Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/shadow@0?distro=trixie

Type deb

Namespace debian

Name shadow

Version 0

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 1:4.0.3-35

Latest_non_vulnerable_version 1:4.19.3-2

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-2rhw-3aa1-k3fe

vulnerability_id VCID-2rhw-3aa1-k3fe

summary Buffer overflow in (1) grpck and (2) pwck, if installed setuid on a system as recommended in some AIX documentation, may allow local users to gain privileges via a long command line argument.

references

reference_url	http://marc.info/?l=vuln-dev&m=100999352406822&w=2
reference_id
reference_type
scores
url	http://marc.info/?l=vuln-dev&m=100999352406822&w=2

reference_url	http://marc.info/?l=vulnwatch&m=100998205010794&w=2
reference_id
reference_type
scores
url	http://marc.info/?l=vulnwatch&m=100998205010794&w=2

reference_url	http://publib.boulder.ibm.com/infocenter/pseries/topic/com.ibm.aix.doc/cmds/aixcmds2/grpck.htm
reference_id
reference_type
scores
url	http://publib.boulder.ibm.com/infocenter/pseries/topic/com.ibm.aix.doc/cmds/aixcmds2/grpck.htm

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2002-1594

reference_id

reference_type

scores

value	0.00174
scoring_system	epss
scoring_elements	0.38704
published_at	2026-04-21T12:55:00Z

value	0.00174
scoring_system	epss
scoring_elements	0.38674
published_at	2026-04-01T12:55:00Z

value	0.00174
scoring_system	epss
scoring_elements	0.38802
published_at	2026-04-02T12:55:00Z

value	0.00174
scoring_system	epss
scoring_elements	0.38822
published_at	2026-04-04T12:55:00Z

value	0.00174
scoring_system	epss
scoring_elements	0.3875
published_at	2026-04-07T12:55:00Z

value	0.00174
scoring_system	epss
scoring_elements	0.388
published_at	2026-04-08T12:55:00Z

value	0.00174
scoring_system	epss
scoring_elements	0.38811
published_at	2026-04-09T12:55:00Z

value	0.00174
scoring_system	epss
scoring_elements	0.38823
published_at	2026-04-11T12:55:00Z

value	0.00174
scoring_system	epss
scoring_elements	0.38787
published_at	2026-04-12T12:55:00Z

value	0.00174
scoring_system	epss
scoring_elements	0.38759
published_at	2026-04-13T12:55:00Z

value	0.00174
scoring_system	epss
scoring_elements	0.38805
published_at	2026-04-16T12:55:00Z

value	0.00174
scoring_system	epss
scoring_elements	0.38783
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2002-1594

reference_url	https://exchange.xforce.ibmcloud.com/vulnerabilities/7857
reference_id
reference_type
scores
url	https://exchange.xforce.ibmcloud.com/vulnerabilities/7857

reference_url	https://exchange.xforce.ibmcloud.com/vulnerabilities/7859
reference_id
reference_type
scores
url	https://exchange.xforce.ibmcloud.com/vulnerabilities/7859

reference_url	http://www.kb.cert.org/vuls/id/121891
reference_id
reference_type
scores
url	http://www.kb.cert.org/vuls/id/121891

reference_url	http://www.kb.cert.org/vuls/id/877811
reference_id
reference_type
scores
url	http://www.kb.cert.org/vuls/id/877811

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:grpck:grpck::::::::
reference_id	cpe:2.3:a:grpck:grpck::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:grpck:grpck::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pwck:pwck::::::::
reference_id	cpe:2.3:a:pwck:pwck::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pwck:pwck::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2002-1594

reference_id

CVE-2002-1594

reference_type

scores

value	7.2
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:N/C:C/I:C/A:C

url

https://nvd.nist.gov/vuln/detail/CVE-2002-1594

fixed_packages

url	pkg:deb/debian/shadow@0?distro=trixie
purl	pkg:deb/debian/shadow@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/shadow@0%3Fdistro=trixie

url pkg:deb/debian/shadow@1:4.8.1-1?distro=trixie

purl pkg:deb/debian/shadow@1:4.8.1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-shuq-ufcc-ruf5

