Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:ebuild/mail-client/roundcube@1.4.4

Type ebuild

Namespace mail-client

Name roundcube

Version 1.4.4

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 1.6.11

Latest_non_vulnerable_version 1.6.11

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-79me-pjdn-ykgq

vulnerability_id VCID-79me-pjdn-ykgq

summary

A flaw in Roundcube's handling of configuration files may allow
    arbitrary code execution, amongst other vulnerabilities.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-12640

reference_id

reference_type

scores

value	0.22659
scoring_system	epss
scoring_elements	0.95822
published_at	2026-04-01T12:55:00Z

value	0.22659
scoring_system	epss
scoring_elements	0.95831
published_at	2026-04-02T12:55:00Z

value	0.22659
scoring_system	epss
scoring_elements	0.95839
published_at	2026-04-04T12:55:00Z

value	0.22659
scoring_system	epss
scoring_elements	0.95842
published_at	2026-04-07T12:55:00Z

value	0.22659
scoring_system	epss
scoring_elements	0.9585
published_at	2026-04-08T12:55:00Z

value	0.22659
scoring_system	epss
scoring_elements	0.95854
published_at	2026-04-09T12:55:00Z

value	0.22659
scoring_system	epss
scoring_elements	0.95857
published_at	2026-04-11T12:55:00Z

value	0.22659
scoring_system	epss
scoring_elements	0.95856
published_at	2026-04-12T12:55:00Z

value	0.22659
scoring_system	epss
scoring_elements	0.95858
published_at	2026-04-13T12:55:00Z

value	0.22659
scoring_system	epss
scoring_elements	0.95869
published_at	2026-04-16T12:55:00Z

value	0.22659
scoring_system	epss
scoring_elements	0.95875
published_at	2026-04-18T12:55:00Z

value	0.22659
scoring_system	epss
scoring_elements	0.95877
published_at	2026-04-21T12:55:00Z

value	0.22659
scoring_system	epss
scoring_elements	0.95879
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-12640

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12640
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12640

reference_url	https://security.gentoo.org/glsa/202007-41
reference_id	GLSA-202007-41
reference_type
scores
url	https://security.gentoo.org/glsa/202007-41

reference_url	https://usn.ubuntu.com/USN-5182-1/
reference_id	USN-USN-5182-1
reference_type
scores
url	https://usn.ubuntu.com/USN-5182-1/

fixed_packages

url	pkg:ebuild/mail-client/roundcube@1.3.11
purl	pkg:ebuild/mail-client/roundcube@1.3.11
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/roundcube@1.3.11

url	pkg:ebuild/mail-client/roundcube@1.4.4
purl	pkg:ebuild/mail-client/roundcube@1.4.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/roundcube@1.4.4

aliases CVE-2020-12640

risk_score 0.1

exploitability 0.5

weighted_severity 0.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-79me-pjdn-ykgq

url VCID-cnkc-vcp7-6kcw

vulnerability_id VCID-cnkc-vcp7-6kcw

summary

A flaw in Roundcube's handling of configuration files may allow
    arbitrary code execution, amongst other vulnerabilities.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-12626

reference_id

reference_type

scores

value	0.01288
scoring_system	epss
scoring_elements	0.79589
published_at	2026-04-01T12:55:00Z

value	0.01288
scoring_system	epss
scoring_elements	0.79596
published_at	2026-04-02T12:55:00Z

value	0.01288
scoring_system	epss
scoring_elements	0.79618
published_at	2026-04-04T12:55:00Z

value	0.01288
scoring_system	epss
scoring_elements	0.79605
published_at	2026-04-07T12:55:00Z

value	0.01288
scoring_system	epss
scoring_elements	0.79634
published_at	2026-04-08T12:55:00Z

value	0.01288
scoring_system	epss
scoring_elements	0.79642
published_at	2026-04-09T12:55:00Z

value	0.01288
scoring_system	epss
scoring_elements	0.79662
published_at	2026-04-11T12:55:00Z

value	0.01288
scoring_system	epss
scoring_elements	0.79647
published_at	2026-04-12T12:55:00Z

value	0.01288
scoring_system	epss
scoring_elements	0.79639
published_at	2026-04-13T12:55:00Z

value	0.01288
scoring_system	epss
scoring_elements	0.7967
published_at	2026-04-16T12:55:00Z

value	0.01288
scoring_system	epss
scoring_elements	0.79669
published_at	2026-04-18T12:55:00Z

value	0.01288
scoring_system	epss
scoring_elements	0.79673
published_at	2026-04-21T12:55:00Z

value	0.01288
scoring_system	epss
scoring_elements	0.79704
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-12626

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12625
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12625

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12626
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12626

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959142
reference_id	959142
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959142

reference_url	https://security.gentoo.org/glsa/202007-41
reference_id	GLSA-202007-41
reference_type
scores
url	https://security.gentoo.org/glsa/202007-41

reference_url	https://usn.ubuntu.com/USN-5182-1/
reference_id	USN-USN-5182-1
reference_type
scores
url	https://usn.ubuntu.com/USN-5182-1/

fixed_packages

url	pkg:ebuild/mail-client/roundcube@1.3.11
purl	pkg:ebuild/mail-client/roundcube@1.3.11
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/roundcube@1.3.11

url	pkg:ebuild/mail-client/roundcube@1.4.4
purl	pkg:ebuild/mail-client/roundcube@1.4.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/roundcube@1.4.4

aliases CVE-2020-12626

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cnkc-vcp7-6kcw

url VCID-hg1a-vx5c-hue3

vulnerability_id VCID-hg1a-vx5c-hue3

summary

A flaw in Roundcube's handling of configuration files may allow
    arbitrary code execution, amongst other vulnerabilities.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-12641

reference_id

reference_type

scores

value	0.93133
scoring_system	epss
scoring_elements	0.99793
published_at	2026-04-02T12:55:00Z

value	0.93133
scoring_system	epss
scoring_elements	0.99794
published_at	2026-04-04T12:55:00Z

value	0.93133
scoring_system	epss
scoring_elements	0.99795
published_at	2026-04-09T12:55:00Z

value	0.93133
scoring_system	epss
scoring_elements	0.99796
published_at	2026-04-13T12:55:00Z

value	0.93133
scoring_system	epss
scoring_elements	0.99797
published_at	2026-04-16T12:55:00Z

value	0.93133
scoring_system	epss
scoring_elements	0.99798
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-12641

