Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-7xea-ge93-yuee
Summary
Aliases
0
alias CVE-2022-38649
1
alias GHSA-7wqf-h36w-47mc
Fixed_packages
0
url pkg:pypi/apache-airflow@2.3.0
purl pkg:pypi/apache-airflow@2.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1963-1kyn-2ban
1
vulnerability VCID-1azm-hsvr-f3e8
2
vulnerability VCID-1ptn-xvsy-d3hu
3
vulnerability VCID-2q7x-bua5-37h7
4
vulnerability VCID-4693-xwwu-7uem
5
vulnerability VCID-4btd-59ga-1yd4
6
vulnerability VCID-4u8d-ezsr-sqcz
7
vulnerability VCID-5ph5-s3qc-guf4
8
vulnerability VCID-5ufe-1rrj-rkgp
9
vulnerability VCID-7z8j-8f4d-53dm
10
vulnerability VCID-82p8-yujf-hkdd
11
vulnerability VCID-8m3p-yzr8-yyhj
12
vulnerability VCID-8npr-rvfd-jkfj
13
vulnerability VCID-8ykk-1kak-6bfd
14
vulnerability VCID-arbk-dryb-qkda
15
vulnerability VCID-ctd9-hxfn-8fcs
16
vulnerability VCID-d3kc-fn21-xqar
17
vulnerability VCID-dk1y-938p-k3bv
18
vulnerability VCID-e19b-adrm-x7fu
19
vulnerability VCID-fctg-457f-4uae
20
vulnerability VCID-fnsx-gtgn-27dr
21
vulnerability VCID-fut9-4dat-qbfy
22
vulnerability VCID-gg94-fdbv-y7g1
23
vulnerability VCID-hgq2-kuex-y3a3
24
vulnerability VCID-hpf3-3z3m-6ydt
25
vulnerability VCID-j6uh-kx6m-sydp
26
vulnerability VCID-k7ea-m9cw-w3fz
27
vulnerability VCID-kb4a-mm13-63bj
28
vulnerability VCID-kgfb-yphg-n3ec
29
vulnerability VCID-nfbc-tutd-37bw
30
vulnerability VCID-p42d-ta7v-7yhn
31
vulnerability VCID-pb3b-22wk-pbh5
32
vulnerability VCID-pmtw-nwnc-nyfw
33
vulnerability VCID-pqgj-ry81-6ua3
34
vulnerability VCID-qxnw-7urw-fud2
35
vulnerability VCID-rysu-xhvt-yqda
36
vulnerability VCID-s49h-br5r-5yh8
37
vulnerability VCID-swav-nrrn-wbcs
38
vulnerability VCID-tpjn-4kru-vucv
39
vulnerability VCID-vj7z-pmk3-cydg
40
vulnerability VCID-vras-f42j-xqfg
41
vulnerability VCID-vy44-rbar-w3fn
42
vulnerability VCID-w8ff-8479-rbfq
43
vulnerability VCID-x56a-2xkf-mfd3
44
vulnerability VCID-xwza-guvs-83a9
45
vulnerability VCID-yrx8-dtav-83av
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.3.0
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-38649
reference_id
reference_type
scores
0
value 0.08744
scoring_system epss
scoring_elements 0.92633
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-38649
1
reference_url https://github.com/apache/airflow
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/airflow
2
reference_url https://github.com/apache/airflow/commit/1d4fd5c6eacab0b88f8660f9d780174434393f1a
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/airflow/commit/1d4fd5c6eacab0b88f8660f9d780174434393f1a
3
reference_url https://github.com/apache/airflow/pull/27641
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-29T04:35:31Z/
url https://github.com/apache/airflow/pull/27641
4
reference_url https://lists.apache.org/thread/033o1gbc4ly6dpd2xf1o201v56fbl4dz
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-29T04:35:31Z/
url https://lists.apache.org/thread/033o1gbc4ly6dpd2xf1o201v56fbl4dz
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-38649
reference_id CVE-2022-38649
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-38649
6
reference_url https://github.com/advisories/GHSA-7wqf-h36w-47mc
reference_id GHSA-7wqf-h36w-47mc
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7wqf-h36w-47mc
Weaknesses
0
cwe_id 78
name Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
description The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Exploits
Severity_range_score9.0 - 10.0
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-7xea-ge93-yuee