Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/roundup@1.5.0
Typepypi
Namespace
Nameroundup
Version1.5.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.5.0
Latest_non_vulnerable_version2.5.0
Affected_by_vulnerabilities
0
url VCID-csmv-58s1-5bde
vulnerability_id VCID-csmv-58s1-5bde
summary Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and roundup/cgi/wsgi_handler.py mishandle 404 errors.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10904
reference_id
reference_type
scores
0
value 0.00595
scoring_system epss
scoring_elements 0.69649
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10904
1
reference_url https://bugs.python.org/issue36391
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.python.org/issue36391
2
reference_url https://github.com/advisories/GHSA-926q-wxr6-3crq
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-926q-wxr6-3crq
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2019-201.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2019-201.yaml
4
reference_url https://github.com/python/bugs.python.org/issues/34
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python/bugs.python.org/issues/34
5
reference_url https://github.com/roundup-tracker/roundup
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/roundup-tracker/roundup
6
reference_url https://lists.debian.org/debian-lts-announce/2019/04/msg00009.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/04/msg00009.html
7
reference_url https://pypi.org/project/roundup/2.0.0alpha0
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://pypi.org/project/roundup/2.0.0alpha0
8
reference_url https://www.openwall.com/lists/oss-security/2019/04/05/1
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2019/04/05/1
9
reference_url http://www.openwall.com/lists/oss-security/2019/04/07/1
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2019/04/07/1
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10904
reference_id CVE-2019-10904
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10904
fixed_packages
0
url pkg:pypi/roundup@2.0.0a0
purl pkg:pypi/roundup@2.0.0a0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-csmv-58s1-5bde
1
vulnerability VCID-ntht-6gus-87cv
2
vulnerability VCID-uk8q-2vzm-hbhu
3
vulnerability VCID-wjqt-h4bh-gbgr
4
vulnerability VCID-zk4h-xznt-n3c3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/roundup@2.0.0a0
1
url pkg:pypi/roundup@2.0.0
purl pkg:pypi/roundup@2.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ntht-6gus-87cv
1
vulnerability VCID-uk8q-2vzm-hbhu
2
vulnerability VCID-wjqt-h4bh-gbgr
3
vulnerability VCID-zk4h-xznt-n3c3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/roundup@2.0.0
aliases CVE-2019-10904, GHSA-926q-wxr6-3crq, PYSEC-2019-201
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-csmv-58s1-5bde
1
url VCID-fg7q-khn3-q7hr
vulnerability_id VCID-fg7q-khn3-q7hr
summary schema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing user details.
references
0
reference_url http://hg.code.sf.net/p/roundup/code/rev/a403c29ffaf9
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://hg.code.sf.net/p/roundup/code/rev/a403c29ffaf9
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-6276
reference_id
reference_type
scores
0
value 0.0013
scoring_system epss
scoring_elements 0.32171
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-6276
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6276
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6276
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2016-33.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2016-33.yaml
4
reference_url https://github.com/roundup-tracker/roundup
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/roundup-tracker/roundup
5
reference_url https://sourceforge.net/p/roundup/code/ci/tip/tree/CHANGES.txt
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://sourceforge.net/p/roundup/code/ci/tip/tree/CHANGES.txt
6
reference_url http://www.debian.org/security/2016/dsa-3502
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2016/dsa-3502
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-6276
reference_id CVE-2014-6276
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-6276
8
reference_url https://github.com/advisories/GHSA-j556-q367-2gw6
reference_id GHSA-j556-q367-2gw6
reference_type
scores
url https://github.com/advisories/GHSA-j556-q367-2gw6
fixed_packages
0
url pkg:pypi/roundup@1.5.1
purl pkg:pypi/roundup@1.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-csmv-58s1-5bde
1
vulnerability VCID-ntht-6gus-87cv
2
vulnerability VCID-uk8q-2vzm-hbhu
3
vulnerability VCID-wjqt-h4bh-gbgr
4
vulnerability VCID-zk4h-xznt-n3c3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/roundup@1.5.1
aliases CVE-2014-6276, GHSA-j556-q367-2gw6, PYSEC-2016-33
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fg7q-khn3-q7hr
2
url VCID-ntht-6gus-87cv
vulnerability_id VCID-ntht-6gus-87cv
summary In Roundup before 2.5.0, XSS can occur via interaction between URLs and issue tracker templates (devel and responsive).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-53865
reference_id
reference_type
scores
0
value 0.00172
scoring_system epss
scoring_elements 0.38404
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-53865
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2025-69.yaml
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2025-69.yaml
2
reference_url https://github.com/roundup-tracker/roundup
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/roundup-tracker/roundup
3
reference_url https://github.com/roundup-tracker/roundup/commit/3b1f22f331d4798491bd4746dbaaa6cfbe972952
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/roundup-tracker/roundup/commit/3b1f22f331d4798491bd4746dbaaa6cfbe972952
4
reference_url https://github.com/roundup-tracker/roundup/commit/65ac8f4dcb03a9a36a67c3e98fdf79cbd2a0b3fb
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/roundup-tracker/roundup/commit/65ac8f4dcb03a9a36a67c3e98fdf79cbd2a0b3fb
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-53865
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-53865
6
reference_url https://www.roundup-tracker.org/docs/security.html
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-14T16:22:43Z/
url https://www.roundup-tracker.org/docs/security.html
7
reference_url https://www.roundup-tracker.org/docs/upgrading.html#cve-2025-53865
