Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/unopim/unopim@0.3.1
Typecomposer
Namespaceunopim
Nameunopim
Version0.3.1
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-59jz-qr5e-hkg3
vulnerability_id VCID-59jz-qr5e-hkg3
summary 
UnoPim has CSV Injection on Quick Export feature
Description:
`CSV Injection` or `Formula Injection` is a security vulnerability that occurs when malicious content is inserted into a CSV (Comma-Separated Values) file, which is then opened in a spreadsheet application like Microsoft Excel. This attack exploits the way spreadsheet software automatically interprets certain text patterns as formulas or commands, rather than plain text.
references
0
reference_url https://drive.proton.me/urls/3TP1QEMXNC#2PAy7OkVqdP3
reference_id
reference_type
scores
0
value 2.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:P
1
value LOW
scoring_system generic_textual
scoring_elements
url https://drive.proton.me/urls/3TP1QEMXNC#2PAy7OkVqdP3
1
reference_url https://github.com/unopim/unopim
reference_id
reference_type
scores
0
value 2.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:P
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/unopim/unopim
2
reference_url https://github.com/unopim/unopim/commit/8325b78567411ad78d44c0385f192360e608ff71
reference_id
reference_type
scores
0
value 2.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:P
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/unopim/unopim/commit/8325b78567411ad78d44c0385f192360e608ff71
3
reference_url https://github.com/unopim/unopim/commit/b25db9496fc147842a519d1dd42ec03c3bf00a34
reference_id
reference_type
scores
0
value 2.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:P
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/unopim/unopim/commit/b25db9496fc147842a519d1dd42ec03c3bf00a34
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-55745
reference_id CVE-2025-55745
reference_type
scores
0
value 2.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:P
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-55745
5
reference_url https://github.com/advisories/GHSA-74rg-6f92-g6wx
reference_id GHSA-74rg-6f92-g6wx
reference_type
scores
url https://github.com/advisories/GHSA-74rg-6f92-g6wx
6
reference_url https://github.com/unopim/unopim/security/advisories/GHSA-74rg-6f92-g6wx
reference_id GHSA-74rg-6f92-g6wx
reference_type
scores
0
value 2.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:P
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/unopim/unopim/security/advisories/GHSA-74rg-6f92-g6wx
fixed_packages
0
url pkg:composer/unopim/unopim@0.3.1
purl pkg:composer/unopim/unopim@0.3.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/unopim/unopim@0.3.1
aliases CVE-2025-55745, GHSA-74rg-6f92-g6wx
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-59jz-qr5e-hkg3
1
url VCID-ste2-yppe-uqcd
vulnerability_id VCID-ste2-yppe-uqcd
summary 
UnoPim has Broken Access Control
In Unopim, it is possible to create roles and choose the privileges. However, users without the “Delete” privilege for Products cannot delete a single product via the standard endpoint (expected behavior), but can still delete products via the mass-delete endpoint, even when the request contains only one product ID.
references
0
reference_url https://github.com/unopim/unopim
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/unopim/unopim
1
reference_url https://github.com/unopim/unopim/commit/c14eebe653aafd8dc713ca729165177e63315989
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/unopim/unopim/commit/c14eebe653aafd8dc713ca729165177e63315989
2
reference_url https://github.com/unopim/unopim/commit/f49fa630afd36ff61c146b3e5bc7a0808667ca19
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/unopim/unopim/commit/f49fa630afd36ff61c146b3e5bc7a0808667ca19
3
reference_url https://www.youtube.com/watch?v=J_WV8fCXlJM
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.youtube.com/watch?v=J_WV8fCXlJM
4
reference_url https://youtu.be/J_WV8fCXlJM
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://youtu.be/J_WV8fCXlJM
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-55741
reference_id CVE-2025-55741
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-55741
6
reference_url https://github.com/advisories/GHSA-8p2f-fx4q-75cx
reference_id GHSA-8p2f-fx4q-75cx
reference_type
scores
url https://github.com/advisories/GHSA-8p2f-fx4q-75cx
7
reference_url https://github.com/unopim/unopim/security/advisories/GHSA-8p2f-fx4q-75cx
reference_id GHSA-8p2f-fx4q-75cx
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/unopim/unopim/security/advisories/GHSA-8p2f-fx4q-75cx
fixed_packages
0
url pkg:composer/unopim/unopim@0.3.1
purl pkg:composer/unopim/unopim@0.3.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/unopim/unopim@0.3.1
aliases CVE-2025-55741, GHSA-8p2f-fx4q-75cx
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ste2-yppe-uqcd
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/unopim/unopim@0.3.1