Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/ruby2.7@0?distro=bullseye
Typedeb
Namespacedebian
Nameruby2.7
Version0
Qualifiers
distro bullseye
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version2.7.1-1
Latest_non_vulnerable_version2.7.4-1+deb11u5
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-d6tn-s1q2-a3hc
vulnerability_id VCID-d6tn-s1q2-a3hc
summary 
Unsafe object creation in json RubyGem
The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269/GHSA-x457-cw4h-hq5f, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00004.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00004.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10663.json
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10663.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-10663
reference_id
reference_type
scores
0
value 0.07526
scoring_system epss
scoring_elements 0.91832
published_at 2026-04-16T12:55:00Z
1
value 0.07526
scoring_system epss
scoring_elements 0.91813
published_at 2026-04-13T12:55:00Z
2
value 0.07526
scoring_system epss
scoring_elements 0.91817
published_at 2026-04-12T12:55:00Z
3
value 0.07526
scoring_system epss
scoring_elements 0.91815
published_at 2026-04-11T12:55:00Z
4
value 0.07526
scoring_system epss
scoring_elements 0.91812
published_at 2026-04-09T12:55:00Z
5
value 0.07526
scoring_system epss
scoring_elements 0.91805
published_at 2026-04-08T12:55:00Z
6
value 0.07526
scoring_system epss
scoring_elements 0.91792
published_at 2026-04-07T12:55:00Z
7
value 0.07526
scoring_system epss
scoring_elements 0.91779
published_at 2026-04-02T12:55:00Z
8
value 0.07526
scoring_system epss
scoring_elements 0.9177
published_at 2026-04-01T12:55:00Z
9
value 0.07526
scoring_system epss
scoring_elements 0.91784
published_at 2026-04-04T12:55:00Z
10
value 0.07526
scoring_system epss
scoring_elements 0.91833
published_at 2026-04-24T12:55:00Z
11
value 0.07526
scoring_system epss
scoring_elements 0.91827
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-10663
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10663
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10663
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10933
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10933
5
reference_url http://seclists.org/fulldisclosure/2020/Dec/32
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2020/Dec/32
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://github.com/flori/json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/flori/json
8
reference_url https://github.com/flori/json/blob/master/CHANGES.md#2019-12-11-230
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/flori/json/blob/master/CHANGES.md#2019-12-11-230
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/json/CVE-2020-10663.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/json/CVE-2020-10663.yml
10
reference_url https://lists.apache.org/thread.html/r37c0e1807da7ff2bdd028bbe296465a6bbb99e2320dbe661d5d8b33b@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r37c0e1807da7ff2bdd028bbe296465a6bbb99e2320dbe661d5d8b33b@%3Cissues.zookeeper.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/r3b04f4e99a19613f88ae088aa18cd271231a3c79dfff8f5efa8cda61@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r3b04f4e99a19613f88ae088aa18cd271231a3c79dfff8f5efa8cda61@%3Cissues.zookeeper.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/r5f17bfca1d6e7f4b33ae978725b2fd62a9f1b3111696eafa9add802d@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r5f17bfca1d6e7f4b33ae978725b2fd62a9f1b3111696eafa9add802d@%3Cissues.zookeeper.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/r8d2e174230f6d26e16c007546e804c343f1f68956f526daaafa4aaae@%3Cdev.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r8d2e174230f6d26e16c007546e804c343f1f68956f526daaafa4aaae@%3Cdev.zookeeper.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/rb023d54a46da1ac0d8969097f5fecc79636b07d3b80db7b818a5c55c@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb023d54a46da1ac0d8969097f5fecc79636b07d3b80db7b818a5c55c@%3Cissues.zookeeper.apache.org%3E
15
