Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/trytond@6.0.70
Typepypi
Namespace
Nametrytond
Version6.0.70
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version6.2.6
Latest_non_vulnerable_version7.6.11
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-7y7d-usj9-4bc4
vulnerability_id VCID-7y7d-usj9-4bc4
summary 
trytond does not enforce access rights for the route of the HTML editor.
Tryton trytond 6.0 before 7.6.11 does not enforce access rights for the route of the HTML editor. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-66423
reference_id
reference_type
scores
0
value 0.00043
scoring_system epss
scoring_elements 0.13737
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-66423
1
reference_url https://discuss.tryton.org/t/security-release-for-issue-14364/8952
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T13:33:32Z/
url https://discuss.tryton.org/t/security-release-for-issue-14364/8952
2
reference_url https://foss.heptapod.net/tryton/tryton/-/issues/14364
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T13:33:32Z/
url https://foss.heptapod.net/tryton/tryton/-/issues/14364
3
reference_url https://github.com/tryton/trytond
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/tryton/trytond
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121241
reference_id 1121241
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121241
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-66423
reference_id CVE-2025-66423
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-66423
6
reference_url https://github.com/advisories/GHSA-p3p5-xrmv-4j6x
reference_id GHSA-p3p5-xrmv-4j6x
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p3p5-xrmv-4j6x
fixed_packages
0
url pkg:pypi/trytond@6.0.70
purl pkg:pypi/trytond@6.0.70
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/trytond@6.0.70
1
url pkg:pypi/trytond@7.0.40
purl pkg:pypi/trytond@7.0.40
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/trytond@7.0.40
2
url pkg:pypi/trytond@7.4.21
purl pkg:pypi/trytond@7.4.21
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/trytond@7.4.21
3
url pkg:pypi/trytond@7.6.11
purl pkg:pypi/trytond@7.6.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/trytond@7.6.11
aliases CVE-2025-66423, GHSA-p3p5-xrmv-4j6x
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7y7d-usj9-4bc4
1
url VCID-aa7x-ejc8-7bfz
vulnerability_id VCID-aa7x-ejc8-7bfz
summary 
trytond does not enforce access rights for data export
Tryton trytond 6.0 before 7.6.11 does not enforce access rights for data export. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-66424
reference_id
reference_type
scores
0
value 0.00038
scoring_system epss
scoring_elements 0.11757
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-66424
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66424
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66424
2
reference_url https://discuss.tryton.org/t/security-release-for-issue-14366/8953
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T13:33:40Z/
url https://discuss.tryton.org/t/security-release-for-issue-14366/8953
3
reference_url https://foss.heptapod.net/tryton/tryton/-/issues/14366
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T13:33:40Z/
url https://foss.heptapod.net/tryton/tryton/-/issues/14366
4
reference_url https://github.com/tryton/trytond
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/tryton/trytond
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121243
reference_id 1121243
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121243
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-66424
reference_id CVE-2025-66424
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-66424
7
reference_url https://github.com/advisories/GHSA-2w93-qwpp-vgvj
reference_id GHSA-2w93-qwpp-vgvj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2w93-qwpp-vgvj
fixed_packages
0
url pkg:pypi/trytond@6.0.70
purl pkg:pypi/trytond@6.0.70
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/trytond@6.0.70
1
url pkg:pypi/trytond@7.0.40
purl pkg:pypi/trytond@7.0.40
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/trytond@7.0.40
2
url pkg:pypi/trytond@7.4.21
purl pkg:pypi/trytond@7.4.21
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/trytond@7.4.21
3
url pkg:pypi/trytond@7.6.11
purl pkg:pypi/trytond@7.6.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/trytond@7.6.11
aliases CVE-2025-66424, GHSA-2w93-qwpp-vgvj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-aa7x-ejc8-7bfz
2
url VCID-q985-c71n-9bb9
vulnerability_id VCID-q985-c71n-9bb9
summary 
trytond allows remote attackers to obtain sensitive trace-back (server setup) information
Tryton trytond before 7.6.11 allows remote attackers to obtain sensitive trace-back (server setup) information. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-66422
reference_id
reference_type
scores
0
value 0.00054
scoring_system epss
scoring_elements 0.17359
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-66422
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66422
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66422
2
reference_url https://discuss.tryton.org/t/security-release-for-issue-14354/8950
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T13:33:24Z/
url https://discuss.tryton.org/t/security-release-for-issue-14354/8950
3
reference_url https://foss.heptapod.net/tryton/tryton/-/issues/14354
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T13:33:24Z/
url https://foss.heptapod.net/tryton/tryton/-/issues/14354
4
reference_url https://github.com/tryton/trytond
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/tryton/trytond
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121242
reference_id 1121242
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121242
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-66422
reference_id CVE-2025-66422
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-66422
7
reference_url https://github.com/advisories/GHSA-jqfc-9q34-prhg
reference_id GHSA-jqfc-9q34-prhg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jqfc-9q34-prhg
fixed_packages
0
url pkg:pypi/trytond@6.0.70
purl pkg:pypi/trytond@6.0.70
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/trytond@6.0.70
1
url pkg:pypi/trytond@7.0.40
purl pkg:pypi/trytond@7.0.40
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/trytond@7.0.40
2
url pkg:pypi/trytond@7.4.21
purl pkg:pypi/trytond@7.4.21
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/trytond@7.4.21
3
url pkg:pypi/trytond@7.6.11
purl pkg:pypi/trytond@7.6.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/trytond@7.6.11
aliases CVE-2025-66422, GHSA-jqfc-9q34-prhg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q985-c71n-9bb9
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/trytond@6.0.70