Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/calibre@9.2.0%2Bds%2B~0.10.5-1?distro=trixie

Type deb

Namespace debian

Name calibre

Version 9.2.0+ds+~0.10.5-1

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 9.3.0+ds+~0.10.5-1

Latest_non_vulnerable_version 9.7.0+ds+~0.10.5-2

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-jwpx-aqjh-dqej

vulnerability_id VCID-jwpx-aqjh-dqej

summary calibre: Calibre: Remote Code Execution via path traversal in CHM reader

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25635.json

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25635.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-25635

reference_id

reference_type

scores

value	0.00082
scoring_system	epss
scoring_elements	0.24132
published_at	2026-04-02T12:55:00Z

value	0.00082
scoring_system	epss
scoring_elements	0.23956
published_at	2026-04-07T12:55:00Z

value	0.00082
scoring_system	epss
scoring_elements	0.2417
published_at	2026-04-04T12:55:00Z

value	0.00082
scoring_system	epss
scoring_elements	0.24023
published_at	2026-04-08T12:55:00Z

value	0.00082
scoring_system	epss
scoring_elements	0.24069
published_at	2026-04-09T12:55:00Z

value	0.00082
scoring_system	epss
scoring_elements	0.24087
published_at	2026-04-11T12:55:00Z

value	0.00082
scoring_system	epss
scoring_elements	0.24043
published_at	2026-04-12T12:55:00Z

value	0.00082
scoring_system	epss
scoring_elements	0.23986
published_at	2026-04-13T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26254
published_at	2026-04-16T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26194
published_at	2026-04-21T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26229
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-25635

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25635
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25635

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2437936
reference_id	2437936
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2437936

reference_url

https://github.com/kovidgoyal/calibre/commit/9739232fcb029ac15dfe52ccd4fdb4a07ebb6ce9

reference_id

9739232fcb029ac15dfe52ccd4fdb4a07ebb6ce9

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-09T15:20:48Z/

url

https://github.com/kovidgoyal/calibre/commit/9739232fcb029ac15dfe52ccd4fdb4a07ebb6ce9

reference_url

https://github.com/kovidgoyal/calibre/security/advisories/GHSA-32vh-whvh-9fxr

reference_id

GHSA-32vh-whvh-9fxr

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-09T15:20:48Z/

url

https://github.com/kovidgoyal/calibre/security/advisories/GHSA-32vh-whvh-9fxr

fixed_packages

url	pkg:deb/debian/calibre@9.2.0%2Bds%2B~0.10.5-1?distro=trixie
purl	pkg:deb/debian/calibre@9.2.0%2Bds%2B~0.10.5-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@9.2.0%252Bds%252B~0.10.5-1%3Fdistro=trixie

url	pkg:deb/debian/calibre@9.6.0%2Bds%2B~0.10.5-5?distro=trixie
purl	pkg:deb/debian/calibre@9.6.0%2Bds%2B~0.10.5-5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@9.6.0%252Bds%252B~0.10.5-5%3Fdistro=trixie

url	pkg:deb/debian/calibre@9.6.0%2Bds%2B~0.10.5-6?distro=trixie
purl	pkg:deb/debian/calibre@9.6.0%2Bds%2B~0.10.5-6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@9.6.0%252Bds%252B~0.10.5-6%3Fdistro=trixie

url	pkg:deb/debian/calibre@9.7.0%2Bds%2B~0.10.5-2?distro=trixie
purl	pkg:deb/debian/calibre@9.7.0%2Bds%2B~0.10.5-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@9.7.0%252Bds%252B~0.10.5-2%3Fdistro=trixie

aliases CVE-2026-25635

risk_score 3.9

exploitability 0.5

weighted_severity 7.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jwpx-aqjh-dqej

url VCID-vq4p-dvg4-eudz

vulnerability_id VCID-vq4p-dvg4-eudz

summary calibre: Calibre: Arbitrary file corruption via path traversal in EPUB conversion

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25636.json

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25636.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-25636

reference_id

reference_type

scores

value	0.00022
scoring_system	epss
scoring_elements	0.05964
published_at	2026-04-07T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05948
published_at	2026-04-02T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05981
published_at	2026-04-04T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.06003
published_at	2026-04-08T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.06041
published_at	2026-04-09T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.06031
published_at	2026-04-11T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.06022
published_at	2026-04-12T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.06014
published_at	2026-04-13T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07061
published_at	2026-04-18T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07085
published_at	2026-04-16T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07192
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-25636

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25636
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25636