reference_url https://lists.apache.org/thread.html/rb2b981912446a74e14fe6076c4b7c7d8502727ea0718e6a65a9b1be5@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb2b981912446a74e14fe6076c4b7c7d8502727ea0718e6a65a9b1be5@%3Cissues.zookeeper.apache.org%3E
16
reference_url https://lists.apache.org/thread.html/rd9b9cc843f5cf5b532bdad9e87a817967efcf52b917e8c43b6df4cc7@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd9b9cc843f5cf5b532bdad9e87a817967efcf52b917e8c43b6df4cc7@%3Cissues.zookeeper.apache.org%3E
17
reference_url https://lists.apache.org/thread.html/rec8bb4d637b04575da41cfae49118e108e95d43bfac39b7b698ee4db@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rec8bb4d637b04575da41cfae49118e108e95d43bfac39b7b698ee4db@%3Cissues.zookeeper.apache.org%3E
18
reference_url https://lists.apache.org/thread.html/ree3abcd33c06ee95ab59faa1751198a1186d8941ddc2c2562c12966c@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ree3abcd33c06ee95ab59faa1751198a1186d8941ddc2c2562c12966c@%3Cissues.zookeeper.apache.org%3E
19
reference_url https://lists.debian.org/debian-lts-announce/2020/04/msg00030.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/04/msg00030.html
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7QL6MJD2BO4IRJ5CJFNMCDYMQQFT24BJ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7QL6MJD2BO4IRJ5CJFNMCDYMQQFT24BJ
21
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7QL6MJD2BO4IRJ5CJFNMCDYMQQFT24BJ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7QL6MJD2BO4IRJ5CJFNMCDYMQQFT24BJ/
22
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4TNVTT66VPRMX5UZYSDGSVRXKKDDDU5
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4TNVTT66VPRMX5UZYSDGSVRXKKDDDU5
23
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4TNVTT66VPRMX5UZYSDGSVRXKKDDDU5/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4TNVTT66VPRMX5UZYSDGSVRXKKDDDU5/
24
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NK2PBXWMFRUD7U7Q7LHV4KYLYID77RI4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NK2PBXWMFRUD7U7Q7LHV4KYLYID77RI4
25
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NK2PBXWMFRUD7U7Q7LHV4KYLYID77RI4/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NK2PBXWMFRUD7U7Q7LHV4KYLYID77RI4/
26
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-10663
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-10663
27
reference_url https://security.netapp.com/advisory/ntap-20210129-0003
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210129-0003
28
reference_url https://security.netapp.com/advisory/ntap-20210129-0003/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210129-0003/
29
reference_url https://support.apple.com/kb/HT211931
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://support.apple.com/kb/HT211931
30
reference_url https://www.debian.org/security/2020/dsa-4721
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2020/dsa-4721
31
reference_url https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663
32
reference_url https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
url https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/
33
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1827500
reference_id 1827500
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1827500
34
reference_url https://github.com/advisories/GHSA-jphg-qwrw-7w9g
reference_id GHSA-jphg-qwrw-7w9g
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jphg-qwrw-7w9g
35
reference_url https://access.redhat.com/errata/RHSA-2020:2462
reference_id RHSA-2020:2462
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2462
36
reference_url https://access.redhat.com/errata/RHSA-2020:2473
reference_id RHSA-2020:2473
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2473
37
reference_url https://access.redhat.com/errata/RHSA-2020:2670
reference_id RHSA-2020:2670
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2670
38
reference_url https://access.redhat.com/errata/RHSA-2021:2104
reference_id RHSA-2021:2104
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2104
39
reference_url https://access.redhat.com/errata/RHSA-2021:2230
reference_id RHSA-2021:2230
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2230
40
reference_url https://access.redhat.com/errata/RHSA-2021:2587
reference_id RHSA-2021:2587
