Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/redmine@5.0.0-1?distro=trixie

Type deb

Namespace debian

Name redmine

Version 5.0.0-1

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 5.0.4-1

Latest_non_vulnerable_version 6.0.6+ds-6

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-1fe1-sdn1-jfcw

vulnerability_id VCID-1fe1-sdn1-jfcw

summary Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows attackers to bypass the add_issue_notes permission requirement by leveraging the incoming mail handler.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-31864

reference_id

reference_type

scores

value	0.00217
scoring_system	epss
scoring_elements	0.44255
published_at	2026-04-21T12:55:00Z

value	0.00217
scoring_system	epss
scoring_elements	0.44212
published_at	2026-04-01T12:55:00Z

value	0.00217
scoring_system	epss
scoring_elements	0.4428
published_at	2026-04-02T12:55:00Z

value	0.00217
scoring_system	epss
scoring_elements	0.44302
published_at	2026-04-04T12:55:00Z

value	0.00217
scoring_system	epss
scoring_elements	0.44235
published_at	2026-04-07T12:55:00Z

value	0.00217
scoring_system	epss
scoring_elements	0.44288
published_at	2026-04-08T12:55:00Z

value	0.00217
scoring_system	epss
scoring_elements	0.44292
published_at	2026-04-09T12:55:00Z

value	0.00217
scoring_system	epss
scoring_elements	0.4431
published_at	2026-04-11T12:55:00Z

value	0.00217
scoring_system	epss
scoring_elements	0.44278
published_at	2026-04-12T12:55:00Z

value	0.00217
scoring_system	epss
scoring_elements	0.44277
published_at	2026-04-13T12:55:00Z

value	0.00217
scoring_system	epss
scoring_elements	0.44335
published_at	2026-04-16T12:55:00Z

value	0.00217
scoring_system	epss
scoring_elements	0.44326
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-31864

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990792
reference_id	990792
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990792

reference_url	https://security.archlinux.org/ASA-202105-1
reference_id	ASA-202105-1
reference_type
scores
url	https://security.archlinux.org/ASA-202105-1

reference_url

https://security.archlinux.org/AVG-1743

reference_id

AVG-1743

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1743

fixed_packages

url	pkg:deb/debian/redmine@5.0.0-1?distro=trixie
purl	pkg:deb/debian/redmine@5.0.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.0-1%3Fdistro=trixie

url	pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie
purl	pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie

url	pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie
purl	pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie

aliases CVE-2021-31864

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1fe1-sdn1-jfcw

url VCID-7nsr-5xpe-vke4

vulnerability_id VCID-7nsr-5xpe-vke4

summary Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController and MailHandlerController.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-31866

reference_id

reference_type

scores

value	0.00442
scoring_system	epss
scoring_elements	0.63306
published_at	2026-04-21T12:55:00Z

value	0.00442
scoring_system	epss
scoring_elements	0.63196
published_at	2026-04-01T12:55:00Z

value	0.00442
scoring_system	epss
scoring_elements	0.63255
published_at	2026-04-02T12:55:00Z

value	0.00442
scoring_system	epss
scoring_elements	0.63284
published_at	2026-04-04T12:55:00Z

value	0.00442
scoring_system	epss
scoring_elements	0.63249
published_at	2026-04-07T12:55:00Z

value	0.00442
scoring_system	epss
scoring_elements	0.633
published_at	2026-04-08T12:55:00Z

value	0.00442
scoring_system	epss
scoring_elements	0.63318
published_at	2026-04-09T12:55:00Z

value	0.00442
scoring_system	epss
scoring_elements	0.63335
published_at	2026-04-11T12:55:00Z

value	0.00442
scoring_system	epss
scoring_elements	0.63319
published_at	2026-04-16T12:55:00Z

value	0.00442
scoring_system	epss
scoring_elements	0.63283
published_at	2026-04-13T12:55:00Z

value	0.00442
scoring_system	epss
scoring_elements	0.63327
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-31866

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990792
reference_id	990792
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990792

reference_url	https://security.archlinux.org/ASA-202105-1
reference_id	ASA-202105-1
reference_type
scores
url	https://security.archlinux.org/ASA-202105-1

reference_url

https://security.archlinux.org/AVG-1743

reference_id

AVG-1743

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1743

fixed_packages

url	pkg:deb/debian/redmine@5.0.0-1?distro=trixie
purl	pkg:deb/debian/redmine@5.0.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.0-1%3Fdistro=trixie

url	pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie
purl	pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie

url	pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie
purl	pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie

aliases CVE-2021-31866

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7nsr-5xpe-vke4

url VCID-8cvp-423x-qfga

vulnerability_id VCID-8cvp-423x-qfga

summary Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the add_issue_notes permission requirement by leveraging the Issues API.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-30164

reference_id

reference_type

scores

value	0.00209
scoring_system	epss
scoring_elements	0.43324
published_at	2026-04-21T12:55:00Z

value	0.00209
scoring_system	epss
scoring_elements	0.43276
published_at	2026-04-01T12:55:00Z

value	0.00209
scoring_system	epss
scoring_elements	0.43333
published_at	2026-04-02T12:55:00Z

