Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/calibreweb@0.6.24
Typepypi
Namespace
Namecalibreweb
Version0.6.24
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-4xd2-y3tq-ckh8
vulnerability_id VCID-4xd2-y3tq-ckh8
summary 
Calibre Web and Autocaliweb have OS Command Injection vulnerability
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Calibre Web, Autocaliweb allows Blind OS Command Injection. This issue affects Calibre Web: 0.6.24 (Nicolette); Autocaliweb: from 0.7.0 before 0.7.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-7404
reference_id
reference_type
scores
0
value 0.02327
scoring_system epss
scoring_elements 0.8514
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-7404
1
reference_url https://fluidattacks.com/advisories/kino
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-25T13:33:27Z/
url https://fluidattacks.com/advisories/kino
2
reference_url https://github.com/gelbphoenix/autocaliweb
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-25T13:33:27Z/
url https://github.com/gelbphoenix/autocaliweb
3
reference_url https://github.com/janeczku/calibre-web
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-25T13:33:27Z/
url https://github.com/janeczku/calibre-web
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-7404
reference_id CVE-2025-7404
reference_type
scores
0
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-7404
5
reference_url https://github.com/advisories/GHSA-qc4j-v7h6-xr5h
reference_id GHSA-qc4j-v7h6-xr5h
reference_type
scores
url https://github.com/advisories/GHSA-qc4j-v7h6-xr5h
fixed_packages
aliases CVE-2025-7404, GHSA-qc4j-v7h6-xr5h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4xd2-y3tq-ckh8
1
url VCID-gb1g-yf4f-tygr
vulnerability_id VCID-gb1g-yf4f-tygr
summary 
Calibre-Web Has a Stored Cross-Site Scripting (XSS) Vulnerability via the 'username' Field During User Creation
A Stored Cross-Site Scripting (XSS) vulnerability in Calibre-Web v0.6.25 allows attackers to inject malicious JavaScript into the 'username' field during user creation. The payload is stored unsanitized and later executed when the /ajax/listusers endpoint is accessed.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-65858
reference_id
reference_type
scores
0
value 0.0003
scoring_system epss
scoring_elements 0.09208
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-65858
1
reference_url https://github.com/janeczku/calibre-web
reference_id
reference_type
scores
0
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/janeczku/calibre-web
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-65858
reference_id CVE-2025-65858
reference_type
scores
0
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-65858
3
reference_url https://github.com/KhanhDuy155/calibre-web-CVE-2025-65858/blob/main/CVE-2025-65858.md
reference_id CVE-2025-65858.MD
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N
1
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-02T15:12:45Z/
url https://github.com/KhanhDuy155/calibre-web-CVE-2025-65858/blob/main/CVE-2025-65858.md
4
reference_url https://github.com/advisories/GHSA-pc5g-j9j7-p4q3
reference_id GHSA-pc5g-j9j7-p4q3
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pc5g-j9j7-p4q3
fixed_packages
aliases CVE-2025-65858, GHSA-pc5g-j9j7-p4q3
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gb1g-yf4f-tygr
2
url VCID-gwc3-dztv-37dw
vulnerability_id VCID-gwc3-dztv-37dw
summary 
Calibre Web and Autocaliweb have a ReDoS vulnerability
ReDoS in strip_whitespaces() function in cps/string_helper.py in Calibre Web and Autocaliweb allows unauthenticated remote attackers to cause denial of service via specially crafted username parameter that triggers catastrophic backtracking during login. This issue affects Calibre Web: 0.6.24 (Nicolette); Autocaliweb: from 0.7.0 before 0.7.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-6998
reference_id
reference_type
scores
0
value 0.00202
scoring_system epss
scoring_elements 0.423
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-6998
1
reference_url https://fluidattacks.com/advisories/megadeth
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-24T19:50:08Z/
url https://fluidattacks.com/advisories/megadeth
2
reference_url https://github.com/gelbphoenix/autocaliweb
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-24T19:50:08Z/
url https://github.com/gelbphoenix/autocaliweb
3
reference_url https://github.com/janeczku/calibre-web
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-24T19:50:08Z/
url https://github.com/janeczku/calibre-web
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-6998
reference_id CVE-2025-6998
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-6998
5
reference_url https://github.com/advisories/GHSA-2g7m-ph9x-7q7m
reference_id GHSA-2g7m-ph9x-7q7m
reference_type
scores
url https://github.com/advisories/GHSA-2g7m-ph9x-7q7m
fixed_packages
aliases CVE-2025-6998, GHSA-2g7m-ph9x-7q7m
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gwc3-dztv-37dw
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/calibreweb@0.6.24