Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/thunderbird@128.9.2-1?arch=el8_10
Typerpm
Namespaceredhat
Namethunderbird
Version128.9.2-1
Qualifiers
arch el8_10
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-jyns-kqp9-4ygh
vulnerability_id VCID-jyns-kqp9-4ygh
summary 
By crafting a malformed file name for an attachment in a multipart
message, an attacker can trick Thunderbird into including a
directory listing of /tmp when the message is forwarded or edited
as a new message. This vulnerability could allow attackers to
disclose sensitive information from the victim's system. This
vulnerability is not limited to Linux; similar behavior has been
observed on Windows as well.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2830.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2830.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-2830
reference_id
reference_type
scores
0
value 0.00224
scoring_system epss
scoring_elements 0.45075
published_at 2026-04-21T12:55:00Z
1
value 0.00224
scoring_system epss
scoring_elements 0.4509
published_at 2026-04-09T12:55:00Z
2
value 0.00224
scoring_system epss
scoring_elements 0.45037
published_at 2026-04-07T12:55:00Z
3
value 0.00224
scoring_system epss
scoring_elements 0.45089
published_at 2026-04-08T12:55:00Z
4
value 0.00224
scoring_system epss
scoring_elements 0.45112
published_at 2026-04-11T12:55:00Z
5
value 0.00224
scoring_system epss
scoring_elements 0.45072
published_at 2026-04-02T12:55:00Z
6
value 0.00224
scoring_system epss
scoring_elements 0.45124
published_at 2026-04-18T12:55:00Z
7
value 0.00224
scoring_system epss
scoring_elements 0.45131
published_at 2026-04-16T12:55:00Z
8
value 0.00224
scoring_system epss
scoring_elements 0.45082
published_at 2026-04-13T12:55:00Z
9
value 0.00224
scoring_system epss
scoring_elements 0.4508
published_at 2026-04-12T12:55:00Z
10
value 0.00224
scoring_system epss
scoring_elements 0.45094
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-2830
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2830
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2830
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2359789
reference_id 2359789
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2359789
5
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2025-26
reference_id mfsa2025-26
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2025-26
6
reference_url https://www.mozilla.org/security/advisories/mfsa2025-26/
reference_id mfsa2025-26
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T17:53:44Z/
url https://www.mozilla.org/security/advisories/mfsa2025-26/
7
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2025-27
reference_id mfsa2025-27
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2025-27
8
reference_url https://www.mozilla.org/security/advisories/mfsa2025-27/
reference_id mfsa2025-27
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T17:53:44Z/
url https://www.mozilla.org/security/advisories/mfsa2025-27/
9
reference_url https://access.redhat.com/errata/RHSA-2025:4229
reference_id RHSA-2025:4229
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4229
10
reference_url https://access.redhat.com/errata/RHSA-2025:4389
reference_id RHSA-2025:4389
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4389
11
reference_url https://access.redhat.com/errata/RHSA-2025:4512
reference_id RHSA-2025:4512
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4512
12
reference_url https://access.redhat.com/errata/RHSA-2025:4513
reference_id RHSA-2025:4513
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4513
13
reference_url https://access.redhat.com/errata/RHSA-2025:4514
reference_id RHSA-2025:4514
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4514
14
reference_url https://access.redhat.com/errata/RHSA-2025:4617
reference_id RHSA-2025:4617
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4617
15
reference_url https://access.redhat.com/errata/RHSA-2025:4649
reference_id RHSA-2025:4649
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4649
16
reference_url https://access.redhat.com/errata/RHSA-2025:4654
reference_id RHSA-2025:4654
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4654
17
reference_url https://access.redhat.com/errata/RHSA-2025:4665
reference_id RHSA-2025:4665
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4665
18
reference_url https://access.redhat.com/errata/RHSA-2025:7435
reference_id RHSA-2025:7435
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7435
19
reference_url https://access.redhat.com/errata/RHSA-2025:7507
reference_id RHSA-2025:7507
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7507
20
reference_url https://bugzilla.mozilla.org/show_bug.cgi?id=1956379
reference_id show_bug.cgi?id=1956379
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T17:53:44Z/
url https://bugzilla.mozilla.org/show_bug.cgi?id=1956379
21
reference_url https://usn.ubuntu.com/7663-1/
reference_id USN-7663-1
reference_type