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12641
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12641

reference_url

https://github.com/roundcube/roundcubemail/compare/1.4.3...1.4.4

reference_id

1.4.3...1.4.4

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:53:48Z/

url

https://github.com/roundcube/roundcubemail/compare/1.4.3...1.4.4

reference_url

https://github.com/roundcube/roundcubemail/releases/tag/1.4.4

reference_id

1.4.4

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:53:48Z/

url

https://github.com/roundcube/roundcubemail/releases/tag/1.4.4

reference_url

https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-12641-Command%20Injection-Roundcube

reference_id

CVE-2020-12641-Command%20Injection-Roundcube

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:53:48Z/

url

https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-12641-Command%20Injection-Roundcube

reference_url

https://github.com/roundcube/roundcubemail/commit/fcfb099477f353373c34c8a65c9035b06b364db3

reference_id

fcfb099477f353373c34c8a65c9035b06b364db3

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:53:48Z/

url

https://github.com/roundcube/roundcubemail/commit/fcfb099477f353373c34c8a65c9035b06b364db3

reference_url

https://security.gentoo.org/glsa/202007-41

reference_id

GLSA-202007-41

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:53:48Z/

url

https://security.gentoo.org/glsa/202007-41

reference_url

https://roundcube.net/news/2020/04/29/security-updates-1.4.4-1.3.11-and-1.2.10

reference_id

security-updates-1.4.4-1.3.11-and-1.2.10

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:53:48Z/

url

https://roundcube.net/news/2020/04/29/security-updates-1.4.4-1.3.11-and-1.2.10

reference_url	https://usn.ubuntu.com/USN-5182-1/
reference_id	USN-USN-5182-1
reference_type
scores
url	https://usn.ubuntu.com/USN-5182-1/

fixed_packages

url	pkg:ebuild/mail-client/roundcube@1.3.11
purl	pkg:ebuild/mail-client/roundcube@1.3.11
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/roundcube@1.3.11

url	pkg:ebuild/mail-client/roundcube@1.4.4
purl	pkg:ebuild/mail-client/roundcube@1.4.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/roundcube@1.4.4

aliases CVE-2020-12641

risk_score 10.0

exploitability 2.0

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hg1a-vx5c-hue3

url VCID-x9j7-98zt-6ygt

vulnerability_id VCID-x9j7-98zt-6ygt

summary

A flaw in Roundcube's handling of configuration files may allow
    arbitrary code execution, amongst other vulnerabilities.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-12625

reference_id

reference_type

scores

value	0.0231
scoring_system	epss
scoring_elements	0.84692
published_at	2026-04-01T12:55:00Z

value	0.0231
scoring_system	epss
scoring_elements	0.84707
published_at	2026-04-02T12:55:00Z

value	0.0231
scoring_system	epss
scoring_elements	0.84727
published_at	2026-04-04T12:55:00Z

value	0.0231
scoring_system	epss
scoring_elements	0.84729
published_at	2026-04-07T12:55:00Z

value	0.0231
scoring_system	epss
scoring_elements	0.84751
published_at	2026-04-08T12:55:00Z

value	0.0231
scoring_system	epss
scoring_elements	0.84758
published_at	2026-04-09T12:55:00Z

value	0.0231
scoring_system	epss
scoring_elements	0.84775
published_at	2026-04-11T12:55:00Z

value	0.0231
scoring_system	epss
scoring_elements	0.84771
published_at	2026-04-12T12:55:00Z

value	0.0231
scoring_system	epss
scoring_elements	0.84766
published_at	2026-04-13T12:55:00Z

value	0.0231
scoring_system	epss
scoring_elements	0.84787
published_at	2026-04-16T12:55:00Z

value	0.0231
scoring_system	epss
scoring_elements	0.84788
published_at	2026-04-18T12:55:00Z

value	0.0231
scoring_system	epss
scoring_elements	0.84786
published_at	2026-04-21T12:55:00Z

value	0.0231
scoring_system	epss
scoring_elements	0.84813
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-12625

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12625
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12625

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12626
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12626

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959140
reference_id	959140
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959140

reference_url	https://security.gentoo.org/glsa/202007-41
reference_id	GLSA-202007-41
reference_type
scores
url	https://security.gentoo.org/glsa/202007-41

reference_url	https://usn.ubuntu.com/USN-5182-1/
reference_id	USN-USN-5182-1
reference_type
scores
url	https://usn.ubuntu.com/USN-5182-1/

fixed_packages

url	pkg:ebuild/mail-client/roundcube@1.3.11
purl	pkg:ebuild/mail-client/roundcube@1.3.11
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/roundcube@1.3.11

url	pkg:ebuild/mail-client/roundcube@1.4.4
purl	pkg:ebuild/mail-client/roundcube@1.4.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/roundcube@1.4.4

aliases CVE-2020-12625

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x9j7-98zt-6ygt

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/roundcube@1.4.4

Package Instance