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-14T16:22:43Z/
url https://www.roundup-tracker.org/docs/upgrading.html#cve-2025-53865
8
reference_url https://github.com/advisories/GHSA-qxh9-qmf2-rhwc
reference_id GHSA-qxh9-qmf2-rhwc
reference_type
scores
url https://github.com/advisories/GHSA-qxh9-qmf2-rhwc
fixed_packages
0
url pkg:pypi/roundup@2.5.0
purl pkg:pypi/roundup@2.5.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/roundup@2.5.0
aliases CVE-2025-53865, GHSA-qxh9-qmf2-rhwc, PYSEC-2025-69
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ntht-6gus-87cv
3
url VCID-uk8q-2vzm-hbhu
vulnerability_id VCID-uk8q-2vzm-hbhu
summary Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-39126
reference_id
reference_type
scores
0
value 0.00927
scoring_system epss
scoring_elements 0.76407
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-39126
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2024-65.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2024-65.yaml
2
reference_url https://github.com/roundup-tracker/roundup
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/roundup-tracker/roundup
3
reference_url https://github.com/roundup-tracker/roundup/commit/860e3c8d07b05b77c6cdf5d0b6e7dbfe51b11631
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/roundup-tracker/roundup/commit/860e3c8d07b05b77c6cdf5d0b6e7dbfe51b11631
4
reference_url https://www.roundup-tracker.org
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-18T13:55:28Z/
url https://www.roundup-tracker.org
5
reference_url https://www.roundup-tracker.org/docs/security.html#cve-announcements
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-18T13:55:28Z/
url https://www.roundup-tracker.org/docs/security.html#cve-announcements
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-39126
reference_id CVE-2024-39126
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-39126
7
reference_url https://github.com/advisories/GHSA-x37x-qf4v-f54f
reference_id GHSA-x37x-qf4v-f54f
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x37x-qf4v-f54f
fixed_packages
0
url pkg:pypi/roundup@2.4.0
purl pkg:pypi/roundup@2.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ntht-6gus-87cv
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/roundup@2.4.0
aliases CVE-2024-39126, GHSA-x37x-qf4v-f54f, PYSEC-2024-65
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uk8q-2vzm-hbhu
4
url VCID-wjqt-h4bh-gbgr
vulnerability_id VCID-wjqt-h4bh-gbgr
summary In Roundup before 2.4.0, classhelpers (_generic.help.html) allow XSS.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-39124
reference_id
reference_type
scores
0
value 0.00729
scoring_system epss
scoring_elements 0.7297
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-39124
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2024-63.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2024-63.yaml
2
reference_url https://github.com/roundup-tracker/roundup
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/roundup-tracker/roundup
3
reference_url https://github.com/roundup-tracker/roundup/commit/860e3c8d07b05b77c6cdf5d0b6e7dbfe51b11631
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/roundup-tracker/roundup/commit/860e3c8d07b05b77c6cdf5d0b6e7dbfe51b11631
4
reference_url https://www.roundup-tracker.org
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.roundup-tracker.org
5
reference_url https://www.roundup-tracker.org/
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-16T20:43:15Z/
url https://www.roundup-tracker.org/
6
reference_url https://www.roundup-tracker.org/docs/security.html#cve-announcements
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-16T20:43:15Z/
url https://www.roundup-tracker.org/docs/security.html#cve-announcements
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-39124
reference_id CVE-2024-39124
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-39124
8
reference_url https://github.com/advisories/GHSA-w8vc-cwv9-wx67
reference_id GHSA-w8vc-cwv9-wx67
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w8vc-cwv9-wx67
fixed_packages
0
url pkg:pypi/roundup@2.4.0
purl pkg:pypi/roundup@2.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ntht-6gus-87cv
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/roundup@2.4.0
aliases CVE-2024-39124, GHSA-w8vc-cwv9-wx67, PYSEC-2024-63
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wjqt-h4bh-gbgr
5
url VCID-zk4h-xznt-n3c3
vulnerability_id VCID-zk4h-xznt-n3c3
summary Roundup before 2.4.0 allows XSS via a SCRIPT element in an HTTP Referer header.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-39125
reference_id
reference_type
scores
0
value 0.00729
scoring_system epss
scoring_elements 0.7297
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-39125
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2024-64.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2024-64.yaml
2
reference_url https://github.com/roundup-tracker/roundup
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/roundup-tracker/roundup
3
reference_url https://github.com/roundup-tracker/roundup/commit/860e3c8d07b05b77c6cdf5d0b6e7dbfe51b11631
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/roundup-tracker/roundup/commit/860e3c8d07b05b77c6cdf5d0b6e7dbfe51b11631
4
reference_url https://www.roundup-tracker.org
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-17T20:44:49Z/
url https://www.roundup-tracker.org
5
reference_url https://www.roundup-tracker.org/docs/security.html#cve-announcements
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-17T20:44:49Z/
url https://www.roundup-tracker.org/docs/security.html#cve-announcements
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-39125
reference_id CVE-2024-39125
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-39125
7
reference_url https://github.com/advisories/GHSA-xjgw-ghrx-wfff
reference_id GHSA-xjgw-ghrx-wfff
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xjgw-ghrx-wfff
fixed_packages
0
url pkg:pypi/roundup@2.4.0
purl pkg:pypi/roundup@2.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ntht-6gus-87cv
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/roundup@2.4.0
aliases CVE-2024-39125, GHSA-xjgw-ghrx-wfff, PYSEC-2024-64
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zk4h-xznt-n3c3
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/roundup@1.5.0