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/shadow@1:4.8.1-1%3Fdistro=trixie

url	pkg:deb/debian/shadow@1:4.13%2Bdfsg1-1%2Bdeb12u2?distro=trixie
purl	pkg:deb/debian/shadow@1:4.13%2Bdfsg1-1%2Bdeb12u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/shadow@1:4.13%252Bdfsg1-1%252Bdeb12u2%3Fdistro=trixie

url	pkg:deb/debian/shadow@1:4.17.4-2?distro=trixie
purl	pkg:deb/debian/shadow@1:4.17.4-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/shadow@1:4.17.4-2%3Fdistro=trixie

url	pkg:deb/debian/shadow@1:4.19.3-1?distro=trixie
purl	pkg:deb/debian/shadow@1:4.19.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/shadow@1:4.19.3-1%3Fdistro=trixie

url	pkg:deb/debian/shadow@1:4.19.3-2?distro=trixie
purl	pkg:deb/debian/shadow@1:4.19.3-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/shadow@1:4.19.3-2%3Fdistro=trixie

aliases CVE-2002-1594

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2rhw-3aa1-k3fe

url VCID-nx6h-9y1e-2ybh

vulnerability_id VCID-nx6h-9y1e-2ybh

summary The Ubuntu 5.10 installer does not properly clear passwords from the installer log file (questions.dat), and leaves the log file with world-readable permissions, which allows local users to gain privileges.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2006-1183

reference_id

reference_type

scores

value	0.00097
scoring_system	epss
scoring_elements	0.26887
published_at	2026-04-01T12:55:00Z

value	0.00097
scoring_system	epss
scoring_elements	0.26927
published_at	2026-04-02T12:55:00Z

value	0.00097
scoring_system	epss
scoring_elements	0.26963
published_at	2026-04-04T12:55:00Z

value	0.00097
scoring_system	epss
scoring_elements	0.26754
published_at	2026-04-07T12:55:00Z

value	0.00097
scoring_system	epss
scoring_elements	0.26822
published_at	2026-04-08T12:55:00Z

value	0.00097
scoring_system	epss
scoring_elements	0.26869
published_at	2026-04-09T12:55:00Z

value	0.00097
scoring_system	epss
scoring_elements	0.26872
published_at	2026-04-11T12:55:00Z

value	0.00097
scoring_system	epss
scoring_elements	0.26828
published_at	2026-04-12T12:55:00Z

value	0.00097
scoring_system	epss
scoring_elements	0.26771
published_at	2026-04-13T12:55:00Z

value	0.00097
scoring_system	epss
scoring_elements	0.26778
published_at	2026-04-16T12:55:00Z

value	0.00097
scoring_system	epss
scoring_elements	0.2675
published_at	2026-04-18T12:55:00Z

value	0.00097
scoring_system	epss
scoring_elements	0.26712
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2006-1183

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/1579.pl
reference_id	OSVDB-23868;CVE-2006-1183
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/1579.pl

fixed_packages

url	pkg:deb/debian/shadow@0?distro=trixie
purl	pkg:deb/debian/shadow@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/shadow@0%3Fdistro=trixie

url pkg:deb/debian/shadow@1:4.8.1-1?distro=trixie

purl pkg:deb/debian/shadow@1:4.8.1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-shuq-ufcc-ruf5

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/shadow@1:4.8.1-1%3Fdistro=trixie

url	pkg:deb/debian/shadow@1:4.13%2Bdfsg1-1%2Bdeb12u2?distro=trixie
purl	pkg:deb/debian/shadow@1:4.13%2Bdfsg1-1%2Bdeb12u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/shadow@1:4.13%252Bdfsg1-1%252Bdeb12u2%3Fdistro=trixie

url	pkg:deb/debian/shadow@1:4.17.4-2?distro=trixie
purl	pkg:deb/debian/shadow@1:4.17.4-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/shadow@1:4.17.4-2%3Fdistro=trixie

url	pkg:deb/debian/shadow@1:4.19.3-1?distro=trixie
purl	pkg:deb/debian/shadow@1:4.19.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/shadow@1:4.19.3-1%3Fdistro=trixie

url	pkg:deb/debian/shadow@1:4.19.3-2?distro=trixie
purl	pkg:deb/debian/shadow@1:4.19.3-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/shadow@1:4.19.3-2%3Fdistro=trixie

aliases CVE-2006-1183

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nx6h-9y1e-2ybh

url VCID-w9fj-dfb7-z3gd

vulnerability_id VCID-w9fj-dfb7-z3gd

summary shadow-utils: useradd-mkdirs.patch creates intermediate directories with 0777

