Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/curl@8.18.0~rc2-1?distro=trixie
Typedeb
Namespacedebian
Namecurl
Version8.18.0~rc2-1
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version8.18.0~rc3-1
Latest_non_vulnerable_version8.20.0~rc2-1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-kt4b-7ffh-4bch
vulnerability_id VCID-kt4b-7ffh-4bch
summary 
When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `--pinnedpubkey`
with the curl tool,curl should check the public key of the server certificate
to verify the peer.

This check was skipped in a certain condition that would then make curl allow
the connection without performing the proper check, thus not noticing a
possible impostor. To skip this check, the connection had to be done with QUIC
with ngtcp2 built to use GnuTLS and the user had to explicitly disable the
standard certificate verification.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13034.json
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13034.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-13034
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01204
published_at 2026-04-02T12:55:00Z
1
value 0.00011
scoring_system epss
scoring_elements 0.01212
published_at 2026-04-18T12:55:00Z
2
value 0.00011
scoring_system epss
scoring_elements 0.01226
published_at 2026-04-08T12:55:00Z
3
value 0.00011
scoring_system epss
scoring_elements 0.0123
published_at 2026-04-09T12:55:00Z
4
value 0.00011
scoring_system epss
scoring_elements 0.01213
published_at 2026-04-11T12:55:00Z
5
value 0.00011
scoring_system epss
scoring_elements 0.01207
published_at 2026-04-12T12:55:00Z
6
value 0.00011
scoring_system epss
scoring_elements 0.01209
published_at 2026-04-13T12:55:00Z
7
value 0.00011
scoring_system epss
scoring_elements 0.012
published_at 2026-04-16T12:55:00Z
8
value 0.00011
scoring_system epss
scoring_elements 0.01211
published_at 2026-04-04T12:55:00Z
9
value 0.00011
scoring_system epss
scoring_elements 0.0122
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-13034
2
reference_url https://curl.se/docs/CVE-2025-13034.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Medium
scoring_system cvssv3.1
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T14:56:11Z/
url https://curl.se/docs/CVE-2025-13034.html
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2426406
reference_id 2426406
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2426406
5
reference_url https://curl.se/docs/CVE-2025-13034.json
reference_id CVE-2025-13034.json
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T14:56:11Z/
url https://curl.se/docs/CVE-2025-13034.json
6
reference_url https://usn.ubuntu.com/8062-1/
reference_id USN-8062-1
reference_type
scores
url https://usn.ubuntu.com/8062-1/
fixed_packages
0
url pkg:deb/debian/curl@0?distro=trixie
purl pkg:deb/debian/curl@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie
1
url pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie
purl pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2cx5-1qnw-uufj
1
vulnerability VCID-2szj-xvgq-pkfr
2
vulnerability VCID-4e1k-7bj9-hfch
3
vulnerability VCID-4gze-cwtp-2bgr
4
vulnerability VCID-4seq-hvbx-7fg8
5
vulnerability VCID-56wg-yafz-gkgx
6
vulnerability VCID-6we4-n888-6qhe
7
vulnerability VCID-8zks-th64-33b8
8
vulnerability VCID-ddgz-rczw-jqfw
9
vulnerability VCID-etzn-uhck-h7b2
10
vulnerability VCID-mkyr-w79c-qqfz
11
vulnerability VCID-nvzd-v3bs-6qek
12
vulnerability VCID-pwn6-j8vf-rufk
13
vulnerability VCID-qbpd-star-6fgn
14
vulnerability VCID-qpux-jh6k-8qhx
15
vulnerability VCID-vbbv-k1r7-kkas
16
vulnerability VCID-x57x-w8g8-7ybz
17
vulnerability VCID-xpss-yndr-mycj
18
vulnerability VCID-yaas-j3qk-kfdg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie
2
url pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie
purl pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2cx5-1qnw-uufj
1
vulnerability VCID-2szj-xvgq-pkfr
2
vulnerability VCID-5xp7-mcsa-uqd4
3
vulnerability VCID-6we4-n888-6qhe
4
vulnerability VCID-8zks-th64-33b8
5
vulnerability VCID-etzn-uhck-h7b2
6
vulnerability VCID-ksap-zrmb-ebcu
7
vulnerability VCID-mkyr-w79c-qqfz
8
vulnerability VCID-nvzd-v3bs-6qek
9
vulnerability VCID-qpux-jh6k-8qhx
10
vulnerability VCID-vbbv-k1r7-kkas
11
vulnerability VCID-x57x-w8g8-7ybz
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie
3
url pkg:deb/debian/curl@8.18.0~rc2-1?distro=trixie
purl pkg:deb/debian/curl@8.18.0~rc2-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.18.0~rc2-1%3Fdistro=trixie
4
url pkg:deb/debian/curl@8.19.0-3?distro=trixie
purl pkg:deb/debian/curl@8.19.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie
5
url pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
purl pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie
aliases CVE-2025-13034
risk_score 3.0
exploitability 0.5
weighted_severity 6.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kt4b-7ffh-4bch
1
url VCID-mkyr-w79c-qqfz
vulnerability_id VCID-mkyr-w79c-qqfz
summary curl: curl: Security bypass due to global TLS option changes in multi-threaded LDAPS transfers
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14017.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14017.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-14017
