Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/calibre@9.4.0%2Bds%2B~0.10.5-1?distro=trixie
Typedeb
Namespacedebian
Namecalibre
Version9.4.0+ds+~0.10.5-1
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version9.5.0+ds+~0.10.5-1
Latest_non_vulnerable_version9.7.0+ds+~0.10.5-2
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-hgmk-8s7s-tfdb
vulnerability_id VCID-hgmk-8s7s-tfdb
summary calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, an HTTP Response Header Injection vulnerability in the calibre Content Server allows any authenticated user to inject arbitrary HTTP headers into server responses via an unsanitized `content_disposition` query parameter in the `/get/` and `/data-files/get/` endpoints. All users running the calibre Content Server with authentication enabled are affected. The vulnerability is exploitable by any authenticated user and can also be triggered by tricking an authenticated victim into clicking a crafted link. Version 9.4.0 contains a fix for the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-27810
reference_id
reference_type
scores
0
value 0.00052
scoring_system epss
scoring_elements 0.16338
published_at 2026-04-21T12:55:00Z
1
value 0.00052
scoring_system epss
scoring_elements 0.16303
published_at 2026-04-18T12:55:00Z
2
value 0.00052
scoring_system epss
scoring_elements 0.16461
published_at 2026-04-02T12:55:00Z
3
value 0.00052
scoring_system epss
scoring_elements 0.16523
published_at 2026-04-04T12:55:00Z
4
value 0.00052
scoring_system epss
scoring_elements 0.16319
published_at 2026-04-07T12:55:00Z
5
value 0.00052
scoring_system epss
scoring_elements 0.16404
published_at 2026-04-08T12:55:00Z
6
value 0.00052
scoring_system epss
scoring_elements 0.16463
published_at 2026-04-09T12:55:00Z
7
value 0.00052
scoring_system epss
scoring_elements 0.16448
published_at 2026-04-11T12:55:00Z
8
value 0.00052
scoring_system epss
scoring_elements 0.16409
published_at 2026-04-12T12:55:00Z
9
value 0.00052
scoring_system epss
scoring_elements 0.16346
published_at 2026-04-13T12:55:00Z
10
value 0.00052
scoring_system epss
scoring_elements 0.16283
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-27810
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27810
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27810
2
reference_url https://github.com/kovidgoyal/calibre/security/advisories/GHSA-5fpj-fxw7-8grw
reference_id GHSA-5fpj-fxw7-8grw
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-02T12:53:21Z/
url https://github.com/kovidgoyal/calibre/security/advisories/GHSA-5fpj-fxw7-8grw
fixed_packages
0
url pkg:deb/debian/calibre@9.4.0%2Bds%2B~0.10.5-1?distro=trixie
purl pkg:deb/debian/calibre@9.4.0%2Bds%2B~0.10.5-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@9.4.0%252Bds%252B~0.10.5-1%3Fdistro=trixie
1
url pkg:deb/debian/calibre@9.6.0%2Bds%2B~0.10.5-5?distro=trixie
purl pkg:deb/debian/calibre@9.6.0%2Bds%2B~0.10.5-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@9.6.0%252Bds%252B~0.10.5-5%3Fdistro=trixie
2
url pkg:deb/debian/calibre@9.6.0%2Bds%2B~0.10.5-6?distro=trixie
purl pkg:deb/debian/calibre@9.6.0%2Bds%2B~0.10.5-6?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@9.6.0%252Bds%252B~0.10.5-6%3Fdistro=trixie
3
url pkg:deb/debian/calibre@9.7.0%2Bds%2B~0.10.5-2?distro=trixie
purl pkg:deb/debian/calibre@9.7.0%2Bds%2B~0.10.5-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@9.7.0%252Bds%252B~0.10.5-2%3Fdistro=trixie
aliases CVE-2026-27810
risk_score 2.9
exploitability 0.5
weighted_severity 5.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hgmk-8s7s-tfdb
1
url VCID-nj3z-4ya4-bqf7
vulnerability_id VCID-nj3z-4ya4-bqf7
summary calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, the calibre Content Server's brute-force protection mechanism uses a ban key derived from both `remote_addr` and the `X-Forwarded-For` header. Since the `X-Forwarded-For` header is read directly from the HTTP request without any validation or trusted-proxy configuration, an attacker can bypass IP-based bans by simply changing or adding this header, rendering the brute-force protection completely ineffective. This is particularly dangerous for calibre servers exposed to the internet, where brute-force protection is the primary defense against credential stuffing and password guessing attacks. Version 9.4.0 contains a fix for the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-27824
reference_id
reference_type
scores
0
value 0.0002
scoring_system epss
scoring_elements 0.05368
published_at 2026-04-02T12:55:00Z
1
value 0.0002
scoring_system epss
scoring_elements 0.05398
published_at 2026-04-04T12:55:00Z
2
value 0.0002
scoring_system epss
scoring_elements 0.05405
published_at 2026-04-07T12:55:00Z
3
value 0.0002
scoring_system epss
scoring_elements 0.0544
published_at 2026-04-08T12:55:00Z
4
value 0.0002
scoring_system epss
scoring_elements 0.05461
published_at 2026-04-09T12:55:00Z
5
value 0.00027
scoring_system epss
scoring_elements 0.07605
published_at 2026-04-18T12:55:00Z
6
value 0.00027
scoring_system epss
scoring_elements 0.07756
published_at 2026-04-21T12:55:00Z
7
value 0.00027
scoring_system epss
scoring_elements 0.07722
published_at 2026-04-11T12:55:00Z
8
value 0.00027
scoring_system epss
scoring_elements 0.07707
published_at 2026-04-12T12:55:00Z
9
value 0.00027
scoring_system epss
scoring_elements 0.07692
published_at 2026-04-13T12:55:00Z
10
value 0.00027
scoring_system epss
scoring_elements 0.07617
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-27824
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27824
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27824
2
reference_url https://github.com/kovidgoyal/calibre/security/advisories/GHSA-vhxc-r7v8-2xrw
reference_id GHSA-vhxc-r7v8-2xrw
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-02T12:54:19Z/
url https://github.com/kovidgoyal/calibre/security/advisories/GHSA-vhxc-r7v8-2xrw
fixed_packages
0
url pkg:deb/debian/calibre@9.4.0%2Bds%2B~0.10.5-1?distro=trixie
purl pkg:deb/debian/calibre@9.4.0%2Bds%2B~0.10.5-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@9.4.0%252Bds%252B~0.10.5-1%3Fdistro=trixie
1
url pkg:deb/debian/calibre@9.6.0%2Bds%2B~0.10.5-5?distro=trixie
purl pkg:deb/debian/calibre@9.6.0%2Bds%2B~0.10.5-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@9.6.0%252Bds%252B~0.10.5-5%3Fdistro=trixie
2
url pkg:deb/debian/calibre@9.6.0%2Bds%2B~0.10.5-6?distro=trixie
purl pkg:deb/debian/calibre@9.6.0%2Bds%2B~0.10.5-6?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@9.6.0%252Bds%252B~0.10.5-6%3Fdistro=trixie
3
url pkg:deb/debian/calibre@9.7.0%2Bds%2B~0.10.5-2?distro=trixie
purl pkg:deb/debian/calibre@9.7.0%2Bds%2B~0.10.5-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@9.7.0%252Bds%252B~0.10.5-2%3Fdistro=trixie
aliases CVE-2026-27824
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nj3z-4ya4-bqf7
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@9.4.0%252Bds%252B~0.10.5-1%3Fdistro=trixie