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16588.json

reference_id

reference_type

scores

value	4.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16588.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-16588

reference_id

reference_type

scores

value	0.00044
scoring_system	epss
scoring_elements	0.13543
published_at	2026-04-01T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13643
published_at	2026-04-02T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13704
published_at	2026-04-04T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13507
published_at	2026-04-21T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13588
published_at	2026-04-08T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13638
published_at	2026-04-09T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13609
published_at	2026-04-11T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13573
published_at	2026-04-12T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13525
published_at	2026-04-13T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13438
published_at	2026-04-16T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13433
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-16588

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1626123
reference_id	1626123
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1626123

fixed_packages

url	pkg:deb/debian/shadow@0?distro=trixie
purl	pkg:deb/debian/shadow@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/shadow@0%3Fdistro=trixie

url pkg:deb/debian/shadow@1:4.8.1-1?distro=trixie

purl pkg:deb/debian/shadow@1:4.8.1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-shuq-ufcc-ruf5

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/shadow@1:4.8.1-1%3Fdistro=trixie

url	pkg:deb/debian/shadow@1:4.13%2Bdfsg1-1%2Bdeb12u2?distro=trixie
purl	pkg:deb/debian/shadow@1:4.13%2Bdfsg1-1%2Bdeb12u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/shadow@1:4.13%252Bdfsg1-1%252Bdeb12u2%3Fdistro=trixie

url	pkg:deb/debian/shadow@1:4.17.4-2?distro=trixie
purl	pkg:deb/debian/shadow@1:4.17.4-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/shadow@1:4.17.4-2%3Fdistro=trixie

url	pkg:deb/debian/shadow@1:4.19.3-1?distro=trixie
purl	pkg:deb/debian/shadow@1:4.19.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/shadow@1:4.19.3-1%3Fdistro=trixie

url	pkg:deb/debian/shadow@1:4.19.3-2?distro=trixie
purl	pkg:deb/debian/shadow@1:4.19.3-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/shadow@1:4.19.3-2%3Fdistro=trixie

aliases CVE-2018-16588

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w9fj-dfb7-z3gd

url VCID-y9eh-xkcp-wqcs

vulnerability_id VCID-y9eh-xkcp-wqcs

summary passwd before 1:4.0.13 on Ubuntu 6.06 LTS leaves the root password blank instead of locking it when the administrator selects the "Go Back" option after the final "Installation complete" message and uses the main menu, which causes the password to be zeroed out in the installer's memory.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2006-3597

reference_id

reference_type

scores

value	0.00056
scoring_system	epss
scoring_elements	0.17567
published_at	2026-04-01T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.1773
published_at	2026-04-02T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.17777
published_at	2026-04-04T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.17505
published_at	2026-04-07T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.17594
published_at	2026-04-08T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.17655
published_at	2026-04-09T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.17673
published_at	2026-04-11T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.17626
published_at	2026-04-12T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.17574
published_at	2026-04-13T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.17519
published_at	2026-04-16T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.17528
published_at	2026-04-18T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.17562
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2006-3597

fixed_packages

url	pkg:deb/debian/shadow@0?distro=trixie
purl	pkg:deb/debian/shadow@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/shadow@0%3Fdistro=trixie

url pkg:deb/debian/shadow@1:4.8.1-1?distro=trixie

purl pkg:deb/debian/shadow@1:4.8.1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-shuq-ufcc-ruf5

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/shadow@1:4.8.1-1%3Fdistro=trixie

url	pkg:deb/debian/shadow@1:4.13%2Bdfsg1-1%2Bdeb12u2?distro=trixie
purl	pkg:deb/debian/shadow@1:4.13%2Bdfsg1-1%2Bdeb12u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/shadow@1:4.13%252Bdfsg1-1%252Bdeb12u2%3Fdistro=trixie

url	pkg:deb/debian/shadow@1:4.17.4-2?distro=trixie
purl	pkg:deb/debian/shadow@1:4.17.4-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/shadow@1:4.17.4-2%3Fdistro=trixie

url	pkg:deb/debian/shadow@1:4.19.3-1?distro=trixie
purl	pkg:deb/debian/shadow@1:4.19.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/shadow@1:4.19.3-1%3Fdistro=trixie

url	pkg:deb/debian/shadow@1:4.19.3-2?distro=trixie
purl	pkg:deb/debian/shadow@1:4.19.3-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/shadow@1:4.19.3-2%3Fdistro=trixie

aliases CVE-2006-3597

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y9eh-xkcp-wqcs

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/shadow@0%3Fdistro=trixie

Package Instance