reference_id
reference_type
scores
0
value 7e-05
scoring_system epss
scoring_elements 0.00584
published_at 2026-04-18T12:55:00Z
1
value 7e-05
scoring_system epss
scoring_elements 0.00595
published_at 2026-04-07T12:55:00Z
2
value 7e-05
scoring_system epss
scoring_elements 0.00587
published_at 2026-04-09T12:55:00Z
3
value 7e-05
scoring_system epss
scoring_elements 0.00586
published_at 2026-04-11T12:55:00Z
4
value 7e-05
scoring_system epss
scoring_elements 0.00582
published_at 2026-04-12T12:55:00Z
5
value 7e-05
scoring_system epss
scoring_elements 0.00583
published_at 2026-04-13T12:55:00Z
6
value 7e-05
scoring_system epss
scoring_elements 0.00579
published_at 2026-04-16T12:55:00Z
7
value 7e-05
scoring_system epss
scoring_elements 0.006
published_at 2026-04-02T12:55:00Z
8
value 7e-05
scoring_system epss
scoring_elements 0.00593
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-14017
2
reference_url https://curl.se/docs/CVE-2025-14017.html
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value Medium
scoring_system cvssv3.1
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-16T15:39:09Z/
url https://curl.se/docs/CVE-2025-14017.html
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2427870
reference_id 2427870
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2427870
6
reference_url https://curl.se/docs/CVE-2025-14017.json
reference_id CVE-2025-14017.json
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-16T15:39:09Z/
url https://curl.se/docs/CVE-2025-14017.json
7
reference_url https://usn.ubuntu.com/8062-1/
reference_id USN-8062-1
reference_type
scores
url https://usn.ubuntu.com/8062-1/
8
reference_url https://usn.ubuntu.com/8062-2/
reference_id USN-8062-2
reference_type
scores
url https://usn.ubuntu.com/8062-2/
fixed_packages
0
url pkg:deb/debian/curl@8.18.0~rc2-1?distro=trixie
purl pkg:deb/debian/curl@8.18.0~rc2-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.18.0~rc2-1%3Fdistro=trixie
1
url pkg:deb/debian/curl@8.19.0-3?distro=trixie
purl pkg:deb/debian/curl@8.19.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie
2
url pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
purl pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie
aliases CVE-2025-14017
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mkyr-w79c-qqfz
2
url VCID-x57x-w8g8-7ybz
vulnerability_id VCID-x57x-w8g8-7ybz
summary When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14524.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14524.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-14524
reference_id
reference_type
scores
0
value 0.00026
scoring_system epss
scoring_elements 0.07128
published_at 2026-04-02T12:55:00Z
1
value 0.00026
scoring_system epss
scoring_elements 0.07127
published_at 2026-04-18T12:55:00Z
2
value 0.00026
scoring_system epss
scoring_elements 0.07177
published_at 2026-04-04T12:55:00Z
3
value 0.00026
scoring_system epss
scoring_elements 0.07151
published_at 2026-04-07T12:55:00Z
4
value 0.00026
scoring_system epss
scoring_elements 0.07206
published_at 2026-04-08T12:55:00Z
5
value 0.00026
scoring_system epss
scoring_elements 0.07237
published_at 2026-04-09T12:55:00Z
6
value 0.00026
scoring_system epss
scoring_elements 0.07234
published_at 2026-04-11T12:55:00Z
7
value 0.00026
scoring_system epss
scoring_elements 0.07222
published_at 2026-04-12T12:55:00Z
8
value 0.00026
scoring_system epss
scoring_elements 0.07212
published_at 2026-04-13T12:55:00Z
9
value 0.00026
scoring_system epss
scoring_elements 0.0715
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-14524
2
reference_url https://curl.se/docs/CVE-2025-14524.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value Low
scoring_system cvssv3.1
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-09T19:24:54Z/
url https://curl.se/docs/CVE-2025-14524.html
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14524
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14524
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://hackerone.com/reports/3459417
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-09T19:24:54Z/
url https://hackerone.com/reports/3459417
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2426407
reference_id 2426407
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2426407
7
reference_url https://curl.se/docs/CVE-2025-14524.json
reference_id CVE-2025-14524.json
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-09T19:24:54Z/
url https://curl.se/docs/CVE-2025-14524.json
8
reference_url https://usn.ubuntu.com/8062-1/
reference_id USN-8062-1
reference_type
scores
url https://usn.ubuntu.com/8062-1/
fixed_packages
0
url pkg:deb/debian/curl@8.18.0~rc2-1?distro=trixie
purl pkg:deb/debian/curl@8.18.0~rc2-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.18.0~rc2-1%3Fdistro=trixie
1
url pkg:deb/debian/curl@8.19.0-3?distro=trixie
purl pkg:deb/debian/curl@8.19.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie
2
url pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
purl pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie
aliases CVE-2025-14524
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x57x-w8g8-7ybz
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.18.0~rc2-1%3Fdistro=trixie