value	0.00209
scoring_system	epss
scoring_elements	0.43361
published_at	2026-04-04T12:55:00Z

value	0.00209
scoring_system	epss
scoring_elements	0.43299
published_at	2026-04-07T12:55:00Z

value	0.00209
scoring_system	epss
scoring_elements	0.43351
published_at	2026-04-08T12:55:00Z

value	0.00209
scoring_system	epss
scoring_elements	0.43366
published_at	2026-04-09T12:55:00Z

value	0.00209
scoring_system	epss
scoring_elements	0.43387
published_at	2026-04-11T12:55:00Z

value	0.00209
scoring_system	epss
scoring_elements	0.43355
published_at	2026-04-12T12:55:00Z

value	0.00209
scoring_system	epss
scoring_elements	0.4334
published_at	2026-04-13T12:55:00Z

value	0.00209
scoring_system	epss
scoring_elements	0.434
published_at	2026-04-16T12:55:00Z

value	0.00209
scoring_system	epss
scoring_elements	0.43389
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-30164

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986800
reference_id	986800
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986800

reference_url	https://security.archlinux.org/ASA-202105-1
reference_id	ASA-202105-1
reference_type
scores
url	https://security.archlinux.org/ASA-202105-1

reference_url

https://security.archlinux.org/AVG-1743

reference_id

AVG-1743

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1743

fixed_packages

url	pkg:deb/debian/redmine@5.0.0-1?distro=trixie
purl	pkg:deb/debian/redmine@5.0.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.0-1%3Fdistro=trixie

url	pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie
purl	pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie

url	pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie
purl	pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie

aliases CVE-2021-30164

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8cvp-423x-qfga

url VCID-a2t5-u2dx-5fc2

vulnerability_id VCID-a2t5-u2dx-5fc2

summary Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows users to circumvent the allowed filename extensions of uploaded attachments.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-31865

reference_id

reference_type

scores

value	0.00391
scoring_system	epss
scoring_elements	0.60174
published_at	2026-04-18T12:55:00Z

value	0.00391
scoring_system	epss
scoring_elements	0.60003
published_at	2026-04-01T12:55:00Z

value	0.00391
scoring_system	epss
scoring_elements	0.60081
published_at	2026-04-02T12:55:00Z

value	0.00391
scoring_system	epss
scoring_elements	0.60105
published_at	2026-04-04T12:55:00Z

value	0.00391
scoring_system	epss
scoring_elements	0.60075
published_at	2026-04-07T12:55:00Z

value	0.00391
scoring_system	epss
scoring_elements	0.60125
published_at	2026-04-08T12:55:00Z

value	0.00391
scoring_system	epss
scoring_elements	0.60139
published_at	2026-04-09T12:55:00Z

value	0.00391
scoring_system	epss
scoring_elements	0.6016
published_at	2026-04-21T12:55:00Z

value	0.00391
scoring_system	epss
scoring_elements	0.60145
published_at	2026-04-12T12:55:00Z

value	0.00391
scoring_system	epss
scoring_elements	0.60128
published_at	2026-04-13T12:55:00Z

value	0.00391
scoring_system	epss
scoring_elements	0.60167
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-31865

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990792
reference_id	990792
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990792

reference_url	https://security.archlinux.org/ASA-202105-1
reference_id	ASA-202105-1
reference_type
scores
url	https://security.archlinux.org/ASA-202105-1

reference_url

https://security.archlinux.org/AVG-1743

reference_id

AVG-1743

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1743

fixed_packages

url	pkg:deb/debian/redmine@5.0.0-1?distro=trixie
purl	pkg:deb/debian/redmine@5.0.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.0-1%3Fdistro=trixie

url	pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie
purl	pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie

url	pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie
purl	pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie

aliases CVE-2021-31865

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a2t5-u2dx-5fc2

url VCID-ghu6-c695-rqf9

vulnerability_id VCID-ghu6-c695-rqf9

summary Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of users on activity views due to an insufficient access filter.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-42326

reference_id

reference_type

scores

value	0.00506
scoring_system	epss
scoring_elements	0.66264
published_at	2026-04-18T12:55:00Z

value	0.00506
scoring_system	epss
scoring_elements	0.66139
published_at	2026-04-01T12:55:00Z

value	0.00506
scoring_system	epss
scoring_elements	0.6618
published_at	2026-04-02T12:55:00Z

value	0.00506
scoring_system	epss
scoring_elements	0.66207
published_at	2026-04-04T12:55:00Z

value	0.00506
scoring_system	epss
scoring_elements	0.66176
published_at	2026-04-07T12:55:00Z

value	0.00506
scoring_system	epss
scoring_elements	0.66224
published_at	2026-04-08T12:55:00Z

value	0.00506
scoring_system	epss
scoring_elements	0.66237
published_at	2026-04-09T12:55:00Z

value	0.00506
scoring_system	epss
scoring_elements	0.66257
published_at	2026-04-11T12:55:00Z

value	0.00506
scoring_system	epss
scoring_elements	0.66245
published_at	2026-04-12T12:55:00Z

value	0.00506
scoring_system	epss
scoring_elements	0.66214
published_at	2026-04-13T12:55:00Z

value	0.00506
scoring_system	epss
scoring_elements	0.66249
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-42326