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2437730
reference_id	2437730
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2437730

reference_url

https://github.com/kovidgoyal/calibre/commit/9484ea82c6ab226c18e6ca5aa000fa16de598726

reference_id

9484ea82c6ab226c18e6ca5aa000fa16de598726

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-09T15:19:25Z/

url

https://github.com/kovidgoyal/calibre/commit/9484ea82c6ab226c18e6ca5aa000fa16de598726

reference_url

https://github.com/kovidgoyal/calibre/security/advisories/GHSA-8r26-m7j5-hm29

reference_id

GHSA-8r26-m7j5-hm29

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-09T15:19:25Z/

url

https://github.com/kovidgoyal/calibre/security/advisories/GHSA-8r26-m7j5-hm29

fixed_packages

url	pkg:deb/debian/calibre@9.2.0%2Bds%2B~0.10.5-1?distro=trixie
purl	pkg:deb/debian/calibre@9.2.0%2Bds%2B~0.10.5-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@9.2.0%252Bds%252B~0.10.5-1%3Fdistro=trixie

url	pkg:deb/debian/calibre@9.6.0%2Bds%2B~0.10.5-5?distro=trixie
purl	pkg:deb/debian/calibre@9.6.0%2Bds%2B~0.10.5-5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@9.6.0%252Bds%252B~0.10.5-5%3Fdistro=trixie

url	pkg:deb/debian/calibre@9.6.0%2Bds%2B~0.10.5-6?distro=trixie
purl	pkg:deb/debian/calibre@9.6.0%2Bds%2B~0.10.5-6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@9.6.0%252Bds%252B~0.10.5-6%3Fdistro=trixie

url	pkg:deb/debian/calibre@9.7.0%2Bds%2B~0.10.5-2?distro=trixie
purl	pkg:deb/debian/calibre@9.7.0%2Bds%2B~0.10.5-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@9.7.0%252Bds%252B~0.10.5-2%3Fdistro=trixie

aliases CVE-2026-25636

risk_score 3.7

exploitability 0.5

weighted_severity 7.4

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vq4p-dvg4-eudz

url VCID-zhz3-1799-a7hk

vulnerability_id VCID-zhz3-1799-a7hk

summary calibre: Calibre: Arbitrary Code Execution via malicious custom template file during ebook conversion

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25731.json

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25731.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-25731

reference_id

reference_type

scores

value	0.0001
scoring_system	epss
scoring_elements	0.01247
published_at	2026-04-21T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01166
published_at	2026-04-16T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01177
published_at	2026-04-18T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00905
published_at	2026-04-02T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00898
published_at	2026-04-11T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00893
published_at	2026-04-12T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00895
published_at	2026-04-13T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00907
published_at	2026-04-04T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.0091
published_at	2026-04-09T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00913
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-25731

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25731
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25731

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2437917
reference_id	2437917
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2437917

reference_url

https://github.com/kovidgoyal/calibre/commit/f0649b27512e987b95fcab2e1e0a3bcdafc23379

reference_id

f0649b27512e987b95fcab2e1e0a3bcdafc23379

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-02-06T21:01:31Z/

url

https://github.com/kovidgoyal/calibre/commit/f0649b27512e987b95fcab2e1e0a3bcdafc23379

reference_url

https://github.com/kovidgoyal/calibre/security/advisories/GHSA-xrh9-w7qx-3gcc

reference_id

GHSA-xrh9-w7qx-3gcc

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-02-06T21:01:31Z/

url

https://github.com/kovidgoyal/calibre/security/advisories/GHSA-xrh9-w7qx-3gcc

fixed_packages

url	pkg:deb/debian/calibre@9.2.0%2Bds%2B~0.10.5-1?distro=trixie
purl	pkg:deb/debian/calibre@9.2.0%2Bds%2B~0.10.5-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@9.2.0%252Bds%252B~0.10.5-1%3Fdistro=trixie

url	pkg:deb/debian/calibre@9.6.0%2Bds%2B~0.10.5-5?distro=trixie
purl	pkg:deb/debian/calibre@9.6.0%2Bds%2B~0.10.5-5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@9.6.0%252Bds%252B~0.10.5-5%3Fdistro=trixie

url	pkg:deb/debian/calibre@9.6.0%2Bds%2B~0.10.5-6?distro=trixie
purl	pkg:deb/debian/calibre@9.6.0%2Bds%2B~0.10.5-6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@9.6.0%252Bds%252B~0.10.5-6%3Fdistro=trixie

url	pkg:deb/debian/calibre@9.7.0%2Bds%2B~0.10.5-2?distro=trixie
purl	pkg:deb/debian/calibre@9.7.0%2Bds%2B~0.10.5-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@9.7.0%252Bds%252B~0.10.5-2%3Fdistro=trixie

aliases CVE-2026-25731

risk_score 3.5

exploitability 0.5

weighted_severity 7.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zhz3-1799-a7hk

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@9.2.0%252Bds%252B~0.10.5-1%3Fdistro=trixie

Package Instance