Django REST framework
Api Root
Package List
Package Instance
Format
json
api
admin
Package Instance
Lookup for vulnerable packages by Package URL.
Purl
pkg:composer/silverstripe/framework@3.6.0-rc1
Type
composer
Namespace
silverstripe
Name
framework
Version
3.6.0-rc1
Qualifiers
Subpath
Is_vulnerable
true
Next_non_vulnerable_version
3.6.1
Latest_non_vulnerable_version
5.2.16
Affected_by_vulnerabilities
0
url
VCID-2af9-znrv-3bf7
vulnerability_id
VCID-2af9-znrv-3bf7
summary
silverstripe/framework's User-Agent header not correctly invalidating user session
references
0
reference_url
https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-006-1.yaml
reference_id
reference_type
scores
url
https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-006-1.yaml
1
reference_url
https://github.com/silverstripe/silverstripe-framework/commit/44de03da0147e6094b02602b7b73d5b1a1306d78
reference_id
reference_type
scores
url
https://github.com/silverstripe/silverstripe-framework/commit/44de03da0147e6094b02602b7b73d5b1a1306d78
2
reference_url
https://github.com/silverstripe/silverstripe-framework/commit/d47667bb0768841e4b305fa95d5a4e2ba232c4ad
reference_id
reference_type
scores
url
https://github.com/silverstripe/silverstripe-framework/commit/d47667bb0768841e4b305fa95d5a4e2ba232c4ad
3
reference_url
https://www.silverstripe.org/download/security-releases/ss-2017-006
reference_id
reference_type
scores
url
https://www.silverstripe.org/download/security-releases/ss-2017-006
4
reference_url
https://github.com/advisories/GHSA-4qx8-j9vh-2628
reference_id
GHSA-4qx8-j9vh-2628
reference_type
scores
0
value
HIGH
scoring_system
cvssv3.1_qr
scoring_elements
url
https://github.com/advisories/GHSA-4qx8-j9vh-2628
fixed_packages
0
url
pkg:composer/silverstripe/framework@3.6.3
purl
pkg:composer/silverstripe/framework@3.6.3
is_vulnerable
false
affected_by_vulnerabilities
resource_url
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.3
aliases
GHSA-4qx8-j9vh-2628
risk_score
null
exploitability
null
weighted_severity
null
resource_url
http://public2.vulnerablecode.io/vulnerabilities/VCID-2af9-znrv-3bf7
1
url
VCID-2e1q-fc4b-mydq
vulnerability_id
VCID-2e1q-fc4b-mydq
summary
silverstripe/framework Privilege Escalation Risk in Member Edit form
references
0
reference_url
https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2018-001-1.yaml
reference_id
reference_type
scores
url
https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2018-001-1.yaml
1
reference_url
https://github.com/silverstripe/silverstripe-framework/commit/577138882163e4b8782ea043487944d30d88e753
reference_id
reference_type
scores
url
https://github.com/silverstripe/silverstripe-framework/commit/577138882163e4b8782ea043487944d30d88e753
2
reference_url
https://github.com/silverstripe/silverstripe-framework/commit/e409d6f673c49846086b23677aecdc3fde5fc4d5
reference_id
reference_type
scores
url
https://github.com/silverstripe/silverstripe-framework/commit/e409d6f673c49846086b23677aecdc3fde5fc4d5
3
reference_url
https://www.silverstripe.org/download/security-releases/ss-2018-001
reference_id
reference_type
scores
url
https://www.silverstripe.org/download/security-releases/ss-2018-001
4
reference_url
https://github.com/advisories/GHSA-xpff-c35g-j3cr
reference_id
GHSA-xpff-c35g-j3cr
reference_type
scores
0
value
MODERATE
scoring_system
cvssv3.1_qr
scoring_elements
url
https://github.com/advisories/GHSA-xpff-c35g-j3cr
fixed_packages
0
url
pkg:composer/silverstripe/framework@3.6.6
purl
pkg:composer/silverstripe/framework@3.6.6
is_vulnerable
false
affected_by_vulnerabilities
resource_url
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.6
1
url
pkg:composer/silverstripe/framework@4.0.4
purl
pkg:composer/silverstripe/framework@4.0.4
is_vulnerable
false
affected_by_vulnerabilities
resource_url
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.4
2
url
pkg:composer/silverstripe/framework@4.1.1
purl
pkg:composer/silverstripe/framework@4.1.1
is_vulnerable
false
affected_by_vulnerabilities
resource_url