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998417
reference_id	998417
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998417

reference_url

https://security.archlinux.org/AVG-2462

reference_id

AVG-2462

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2462

fixed_packages

url	pkg:deb/debian/redmine@5.0.0-1?distro=trixie
purl	pkg:deb/debian/redmine@5.0.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.0-1%3Fdistro=trixie

url	pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie
purl	pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie

url	pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie
purl	pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie

aliases CVE-2021-42326

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ghu6-c695-rqf9

url VCID-r8j4-1ux4-6ycy

vulnerability_id VCID-r8j4-1ux4-6ycy

summary Insufficient input validation in the Git repository integration of Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows Redmine users to read arbitrary local files accessible by the application server process.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-31863

reference_id

reference_type

scores

value	0.0079
scoring_system	epss
scoring_elements	0.73909
published_at	2026-04-21T12:55:00Z

value	0.0079
scoring_system	epss
scoring_elements	0.73819
published_at	2026-04-01T12:55:00Z

value	0.0079
scoring_system	epss
scoring_elements	0.73828
published_at	2026-04-02T12:55:00Z

value	0.0079
scoring_system	epss
scoring_elements	0.73853
published_at	2026-04-04T12:55:00Z

value	0.0079
scoring_system	epss
scoring_elements	0.73824
published_at	2026-04-07T12:55:00Z

value	0.0079
scoring_system	epss
scoring_elements	0.73858
published_at	2026-04-08T12:55:00Z

value	0.0079
scoring_system	epss
scoring_elements	0.73871
published_at	2026-04-09T12:55:00Z

value	0.0079
scoring_system	epss
scoring_elements	0.73893
published_at	2026-04-11T12:55:00Z

value	0.0079
scoring_system	epss
scoring_elements	0.73874
published_at	2026-04-12T12:55:00Z

value	0.0079
scoring_system	epss
scoring_elements	0.73866
published_at	2026-04-13T12:55:00Z

value	0.0079
scoring_system	epss
scoring_elements	0.73908
published_at	2026-04-16T12:55:00Z

value	0.0079
scoring_system	epss
scoring_elements	0.73917
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-31863

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990792
reference_id	990792
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990792

reference_url	https://security.archlinux.org/ASA-202105-1
reference_id	ASA-202105-1
reference_type
scores
url	https://security.archlinux.org/ASA-202105-1

reference_url

https://security.archlinux.org/AVG-1743

reference_id

AVG-1743

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1743

fixed_packages

url	pkg:deb/debian/redmine@5.0.0-1?distro=trixie
purl	pkg:deb/debian/redmine@5.0.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.0-1%3Fdistro=trixie

url	pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie
purl	pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie

url	pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie
purl	pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie

aliases CVE-2021-31863

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r8j4-1ux4-6ycy

url VCID-zbef-znuk-eqhr

vulnerability_id VCID-zbef-znuk-eqhr

summary Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discover the names of private projects if issue-journal details exist that have changes to project_id values.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-30163

reference_id

reference_type

scores

value	0.00495
scoring_system	epss
scoring_elements	0.65812
published_at	2026-04-18T12:55:00Z

value	0.00495
scoring_system	epss
scoring_elements	0.65678
published_at	2026-04-01T12:55:00Z

value	0.00495
scoring_system	epss
scoring_elements	0.65728
published_at	2026-04-02T12:55:00Z

value	0.00495
scoring_system	epss
scoring_elements	0.65758
published_at	2026-04-04T12:55:00Z

value	0.00495
scoring_system	epss
scoring_elements	0.65723
published_at	2026-04-07T12:55:00Z

value	0.00495
scoring_system	epss
scoring_elements	0.65776
published_at	2026-04-08T12:55:00Z

value	0.00495
scoring_system	epss
scoring_elements	0.65787
published_at	2026-04-09T12:55:00Z

value	0.00495
scoring_system	epss
scoring_elements	0.65807
published_at	2026-04-11T12:55:00Z

value	0.00495
scoring_system	epss
scoring_elements	0.65793
published_at	2026-04-12T12:55:00Z

value	0.00495
scoring_system	epss
scoring_elements	0.65763
published_at	2026-04-13T12:55:00Z

value	0.00495
scoring_system	epss
scoring_elements	0.65798
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-30163

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986800
reference_id	986800
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986800

reference_url	https://security.archlinux.org/ASA-202105-1
reference_id	ASA-202105-1
reference_type
scores
url	https://security.archlinux.org/ASA-202105-1

reference_url

https://security.archlinux.org/AVG-1743

reference_id

AVG-1743

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1743

fixed_packages

url	pkg:deb/debian/redmine@5.0.0-1?distro=trixie
purl	pkg:deb/debian/redmine@5.0.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.0-1%3Fdistro=trixie

url	pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie
purl	pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie

url	pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie
purl	pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie

aliases CVE-2021-30163

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zbef-znuk-eqhr

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.0-1%3Fdistro=trixie

Package Instance