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2587
41
reference_url https://access.redhat.com/errata/RHSA-2021:2588
reference_id RHSA-2021:2588
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2588
42
reference_url https://access.redhat.com/errata/RHSA-2022:0581
reference_id RHSA-2022:0581
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0581
43
reference_url https://access.redhat.com/errata/RHSA-2022:0582
reference_id RHSA-2022:0582
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0582
44
reference_url https://usn.ubuntu.com/4882-1/
reference_id USN-4882-1
reference_type
scores
url https://usn.ubuntu.com/4882-1/
fixed_packages
0
url pkg:deb/debian/ruby2.7@0?distro=bullseye
purl pkg:deb/debian/ruby2.7@0?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby2.7@0%3Fdistro=bullseye
1
url pkg:deb/debian/ruby2.7@2.7.4-1%2Bdeb11u1?distro=bullseye
purl pkg:deb/debian/ruby2.7@2.7.4-1%2Bdeb11u1?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby2.7@2.7.4-1%252Bdeb11u1%3Fdistro=bullseye
aliases CVE-2020-10663, GHSA-jphg-qwrw-7w9g
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d6tn-s1q2-a3hc
1
url VCID-jgyw-q58q-7qgm
vulnerability_id VCID-jgyw-q58q-7qgm
summary 
Tempfile on Windows path traversal vulnerability
There is an unintentional directory creation vulnerability in `tmpdir` library bundled with Ruby on Windows. And there is also an unintentional file creation vulnerability in tempfile library bundled with Ruby on Windows, because it uses tmpdir internally.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-28966
reference_id
reference_type
scores
0
value 0.00347
scoring_system epss
scoring_elements 0.57281
published_at 2026-04-13T12:55:00Z
1
value 0.00347
scoring_system epss
scoring_elements 0.57241
published_at 2026-04-24T12:55:00Z
2
value 0.00347
scoring_system epss
scoring_elements 0.57284
published_at 2026-04-21T12:55:00Z
3
value 0.00347
scoring_system epss
scoring_elements 0.57305
published_at 2026-04-18T12:55:00Z
4
value 0.00347
scoring_system epss
scoring_elements 0.57173
published_at 2026-04-01T12:55:00Z
5
value 0.00347
scoring_system epss
scoring_elements 0.57254
published_at 2026-04-02T12:55:00Z
6
value 0.00347
scoring_system epss
scoring_elements 0.57277
published_at 2026-04-04T12:55:00Z
7
value 0.00347
scoring_system epss
scoring_elements 0.57255
published_at 2026-04-07T12:55:00Z
8
value 0.00347
scoring_system epss
scoring_elements 0.57307
published_at 2026-04-08T12:55:00Z
9
value 0.00347
scoring_system epss
scoring_elements 0.57309
published_at 2026-04-16T12:55:00Z
10
value 0.00347
scoring_system epss
scoring_elements 0.57322
published_at 2026-04-11T12:55:00Z
11
value 0.00347
scoring_system epss
scoring_elements 0.57302
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-28966
1
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/tmpdir/CVE-2021-28966.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/tmpdir/CVE-2021-28966.yml
2
reference_url https://github.com/ruby/tmpdir
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ruby/tmpdir
3
reference_url https://github.com/ruby/tmpdir/commit/93798c01cb7c10476e50a4d80130a329ba47f348
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ruby/tmpdir/commit/93798c01cb7c10476e50a4d80130a329ba47f348
4
reference_url https://github.com/ruby/tmpdir/pull/8
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ruby/tmpdir/pull/8
5
reference_url https://hackerone.com/reports/1131465
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/1131465
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-28966
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-28966
7
reference_url https://rubygems.org/gems/tmpdir
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://rubygems.org/gems/tmpdir
8
reference_url https://security.netapp.com/advisory/ntap-20210902-0004
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210902-0004
9
reference_url https://security.netapp.com/advisory/ntap-20210902-0004/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210902-0004/
10
reference_url https://www.ruby-lang.org/en/news/2021/04/05/tempfile-path-traversal-on-windows-cve-2021-28966
