Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/mbedtls@3.6.3-1?distro=trixie
Typedeb
Namespacedebian
Namembedtls
Version3.6.3-1
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version3.6.4-1
Latest_non_vulnerable_version3.6.4-1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-gvkn-6e2m-dyez
vulnerability_id VCID-gvkn-6e2m-dyez
summary Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted certificates for arbitrary hostnames unless the TLS client application calls mbedtls_ssl_set_hostname.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-27809
reference_id
reference_type
scores
0
value 0.00081
scoring_system epss
scoring_elements 0.23706
published_at 2026-04-21T12:55:00Z
1
value 0.00081
scoring_system epss
scoring_elements 0.23731
published_at 2026-04-13T12:55:00Z
2
value 0.00081
scoring_system epss
scoring_elements 0.23741
published_at 2026-04-16T12:55:00Z
3
value 0.00081
scoring_system epss
scoring_elements 0.23729
published_at 2026-04-18T12:55:00Z
4
value 0.00081
scoring_system epss
scoring_elements 0.23872
published_at 2026-04-02T12:55:00Z
5
value 0.00081
scoring_system epss
scoring_elements 0.23912
published_at 2026-04-04T12:55:00Z
6
value 0.00081
scoring_system epss
scoring_elements 0.23701
published_at 2026-04-07T12:55:00Z
7
value 0.00081
scoring_system epss
scoring_elements 0.23771
published_at 2026-04-08T12:55:00Z
8
value 0.00081
scoring_system epss
scoring_elements 0.23818
published_at 2026-04-09T12:55:00Z
9
value 0.00081
scoring_system epss
scoring_elements 0.23832
published_at 2026-04-11T12:55:00Z
10
value 0.00081
scoring_system epss
scoring_elements 0.23788
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-27809
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27809
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27809
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101499
reference_id 1101499
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101499
3
reference_url https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-1/
reference_id mbedtls-security-advisory-2025-03-1
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-25T14:41:49Z/
url https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-1/
4
reference_url https://github.com/Mbed-TLS/mbedtls/releases
reference_id releases
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-25T14:41:49Z/
url https://github.com/Mbed-TLS/mbedtls/releases
fixed_packages
0
url pkg:deb/debian/mbedtls@3.6.3-1?distro=trixie
purl pkg:deb/debian/mbedtls@3.6.3-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.3-1%3Fdistro=trixie
1
url pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie
purl pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4sbv-dqyv-6baw
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie
2
url pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie
purl pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4sbv-dqyv-6baw
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie
aliases CVE-2025-27809
risk_score 2.5
exploitability 0.5
weighted_severity 4.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gvkn-6e2m-dyez
1
url VCID-kchn-2wez-bbb2
vulnerability_id VCID-kchn-2wez-bbb2
summary Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialized stack memory to compose the TLS Finished message, potentially leading to authentication bypasses such as replays.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-27810
reference_id
reference_type
scores
0
value 0.00099
scoring_system epss
scoring_elements 0.26997
published_at 2026-04-21T12:55:00Z
1
value 0.00099
scoring_system epss
scoring_elements 0.27051
published_at 2026-04-13T12:55:00Z
2
value 0.00099
scoring_system epss
scoring_elements 0.2706
published_at 2026-04-16T12:55:00Z
3
value 0.00099
scoring_system epss
scoring_elements 0.27035
published_at 2026-04-18T12:55:00Z
4
value 0.00099
scoring_system epss
scoring_elements 0.27203
published_at 2026-04-02T12:55:00Z
5
value 0.00099
scoring_system epss
scoring_elements 0.27239
published_at 2026-04-04T12:55:00Z
6
value 0.00099
scoring_system epss
scoring_elements 0.27032
published_at 2026-04-07T12:55:00Z
7
value 0.00099
scoring_system epss
scoring_elements 0.27101
published_at 2026-04-08T12:55:00Z
8
value 0.00099
scoring_system epss
scoring_elements 0.27147
published_at 2026-04-09T12:55:00Z
9
value 0.00099
scoring_system epss
scoring_elements 0.27153
published_at 2026-04-11T12:55:00Z
10
value 0.00099
scoring_system epss
scoring_elements 0.27109
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-27810
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27810
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27810
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101499
reference_id 1101499
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101499
3
reference_url https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-2/
reference_id mbedtls-security-advisory-2025-03-2
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-25T14:36:57Z/
url https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-2/
4
reference_url https://github.com/Mbed-TLS/mbedtls/releases
reference_id releases
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-25T14:36:57Z/
url https://github.com/Mbed-TLS/mbedtls/releases
5
reference_url https://usn.ubuntu.com/8123-1/
reference_id USN-8123-1
reference_type
scores
url https://usn.ubuntu.com/8123-1/
fixed_packages
0
url pkg:deb/debian/mbedtls@3.6.3-1?distro=trixie
purl pkg:deb/debian/mbedtls@3.6.3-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.3-1%3Fdistro=trixie
1
url pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie
purl pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4sbv-dqyv-6baw
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie
2
url pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie
purl pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4sbv-dqyv-6baw
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie
aliases CVE-2025-27810
risk_score 2.5
exploitability 0.5
weighted_severity 4.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kchn-2wez-bbb2
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.3-1%3Fdistro=trixie