Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/redmine@0?distro=trixie

Type deb

Namespace debian

Name redmine

Version 0

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 0.9.0~svn2902-1

Latest_non_vulnerable_version 6.0.6+ds-6

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-3xup-fkaz-e7hu

vulnerability_id VCID-3xup-fkaz-e7hu

summary A vulnerability has been found in Redmine 6.0.0/6.0.1/6.0.2/6.0.3 and classified as problematic. This vulnerability affects unknown code of the component Custom Query Handler. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 6.0.4 is able to address this issue. It is recommended to upgrade the affected component.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-4011

reference_id

reference_type

scores

value	0.00185
scoring_system	epss
scoring_elements	0.40361
published_at	2026-04-04T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40163
published_at	2026-04-24T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40242
published_at	2026-04-21T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40318
published_at	2026-04-18T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.4035
published_at	2026-04-16T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40303
published_at	2026-04-13T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.4036
published_at	2026-04-11T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40349
published_at	2026-04-09T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40337
published_at	2026-04-08T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40286
published_at	2026-04-07T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40336
published_at	2026-04-02T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40323
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-4011

reference_url

https://www.redmine.org/versions/206

reference_id

206

reference_type

scores

value	4
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:N/I:P/A:N

value	3.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T16:11:44Z/

url

https://www.redmine.org/versions/206

reference_url

https://www.redmine.org/issues/42238

reference_id

42238

reference_type

scores

value	4
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:N/I:P/A:N

value	3.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T16:11:44Z/

url

https://www.redmine.org/issues/42238

reference_url

https://vuldb.com/?ctiid.306364

reference_id

?ctiid.306364

reference_type

scores

value	4
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:N/I:P/A:N

value	3.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T16:11:44Z/

url

https://vuldb.com/?ctiid.306364

reference_url

https://vuldb.com/?id.306364

reference_id

?id.306364

reference_type

scores

value	4
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:N/I:P/A:N

value	3.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T16:11:44Z/

url

https://vuldb.com/?id.306364

reference_url

https://vuldb.com/?submit.558240

reference_id

?submit.558240

reference_type

scores

value	4
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:N/I:P/A:N

value	3.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T16:11:44Z/

url

https://vuldb.com/?submit.558240

fixed_packages

url	pkg:deb/debian/redmine@0?distro=trixie
purl	pkg:deb/debian/redmine@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@0%3Fdistro=trixie

url	pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/redmine@6.0.4%2Bds-1?distro=trixie
purl	pkg:deb/debian/redmine@6.0.4%2Bds-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.4%252Bds-1%3Fdistro=trixie

url	pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie
purl	pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie

url	pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie
purl	pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie

aliases CVE-2025-4011

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3xup-fkaz-e7hu

url VCID-pwfc-n1q7-b7e4

vulnerability_id VCID-pwfc-n1q7-b7e4

summary Redmine 4.2.0 and 4.2.1 allow existing user sessions to continue upon enabling two-factor authentication for the user's account, but the intended behavior is for those sessions to be terminated.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-37156

reference_id

reference_type

scores

value	0.00248
scoring_system	epss
scoring_elements	0.48041
published_at	2026-04-24T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.47989
published_at	2026-04-01T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48027
published_at	2026-04-02T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48048
published_at	2026-04-04T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.47998
published_at	2026-04-07T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48051
published_at	2026-04-08T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48044
published_at	2026-04-09T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48069
published_at	2026-04-11T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48045
published_at	2026-04-12T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48057
published_at	2026-04-13T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48109
published_at	2026-04-16T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48104
published_at	2026-04-18T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.4806
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-37156

reference_url

https://security.archlinux.org/AVG-1920

reference_id

AVG-1920

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1920

fixed_packages

url	pkg:deb/debian/redmine@0?distro=trixie
purl	pkg:deb/debian/redmine@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@0%3Fdistro=trixie

url	pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie
purl	pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie

url	pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie
purl	pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie

aliases CVE-2021-37156

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pwfc-n1q7-b7e4

url VCID-yjxe-atwc-6yec

vulnerability_id VCID-yjxe-atwc-6yec

summary Redmine 4.1.x before 4.1.2 allows XSS because an issue's subject is mishandled in the auto complete tip.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-29274

reference_id

reference_type

scores

value	0.00323
scoring_system	epss
scoring_elements	0.55325
published_at	2026-04-24T12:55:00Z

value	0.00323
scoring_system	epss
scoring_elements	0.55244
published_at	2026-04-01T12:55:00Z

value	0.00323
scoring_system	epss
scoring_elements	0.55343
published_at	2026-04-02T12:55:00Z

value	0.00323
scoring_system	epss
scoring_elements	0.55368
published_at	2026-04-04T12:55:00Z

value	0.00323
scoring_system	epss
scoring_elements	0.55346
published_at	2026-04-07T12:55:00Z

value	0.00323
scoring_system	epss
scoring_elements	0.55396
published_at	2026-04-09T12:55:00Z

value	0.00323
scoring_system	epss
scoring_elements	0.55407
published_at	2026-04-18T12:55:00Z

value	0.00323
scoring_system	epss
scoring_elements	0.55385
published_at	2026-04-12T12:55:00Z

value	0.00323
scoring_system	epss
scoring_elements	0.55367
published_at	2026-04-13T12:55:00Z

value	0.00323
scoring_system	epss
scoring_elements	0.55402
published_at	2026-04-16T12:55:00Z

value	0.00323
scoring_system	epss
scoring_elements	0.55386
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-29274

reference_url	https://security.archlinux.org/ASA-202105-1
reference_id	ASA-202105-1
reference_type
scores
url	https://security.archlinux.org/ASA-202105-1

reference_url

https://security.archlinux.org/AVG-1743

reference_id

AVG-1743

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1743

fixed_packages

url	pkg:deb/debian/redmine@0?distro=trixie
purl	pkg:deb/debian/redmine@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@0%3Fdistro=trixie

url	pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie
purl	pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie

url	pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie
purl	pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie

aliases CVE-2021-29274

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yjxe-atwc-6yec

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@0%3Fdistro=trixie

Package Instance