Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:mozilla/Thunderbird@128.9.2
Typemozilla
Namespace
NameThunderbird
Version128.9.2
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version128.10.0
Latest_non_vulnerable_version149.0.2
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-rfve-tkv7-13dv
vulnerability_id VCID-rfve-tkv7-13dv
summary 
Thunderbird processes the X-Mozilla-External-Attachment-URL header
to handle attachments which can be hosted externally. When an
email is opened, Thunderbird accesses the specified URL to 
determine file size, and navigates to it when the user clicks the
attachment. Because the URL is not validated or sanitized, it can
reference internal resources like chrome:// or SMB share file:// links,
potentially leading to hashed Windows credential leakage and opening the
door to more serious security issues.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3522.json
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3522.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-3522
reference_id
reference_type
scores
0
value 0.0023
scoring_system epss
scoring_elements 0.45837
published_at 2026-04-21T12:55:00Z
1
value 0.0023
scoring_system epss
scoring_elements 0.45872
published_at 2026-04-11T12:55:00Z
2
value 0.0023
scoring_system epss
scoring_elements 0.45796
published_at 2026-04-07T12:55:00Z
3
value 0.0023
scoring_system epss
scoring_elements 0.45853
published_at 2026-04-08T12:55:00Z
4
value 0.0023
scoring_system epss
scoring_elements 0.4585
published_at 2026-04-09T12:55:00Z
5
value 0.0023
scoring_system epss
scoring_elements 0.45824
published_at 2026-04-02T12:55:00Z
6
value 0.0023
scoring_system epss
scoring_elements 0.45892
published_at 2026-04-18T12:55:00Z
7
value 0.0023
scoring_system epss
scoring_elements 0.45898
published_at 2026-04-16T12:55:00Z
8
value 0.0023
scoring_system epss
scoring_elements 0.45845
published_at 2026-04-13T12:55:00Z
9
value 0.0023
scoring_system epss
scoring_elements 0.45842
published_at 2026-04-12T12:55:00Z
10
value 0.0023
scoring_system epss
scoring_elements 0.45846
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-3522
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3522
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3522
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2359793
reference_id 2359793
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2359793
5
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2025-26
reference_id mfsa2025-26
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2025-26
6
reference_url https://www.mozilla.org/security/advisories/mfsa2025-26/
reference_id mfsa2025-26
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T18:49:37Z/
url https://www.mozilla.org/security/advisories/mfsa2025-26/
7
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2025-27
reference_id mfsa2025-27
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2025-27
8
reference_url https://www.mozilla.org/security/advisories/mfsa2025-27/
reference_id mfsa2025-27
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T18:49:37Z/
url https://www.mozilla.org/security/advisories/mfsa2025-27/
9
reference_url https://access.redhat.com/errata/RHSA-2025:4229
reference_id RHSA-2025:4229
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4229
10
reference_url https://access.redhat.com/errata/RHSA-2025:4389
reference_id RHSA-2025:4389
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4389
11
reference_url https://access.redhat.com/errata/RHSA-2025:4512
reference_id RHSA-2025:4512
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4512
12
reference_url https://access.redhat.com/errata/RHSA-2025:4513
reference_id RHSA-2025:4513
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4513
13
reference_url https://access.redhat.com/errata/RHSA-2025:4514
reference_id RHSA-2025:4514
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4514
14
reference_url https://access.redhat.com/errata/RHSA-2025:4617
reference_id RHSA-2025:4617
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4617
15
reference_url https://access.redhat.com/errata/RHSA-2025:4649
reference_id RHSA-2025:4649
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4649
16
reference_url https://access.redhat.com/errata/RHSA-2025:4654
reference_id RHSA-2025:4654
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4654
17
reference_url https://access.redhat.com/errata/RHSA-2025:4665
reference_id RHSA-2025:4665
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4665
18
reference_url https://access.redhat.com/errata/RHSA-2025:7435
reference_id RHSA-2025:7435
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7435
19
reference_url https://access.redhat.com/errata/RHSA-2025:7507
reference_id RHSA-2025:7507
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7507
20
reference_url https://bugzilla.mozilla.org/show_bug.cgi?id=1955372
reference_id show_bug.cgi?id=1955372
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T18:49:37Z/
url https://bugzilla.mozilla.org/show_bug.cgi?id=1955372
21
reference_url https://usn.ubuntu.com/7663-1/
reference_id USN-7663-1
reference_type
scores
url https://usn.ubuntu.com/7663-1/
fixed_packages
0
url pkg:mozilla/Thunderbird@128.9.2
purl pkg:mozilla/Thunderbird@128.9.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@128.9.2
1
url pkg:mozilla/Thunderbird@137.0.2
purl pkg:mozilla/Thunderbird@137.0.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@137.0.2
aliases CVE-2025-3522
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rfve-tkv7-13dv
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@128.9.2