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.ruby-lang.org/en/news/2021/04/05/tempfile-path-traversal-on-windows-cve-2021-28966
11
reference_url https://www.ruby-lang.org/en/news/2021/04/05/tempfile-path-traversal-on-windows-cve-2021-28966/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
url https://www.ruby-lang.org/en/news/2021/04/05/tempfile-path-traversal-on-windows-cve-2021-28966/
12
reference_url https://github.com/advisories/GHSA-46f2-3v63-3xrp
reference_id GHSA-46f2-3v63-3xrp
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-46f2-3v63-3xrp
fixed_packages
0
url pkg:deb/debian/ruby2.7@0?distro=bullseye
purl pkg:deb/debian/ruby2.7@0?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby2.7@0%3Fdistro=bullseye
1
url pkg:deb/debian/ruby2.7@2.7.4-1%2Bdeb11u1?distro=bullseye
purl pkg:deb/debian/ruby2.7@2.7.4-1%2Bdeb11u1?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby2.7@2.7.4-1%252Bdeb11u1%3Fdistro=bullseye
aliases CVE-2021-28966, GHSA-46f2-3v63-3xrp
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jgyw-q58q-7qgm
2
url VCID-qwh3-25yu-qfga
vulnerability_id VCID-qwh3-25yu-qfga
summary Multiple vulnerabilities have been discovered in Ruby, the worst of which could lead to execution of arbitrary code.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28738.json
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28738.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-28738
reference_id
reference_type
scores
0
value 0.00371
scoring_system epss
scoring_elements 0.58928
published_at 2026-04-24T12:55:00Z
1
value 0.00371
scoring_system epss
scoring_elements 0.58964
published_at 2026-04-16T12:55:00Z
2
value 0.00371
scoring_system epss
scoring_elements 0.58945
published_at 2026-04-21T12:55:00Z
3
value 0.00371
scoring_system epss
scoring_elements 0.58902
published_at 2026-04-02T12:55:00Z
4
value 0.00371
scoring_system epss
scoring_elements 0.58923
published_at 2026-04-04T12:55:00Z
5
value 0.00371
scoring_system epss
scoring_elements 0.5889
published_at 2026-04-07T12:55:00Z
6
value 0.00371
scoring_system epss
scoring_elements 0.58942
published_at 2026-04-08T12:55:00Z
7
value 0.00371
scoring_system epss
scoring_elements 0.58948
published_at 2026-04-09T12:55:00Z
8
value 0.00371
scoring_system epss
scoring_elements 0.58967
published_at 2026-04-18T12:55:00Z
9
value 0.00371
scoring_system epss
scoring_elements 0.58949
published_at 2026-04-12T12:55:00Z
10
value 0.00371
scoring_system epss
scoring_elements 0.5893
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-28738
2
reference_url https://www.ruby-lang.org/en/news/2022/04/12/double-free-in-regexp-compilation-cve-2022-28738/
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements
url https://www.ruby-lang.org/en/news/2022/04/12/double-free-in-regexp-compilation-cve-2022-28738/
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2075685
reference_id 2075685
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2075685
4
reference_url https://security.archlinux.org/AVG-2757
reference_id AVG-2757
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2757
5
reference_url https://access.redhat.com/errata/RHSA-2022:6450
reference_id RHSA-2022:6450
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6450
6
reference_url https://access.redhat.com/errata/RHSA-2022:6585
reference_id RHSA-2022:6585
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6585
7
reference_url https://access.redhat.com/errata/RHSA-2022:6855
reference_id RHSA-2022:6855
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6855
8
reference_url https://usn.ubuntu.com/5462-1/
reference_id USN-5462-1
reference_type
scores
url https://usn.ubuntu.com/5462-1/
fixed_packages
0
url pkg:deb/debian/ruby2.7@0?distro=bullseye
purl pkg:deb/debian/ruby2.7@0?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby2.7@0%3Fdistro=bullseye
1
url pkg:deb/debian/ruby2.7@2.7.4-1%2Bdeb11u1?distro=bullseye
purl pkg:deb/debian/ruby2.7@2.7.4-1%2Bdeb11u1?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby2.7@2.7.4-1%252Bdeb11u1%3Fdistro=bullseye
aliases CVE-2022-28738, GHSA-8pqg-8p79-j5j8
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qwh3-25yu-qfga
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby2.7@0%3Fdistro=bullseye