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.1.1
aliases
GHSA-xpff-c35g-j3cr
risk_score
null
exploitability
null
weighted_severity
null
resource_url
http://public2.vulnerablecode.io/vulnerabilities/VCID-2e1q-fc4b-mydq
2
url
VCID-hp6e-75gr-uuan
vulnerability_id
VCID-hp6e-75gr-uuan
summary
silverstripe/framework SQL injection in full text search
references
0
reference_url
https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-008-1.yaml
reference_id
reference_type
scores
url
https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-008-1.yaml
1
reference_url
https://github.com/silverstripe/silverstripe-framework/commit/099a5a3c2d99ed39bdd8815e1e2790bb9351770b
reference_id
reference_type
scores
url
https://github.com/silverstripe/silverstripe-framework/commit/099a5a3c2d99ed39bdd8815e1e2790bb9351770b
2
reference_url
https://github.com/silverstripe/silverstripe-framework/commit/a8465900bdc77199176c953890ce7587045b1ea4
reference_id
reference_type
scores
url
https://github.com/silverstripe/silverstripe-framework/commit/a8465900bdc77199176c953890ce7587045b1ea4
3
reference_url
https://www.silverstripe.org/download/security-releases/ss-2017-008
reference_id
reference_type
scores
url
https://www.silverstripe.org/download/security-releases/ss-2017-008
4
reference_url
https://github.com/advisories/GHSA-xx4r-5265-48j6
reference_id
GHSA-xx4r-5265-48j6
reference_type
scores
0
value
HIGH
scoring_system
cvssv3.1_qr
scoring_elements
url
https://github.com/advisories/GHSA-xx4r-5265-48j6
fixed_packages
0
url
pkg:composer/silverstripe/framework@3.6.3
purl
pkg:composer/silverstripe/framework@3.6.3
is_vulnerable
false
affected_by_vulnerabilities
resource_url
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.3
1
url
pkg:composer/silverstripe/framework@4.0.1
purl
pkg:composer/silverstripe/framework@4.0.1
is_vulnerable
false
affected_by_vulnerabilities
resource_url
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1
aliases
GHSA-xx4r-5265-48j6
risk_score
null
exploitability
null
weighted_severity
null
resource_url
http://public2.vulnerablecode.io/vulnerabilities/VCID-hp6e-75gr-uuan
3
url
VCID-hsfb-xx67-7qg6
vulnerability_id
VCID-hsfb-xx67-7qg6
summary
silverstripe/framework users inadvertently passing sensitive data to LoginAttempt
references
0
reference_url
https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-009-1.yaml
reference_id
reference_type
scores
url
https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-009-1.yaml
1
reference_url
https://github.com/silverstripe/silverstripe-framework/commit/3e2bcaa0b49277ff7f7004b265a7fa80d0b92e5c
reference_id
reference_type
scores
url
https://github.com/silverstripe/silverstripe-framework/commit/3e2bcaa0b49277ff7f7004b265a7fa80d0b92e5c
2
reference_url
https://github.com/silverstripe/silverstripe-framework/commit/c5d6eb816d4ac5e9fa3d8bc4bd82de95719eb22d
reference_id
reference_type
scores
url
https://github.com/silverstripe/silverstripe-framework/commit/c5d6eb816d4ac5e9fa3d8bc4bd82de95719eb22d
3
reference_url
https://github.com/silverstripe/silverstripe-framework/commit/f1dd3d6f03eb1d94c29c495994a1da9176a758d9
reference_id
reference_type
scores
url
https://github.com/silverstripe/silverstripe-framework/commit/f1dd3d6f03eb1d94c29c495994a1da9176a758d9
4
reference_url
https://www.silverstripe.org/download/security-releases/ss-2017-009
reference_id
reference_type
scores
url
https://www.silverstripe.org/download/security-releases/ss-2017-009
5
reference_url
https://github.com/advisories/GHSA-ph62-fv59-vf9h
reference_id
GHSA-ph62-fv59-vf9h
reference_type
scores
0
value
MODERATE
scoring_system
cvssv3.1_qr
scoring_elements
url
https://github.com/advisories/GHSA-ph62-fv59-vf9h
fixed_packages
0
url
pkg:composer/silverstripe/framework@3.6.3
purl
pkg:composer/silverstripe/framework@3.6.3
is_vulnerable
false
affected_by_vulnerabilities
resource_url
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.3
1
url
pkg:composer/silverstripe/framework@4.0.1
purl
pkg:composer/silverstripe/framework@4.0.1
is_vulnerable
false
affected_by_vulnerabilities
