/documentation/migration-guide/#6-2-0-cr1
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-03T18:00:12Z/
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:41:11Z/
url https://hibernate.org/validator/documentation/migration-guide/#6-2-0-cr1
13
reference_url https://in.relation.to/2021/01/06/hibernate-validator-700-62-final-released/#expression-language
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:41:11Z/
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-03T18:00:12Z/
url https://in.relation.to/2021/01/06/hibernate-validator-700-62-final-released/#expression-language
14
reference_url https://labs.watchtowr.com/expression-payloads-meet-mayhem-cve-2025-4427-and-cve-2025-4428
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://labs.watchtowr.com/expression-payloads-meet-mayhem-cve-2025-4427-and-cve-2025-4428
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-35036
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-35036
16
reference_url https://www.cve.org/CVERecord?id=CVE-2020-5245
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-03T18:00:12Z/
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:41:11Z/
url https://www.cve.org/CVERecord?id=CVE-2020-5245
17
reference_url https://www.cve.org/CVERecord?id=CVE-2025-4428
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-03T18:00:12Z/
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:41:11Z/
url https://www.cve.org/CVERecord?id=CVE-2025-4428
18
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107517
reference_id 1107517
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107517
19
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107518
reference_id 1107518
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107518
20
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2370118
reference_id 2370118
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2370118
21
reference_url https://labs.watchtowr.com/expression-payloads-meet-mayhem-cve-2025-4427-and-cve-2025-4428/
reference_id expression-payloads-meet-mayhem-cve-2025-4427-and-cve-2025-4428
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:41:11Z/
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-03T18:00:12Z/
url https://labs.watchtowr.com/expression-payloads-meet-mayhem-cve-2025-4427-and-cve-2025-4428/
22
reference_url https://github.com/advisories/GHSA-7v6m-28jr-rg84
reference_id GHSA-7v6m-28jr-rg84
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7v6m-28jr-rg84
23
reference_url https://access.redhat.com/errata/RHSA-2025:10931
reference_id RHSA-2025:10931
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:10931
fixed_packages
0
url pkg:maven/org.hibernate/hibernate-validator@6.2.0.CR1
purl pkg:maven/org.hibernate/hibernate-validator@6.2.0.CR1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gghq-w7r9-57hs
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.hibernate/hibernate-validator@6.2.0.CR1
1
url pkg:maven/org.hibernate/hibernate-validator@7.0.0.CR1
purl pkg:maven/org.hibernate/hibernate-validator@7.0.0.CR1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.hibernate/hibernate-validator@7.0.0.CR1
aliases CVE-2025-35036, GHSA-7v6m-28jr-rg84
risk_score 3.3
exploitability 0.5
weighted_severity 6.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gvv3-4r9v-7kau
Fixing_vulnerabilities
Risk_score3.3
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.hibernate/hibernate-validator@5.4.0.Beta1