scores
url https://usn.ubuntu.com/7663-1/
fixed_packages
aliases CVE-2025-2830
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jyns-kqp9-4ygh
1
url VCID-n9jq-77ud-v7c9
vulnerability_id VCID-n9jq-77ud-v7c9
summary 
When an email contains multiple attachments with external links
via the X-Mozilla-External-Attachment-URL header, only the last
link is shown when hovering over any attachment. Although the
correct link is used on click, the misleading hover text could
trick users into downloading content from untrusted sources.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3523.json
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3523.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-3523
reference_id
reference_type
scores
0
value 0.00244
scoring_system epss
scoring_elements 0.47696
published_at 2026-04-21T12:55:00Z
1
value 0.00244
scoring_system epss
scoring_elements 0.47689
published_at 2026-04-08T12:55:00Z
2
value 0.00244
scoring_system epss
scoring_elements 0.47684
published_at 2026-04-09T12:55:00Z
3
value 0.00244
scoring_system epss
scoring_elements 0.47634
published_at 2026-04-07T12:55:00Z
4
value 0.00244
scoring_system epss
scoring_elements 0.47708
published_at 2026-04-11T12:55:00Z
5
value 0.00244
scoring_system epss
scoring_elements 0.47664
published_at 2026-04-02T12:55:00Z
6
value 0.00244
scoring_system epss
scoring_elements 0.47743
published_at 2026-04-18T12:55:00Z
7
value 0.00244
scoring_system epss
scoring_elements 0.47751
published_at 2026-04-16T12:55:00Z
8
value 0.00244
scoring_system epss
scoring_elements 0.47694
published_at 2026-04-13T12:55:00Z
9
value 0.00244
scoring_system epss
scoring_elements 0.47685
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-3523
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3523
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3523
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2359786
reference_id 2359786
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2359786
5
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2025-26
reference_id mfsa2025-26
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2025-26
6
reference_url https://www.mozilla.org/security/advisories/mfsa2025-26/
reference_id mfsa2025-26
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T17:45:32Z/
url https://www.mozilla.org/security/advisories/mfsa2025-26/
7
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2025-27
reference_id mfsa2025-27
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2025-27
8
reference_url https://www.mozilla.org/security/advisories/mfsa2025-27/
reference_id mfsa2025-27
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T17:45:32Z/
url https://www.mozilla.org/security/advisories/mfsa2025-27/
9
reference_url https://access.redhat.com/errata/RHSA-2025:4229
reference_id RHSA-2025:4229
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4229
10
reference_url https://access.redhat.com/errata/RHSA-2025:4389
reference_id RHSA-2025:4389
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4389
11
reference_url https://access.redhat.com/errata/RHSA-2025:4512
reference_id RHSA-2025:4512
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4512
12
reference_url https://access.redhat.com/errata/RHSA-2025:4513
reference_id RHSA-2025:4513
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4513
13
reference_url https://access.redhat.com/errata/RHSA-2025:4514
reference_id RHSA-2025:4514
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4514
14
reference_url https://access.redhat.com/errata/RHSA-2025:4617
reference_id RHSA-2025:4617
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4617
15
reference_url https://access.redhat.com/errata/RHSA-2025:4649
reference_id RHSA-2025:4649
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4649
16
reference_url https://access.redhat.com/errata/RHSA-2025:4654
reference_id RHSA-2025:4654
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4654
17
reference_url https://access.redhat.com/errata/RHSA-2025:4665
reference_id RHSA-2025:4665
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4665
18
reference_url https://access.redhat.com/errata/RHSA-2025:7435
reference_id RHSA-2025:7435
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7435
19
reference_url https://access.redhat.com/errata/RHSA-2025:7507
reference_id RHSA-2025:7507
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7507
20
reference_url https://bugzilla.mozilla.org/show_bug.cgi?id=1958385
reference_id show_bug.cgi?id=1958385
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T17:45:32Z/
url https://bugzilla.mozilla.org/show_bug.cgi?id=1958385
21
reference_url https://usn.ubuntu.com/7663-1/
reference_id USN-7663-1
reference_type
scores
url https://usn.ubuntu.com/7663-1/
fixed_packages
aliases CVE-2025-3523
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n9jq-77ud-v7c9
2
url VCID-rfve-tkv7-13dv
vulnerability_id VCID-rfve-tkv7-13dv
summary 
Thunderbird processes the X-Mozilla-External-Attachment-URL header