resource_url
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1
aliases
GHSA-ph62-fv59-vf9h
risk_score
null
exploitability
null
weighted_severity
null
resource_url
http://public2.vulnerablecode.io/vulnerabilities/VCID-hsfb-xx67-7qg6
4
url
VCID-k8vz-xw7w-e3dg
vulnerability_id
VCID-k8vz-xw7w-e3dg
summary
silverstripe/framework CSV Excel Macro Injection
references
0
reference_url
https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-007-1.yaml
reference_id
reference_type
scores
url
https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-007-1.yaml
1
reference_url
https://github.com/silverstripe/silverstripe-framework/commit/55739fa5af6171594b2cb4f3621d5fcce5e887d4
reference_id
reference_type
scores
url
https://github.com/silverstripe/silverstripe-framework/commit/55739fa5af6171594b2cb4f3621d5fcce5e887d4
2
reference_url
https://github.com/silverstripe/silverstripe-framework/commit/cfe1d4f481bf53ea8da2b8608a563e207d923df9
reference_id
reference_type
scores
url
https://github.com/silverstripe/silverstripe-framework/commit/cfe1d4f481bf53ea8da2b8608a563e207d923df9
3
reference_url
https://github.com/silverstripe/silverstripe-framework/commit/dd4c5417e7592e29e698af428b72bdb9b6729797
reference_id
reference_type
scores
url
https://github.com/silverstripe/silverstripe-framework/commit/dd4c5417e7592e29e698af428b72bdb9b6729797
4
reference_url
https://www.silverstripe.org/download/security-releases/ss-2017-007
reference_id
reference_type
scores
url
https://www.silverstripe.org/download/security-releases/ss-2017-007
5
reference_url
https://github.com/advisories/GHSA-mqjc-x563-c9q8
reference_id
GHSA-mqjc-x563-c9q8
reference_type
scores
0
value
HIGH
scoring_system
cvssv3.1_qr
scoring_elements
url
https://github.com/advisories/GHSA-mqjc-x563-c9q8
fixed_packages
0
url
pkg:composer/silverstripe/framework@3.6.3
purl
pkg:composer/silverstripe/framework@3.6.3
is_vulnerable
false
affected_by_vulnerabilities
resource_url
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.3
1
url
pkg:composer/silverstripe/framework@4.0.1
purl
pkg:composer/silverstripe/framework@4.0.1
is_vulnerable
false
affected_by_vulnerabilities
resource_url
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1
aliases
GHSA-mqjc-x563-c9q8
risk_score
null
exploitability
null
weighted_severity
null
resource_url
http://public2.vulnerablecode.io/vulnerabilities/VCID-k8vz-xw7w-e3dg
5
url
VCID-yhh9-rkh9-rqeu
vulnerability_id
VCID-yhh9-rkh9-rqeu
summary
silverstripe/framework vulnerable to user enumeration via timing attack on login and password reset forms
references
0
reference_url
https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-005-1.yaml
reference_id
reference_type
scores
url
https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-005-1.yaml
1
reference_url
https://github.com/silverstripe/silverstripe-framework/commit/f0262a8fd9ab5fb51b178ace3c3487351217f5a0
reference_id
reference_type
scores
url
https://github.com/silverstripe/silverstripe-framework/commit/f0262a8fd9ab5fb51b178ace3c3487351217f5a0
2
reference_url
https://www.silverstripe.org/download/security-releases/ss-2017-005
reference_id
reference_type
scores
url
https://www.silverstripe.org/download/security-releases/ss-2017-005
3
reference_url
https://github.com/advisories/GHSA-7m2v-x7rg-5hm5
reference_id
GHSA-7m2v-x7rg-5hm5
reference_type
scores
0
value
HIGH
scoring_system
cvssv3.1_qr
scoring_elements
url
https://github.com/advisories/GHSA-7m2v-x7rg-5hm5
fixed_packages
0
url
pkg:composer/silverstripe/framework@3.6.2
purl
pkg:composer/silverstripe/framework@3.6.2
is_vulnerable
true
affected_by_vulnerabilities
0
vulnerability
VCID-pq7w-n99a-q7cj
resource_url
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.2
aliases
GHSA-7m2v-x7rg-5hm5
risk_score
null
exploitability
null
weighted_severity
null
resource_url
http://public2.vulnerablecode.io/vulnerabilities/VCID-yhh9-rkh9-rqeu
Fixing_vulnerabilities
Risk_score
null
Resource_url
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.0-rc1
×
Create
None
×
Edit
None