Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.springframework.security/spring-security-core@5.0.0
Typemaven
Namespaceorg.springframework.security
Namespring-security-core
Version5.0.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.0.6
Latest_non_vulnerable_version6.5.4
Affected_by_vulnerabilities
0
url VCID-jfxp-d5zq-3kez
vulnerability_id VCID-jfxp-d5zq-3kez
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-5408
reference_id
reference_type
scores
0
value 0.00411
scoring_system epss
scoring_elements 0.61668
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-5408
1
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpuApr2021.html
2
reference_url https://www.oracle.com/security-alerts/cpujan2021.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpujan2021.html
3
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpuoct2020.html
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-5408
reference_id CVE-2020-5408
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-5408
5
reference_url https://tanzu.vmware.com/security/cve-2020-5408
reference_id CVE-2020-5408
reference_type
scores
url https://tanzu.vmware.com/security/cve-2020-5408
6
reference_url https://github.com/advisories/GHSA-2ppp-9496-p23q
reference_id GHSA-2ppp-9496-p23q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2ppp-9496-p23q
fixed_packages
0
url pkg:maven/org.springframework.security/spring-security-core@5.0.16
purl pkg:maven/org.springframework.security/spring-security-core@5.0.16
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@5.0.16
1
url pkg:maven/org.springframework.security/spring-security-core@5.1.10
purl pkg:maven/org.springframework.security/spring-security-core@5.1.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@5.1.10
2
url pkg:maven/org.springframework.security/spring-security-core@5.2.4
purl pkg:maven/org.springframework.security/spring-security-core@5.2.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@5.2.4
3
url pkg:maven/org.springframework.security/spring-security-core@5.3.2
purl pkg:maven/org.springframework.security/spring-security-core@5.3.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@5.3.2
aliases CVE-2020-5408, GHSA-2ppp-9496-p23q
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jfxp-d5zq-3kez
1
url VCID-mqcm-hd3y-cka5
vulnerability_id VCID-mqcm-hd3y-cka5
summary
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:2405
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:2405
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1199
reference_id
reference_type
scores
0
value 0.00846
scoring_system epss
scoring_elements 0.75134
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1199
2
reference_url https://github.com/spring-projects/spring-framework/commit/554662ebab87af97ba25d0c9f5449c7acda8df9c
reference_id
reference_type
scores
url https://github.com/spring-projects/spring-framework/commit/554662ebab87af97ba25d0c9f5449c7acda8df9c
3
reference_url https://github.com/spring-projects/spring-framework/commit/73a81f98d40eb6f5faa91aceb868db53fae2a94b
reference_id
reference_type
scores
url https://github.com/spring-projects/spring-framework/commit/73a81f98d40eb6f5faa91aceb868db53fae2a94b
4
reference_url https://github.com/spring-projects/spring-framework/commit/e6e6b8f4adcad99d133de97fcfac5ae5dd14153c
reference_id
reference_type
scores
url https://github.com/spring-projects/spring-framework/commit/e6e6b8f4adcad99d133de97fcfac5ae5dd14153c
5
reference_url https://github.com/spring-projects/spring-security/commit/0eef5b4b425ab42b9fa0fde1a3f36a37b92558f
reference_id
reference_type
scores
url https://github.com/spring-projects/spring-security/commit/0eef5b4b425ab42b9fa0fde1a3f36a37b92558f
6
reference_url https://github.com/spring-projects/spring-security/commit/65da28e4bf62f58fb130ba727cbbd621b44a36d
reference_id
reference_type
scores
url https://github.com/spring-projects/spring-security/commit/65da28e4bf62f58fb130ba727cbbd621b44a36d
7
reference_url https://github.com/spring-projects/spring-security/commit/cb8041ba67635edafcc934498ef82707157fd22
reference_id
reference_type
scores
url https://github.com/spring-projects/spring-security/commit/cb8041ba67635edafcc934498ef82707157fd22
8
reference_url https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe@%3Cissues.activemq.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe@%3Cissues.activemq.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b6c9adb5d1378c@%3Cissues.activemq.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b6c9adb5d1378c@%3Cissues.activemq.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369@%3Cissues.activemq.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369@%3Cissues.activemq.apache.org%3E
11
reference_url https://www.oracle.com/security-alerts/cpujul2020.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpujul2020.html
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1199
reference_id CVE-2018-1199
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-1199
13
reference_url https://pivotal.io/security/cve-2018-1199
reference_id CVE-2018-1199
reference_type
scores
url https://pivotal.io/security/cve-2018-1199
14
reference_url https://github.com/advisories/GHSA-v596-fwhq-8x48
reference_id GHSA-v596-fwhq-8x48
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v596-fwhq-8x48
fixed_packages
0
url pkg:maven/org.springframework.security/spring-security-core@5.0.1
purl pkg:maven/org.springframework.security/spring-security-core@5.0.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@5.0.1
1
url pkg:maven/org.springframework.security/spring-security-core@5.0.1.RELEASE
purl pkg:maven/org.springframework.security/spring-security-core@5.0.1.RELEASE
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@5.0.1.RELEASE
aliases CVE-2018-1199, GHSA-v596-fwhq-8x48
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mqcm-hd3y-cka5
2
url VCID-rg5c-bu77-bkha
vulnerability_id VCID-rg5c-bu77-bkha
summary 
Insufficient Entropy in PRNG
Spring Security contain an insecure randomness vulnerability when using `SecureRandomFactoryBean#setSeed` to configure a `SecureRandom` instance. In order to be impacted, an honest application must provide a seed and make the resulting random material available to an attacker for inspection.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-3795
reference_id
reference_type
scores
0
value 0.00548
scoring_system epss
scoring_elements 0.6823
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-3795
1
reference_url https://lists.debian.org/debian-lts-announce/2019/05/msg00026.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2019/05/msg00026.html
2
reference_url http://www.securityfocus.com/bid/107802
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/107802
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-3795
reference_id CVE-2019-3795
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2019-3795
4
reference_url https://pivotal.io/security/cve-2019-3795
reference_id CVE-2019-3795
reference_type
scores
url https://pivotal.io/security/cve-2019-3795
5
reference_url https://github.com/advisories/GHSA-v2r2-7qm7-jj6v
reference_id GHSA-v2r2-7qm7-jj6v
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v2r2-7qm7-jj6v
fixed_packages
0
url pkg:maven/org.springframework.security/spring-security-core@5.0.12
purl pkg:maven/org.springframework.security/spring-security-core@5.0.12
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@5.0.12
1
url pkg:maven/org.springframework.security/spring-security-core@5.0.13.RELEASE
purl pkg:maven/org.springframework.security/spring-security-core@5.0.13.RELEASE
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@5.0.13.RELEASE
2
url pkg:maven/org.springframework.security/spring-security-core@5.1.5
purl pkg:maven/org.springframework.security/spring-security-core@5.1.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@5.1.5
3
url pkg:maven/org.springframework.security/spring-security-core@5.1.6.RELEASE
purl pkg:maven/org.springframework.security/spring-security-core@5.1.6.RELEASE
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@5.1.6.RELEASE
aliases CVE-2019-3795, GHSA-v2r2-7qm7-jj6v
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rg5c-bu77-bkha
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@5.0.0