to handle attachments which can be hosted externally. When an
email is opened, Thunderbird accesses the specified URL to 
determine file size, and navigates to it when the user clicks the
attachment. Because the URL is not validated or sanitized, it can
reference internal resources like chrome:// or SMB share file:// links,
potentially leading to hashed Windows credential leakage and opening the
door to more serious security issues.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3522.json
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3522.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-3522
reference_id
reference_type
scores
0
value 0.0023
scoring_system epss
scoring_elements 0.45837
published_at 2026-04-21T12:55:00Z
1
value 0.0023
scoring_system epss
scoring_elements 0.45872
published_at 2026-04-11T12:55:00Z
2
value 0.0023
scoring_system epss
scoring_elements 0.45796
published_at 2026-04-07T12:55:00Z
3
value 0.0023
scoring_system epss
scoring_elements 0.45853
published_at 2026-04-08T12:55:00Z
4
value 0.0023
scoring_system epss
scoring_elements 0.4585
published_at 2026-04-09T12:55:00Z
5
value 0.0023
scoring_system epss
scoring_elements 0.45824
published_at 2026-04-02T12:55:00Z
6
value 0.0023
scoring_system epss
scoring_elements 0.45892
published_at 2026-04-18T12:55:00Z
7
value 0.0023
scoring_system epss
scoring_elements 0.45898
published_at 2026-04-16T12:55:00Z
8
value 0.0023
scoring_system epss
scoring_elements 0.45845
published_at 2026-04-13T12:55:00Z
9
value 0.0023
scoring_system epss
scoring_elements 0.45842
published_at 2026-04-12T12:55:00Z
10
value 0.0023
scoring_system epss
scoring_elements 0.45846
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-3522
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3522
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3522
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2359793
reference_id 2359793
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2359793
5
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2025-26
reference_id mfsa2025-26
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2025-26
6
reference_url https://www.mozilla.org/security/advisories/mfsa2025-26/
reference_id mfsa2025-26
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T18:49:37Z/
url https://www.mozilla.org/security/advisories/mfsa2025-26/
7
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2025-27
reference_id mfsa2025-27
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2025-27
8
reference_url https://www.mozilla.org/security/advisories/mfsa2025-27/
reference_id mfsa2025-27
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T18:49:37Z/
url https://www.mozilla.org/security/advisories/mfsa2025-27/
9
reference_url https://access.redhat.com/errata/RHSA-2025:4229
reference_id RHSA-2025:4229
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4229
10
reference_url https://access.redhat.com/errata/RHSA-2025:4389
reference_id RHSA-2025:4389
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4389
11
reference_url https://access.redhat.com/errata/RHSA-2025:4512
reference_id RHSA-2025:4512
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4512
12
reference_url https://access.redhat.com/errata/RHSA-2025:4513
reference_id RHSA-2025:4513
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4513
13
reference_url https://access.redhat.com/errata/RHSA-2025:4514
reference_id RHSA-2025:4514
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4514
14
reference_url https://access.redhat.com/errata/RHSA-2025:4617
reference_id RHSA-2025:4617
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4617
15
reference_url https://access.redhat.com/errata/RHSA-2025:4649
reference_id RHSA-2025:4649
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4649
16
reference_url https://access.redhat.com/errata/RHSA-2025:4654
reference_id RHSA-2025:4654
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4654
17
reference_url https://access.redhat.com/errata/RHSA-2025:4665
reference_id RHSA-2025:4665
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4665
18
reference_url https://access.redhat.com/errata/RHSA-2025:7435
reference_id RHSA-2025:7435
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7435
19
reference_url https://access.redhat.com/errata/RHSA-2025:7507
reference_id RHSA-2025:7507
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7507
20
reference_url https://bugzilla.mozilla.org/show_bug.cgi?id=1955372
reference_id show_bug.cgi?id=1955372
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T18:49:37Z/
url https://bugzilla.mozilla.org/show_bug.cgi?id=1955372
21
reference_url https://usn.ubuntu.com/7663-1/
reference_id USN-7663-1
reference_type
scores
url https://usn.ubuntu.com/7663-1/
fixed_packages
aliases CVE-2025-3522
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rfve-tkv7-13dv
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/thunderbird@128.9.2-1%3Farch=el8_10