Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-ffv6-84e5-sfd8

Summary OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 loads various information about the current user such as their id, name and the groups they are in, and these are available on the main webclient pages. This represents an information exposure vulnerability. Some additional information being loaded is not used by the webclient and is being removed in this release. This is fixed in version 5.9.0.

Aliases

alias	CVE-2021-21376

alias	GHSA-gfp2-w5jm-955q

alias	PYSEC-2021-31

Fixed_packages

url pkg:pypi/omero-web@5.9.0

purl pkg:pypi/omero-web@5.9.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-44ek-6uky-zfhe

vulnerability	VCID-kheq-7jts-zyfm

vulnerability	VCID-p4he-5us6-jbcx

vulnerability	VCID-z5kz-6edv-a3fk

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/omero-web@5.9.0

Affected_packages

url pkg:pypi/omero-web@5.5.dev1

purl pkg:pypi/omero-web@5.5.dev1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-44ek-6uky-zfhe

vulnerability	VCID-c7gk-qn1s-dubr

vulnerability	VCID-ffv6-84e5-sfd8

vulnerability	VCID-kheq-7jts-zyfm

vulnerability	VCID-p4he-5us6-jbcx

vulnerability	VCID-pt6y-r5jy-17gf

vulnerability	VCID-z5kz-6edv-a3fk

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/omero-web@5.5.dev1

url pkg:pypi/omero-web@5.5.dev2

purl pkg:pypi/omero-web@5.5.dev2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-44ek-6uky-zfhe

vulnerability	VCID-c7gk-qn1s-dubr

vulnerability	VCID-ffv6-84e5-sfd8

vulnerability	VCID-kheq-7jts-zyfm

vulnerability	VCID-p4he-5us6-jbcx

vulnerability	VCID-pt6y-r5jy-17gf

vulnerability	VCID-z5kz-6edv-a3fk

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/omero-web@5.5.dev2

url pkg:pypi/omero-web@5.6.dev1

purl pkg:pypi/omero-web@5.6.dev1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-44ek-6uky-zfhe

vulnerability	VCID-c7gk-qn1s-dubr

vulnerability	VCID-ffv6-84e5-sfd8

vulnerability	VCID-kheq-7jts-zyfm

vulnerability	VCID-p4he-5us6-jbcx

vulnerability	VCID-pt6y-r5jy-17gf

vulnerability	VCID-z5kz-6edv-a3fk

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/omero-web@5.6.dev1

url pkg:pypi/omero-web@5.6.dev2

purl pkg:pypi/omero-web@5.6.dev2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-44ek-6uky-zfhe

vulnerability	VCID-c7gk-qn1s-dubr

vulnerability	VCID-ffv6-84e5-sfd8

vulnerability	VCID-kheq-7jts-zyfm

vulnerability	VCID-p4he-5us6-jbcx

vulnerability	VCID-pt6y-r5jy-17gf

vulnerability	VCID-z5kz-6edv-a3fk

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/omero-web@5.6.dev2

url pkg:pypi/omero-web@5.6.dev3

purl pkg:pypi/omero-web@5.6.dev3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-44ek-6uky-zfhe

vulnerability	VCID-c7gk-qn1s-dubr

vulnerability	VCID-ffv6-84e5-sfd8

vulnerability	VCID-kheq-7jts-zyfm

vulnerability	VCID-p4he-5us6-jbcx

vulnerability	VCID-pt6y-r5jy-17gf

vulnerability	VCID-z5kz-6edv-a3fk

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/omero-web@5.6.dev3

url pkg:pypi/omero-web@5.6.dev4

purl pkg:pypi/omero-web@5.6.dev4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-44ek-6uky-zfhe

vulnerability	VCID-c7gk-qn1s-dubr

vulnerability	VCID-ffv6-84e5-sfd8

vulnerability	VCID-kheq-7jts-zyfm

vulnerability	VCID-p4he-5us6-jbcx

vulnerability	VCID-pt6y-r5jy-17gf

vulnerability	VCID-z5kz-6edv-a3fk

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/omero-web@5.6.dev4

url pkg:pypi/omero-web@5.6.dev5

purl pkg:pypi/omero-web@5.6.dev5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-44ek-6uky-zfhe

vulnerability	VCID-c7gk-qn1s-dubr

vulnerability	VCID-ffv6-84e5-sfd8

vulnerability	VCID-kheq-7jts-zyfm

vulnerability	VCID-p4he-5us6-jbcx

vulnerability	VCID-pt6y-r5jy-17gf

vulnerability	VCID-z5kz-6edv-a3fk

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/omero-web@5.6.dev5

url pkg:pypi/omero-web@5.6.dev6

purl pkg:pypi/omero-web@5.6.dev6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-44ek-6uky-zfhe

vulnerability	VCID-c7gk-qn1s-dubr

vulnerability	VCID-ffv6-84e5-sfd8

vulnerability	VCID-kheq-7jts-zyfm

vulnerability	VCID-p4he-5us6-jbcx

vulnerability	VCID-pt6y-r5jy-17gf

vulnerability	VCID-z5kz-6edv-a3fk

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/omero-web@5.6.dev6

url pkg:pypi/omero-web@5.6.dev7

purl pkg:pypi/omero-web@5.6.dev7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-44ek-6uky-zfhe

vulnerability	VCID-c7gk-qn1s-dubr

vulnerability	VCID-ffv6-84e5-sfd8

vulnerability	VCID-kheq-7jts-zyfm

vulnerability	VCID-p4he-5us6-jbcx

vulnerability	VCID-pt6y-r5jy-17gf

vulnerability	VCID-z5kz-6edv-a3fk

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/omero-web@5.6.dev7

url pkg:pypi/omero-web@5.6.0

purl pkg:pypi/omero-web@5.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-44ek-6uky-zfhe

vulnerability	VCID-c7gk-qn1s-dubr

vulnerability	VCID-ffv6-84e5-sfd8

vulnerability	VCID-kheq-7jts-zyfm

vulnerability	VCID-p4he-5us6-jbcx

vulnerability	VCID-pt6y-r5jy-17gf

vulnerability	VCID-z5kz-6edv-a3fk

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/omero-web@5.6.0

url pkg:pypi/omero-web@5.6.1

purl pkg:pypi/omero-web@5.6.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-44ek-6uky-zfhe

vulnerability	VCID-c7gk-qn1s-dubr

vulnerability	VCID-ffv6-84e5-sfd8

vulnerability	VCID-kheq-7jts-zyfm

vulnerability	VCID-p4he-5us6-jbcx

vulnerability	VCID-pt6y-r5jy-17gf

vulnerability	VCID-z5kz-6edv-a3fk

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/omero-web@5.6.1

url pkg:pypi/omero-web@5.6.2

purl pkg:pypi/omero-web@5.6.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-44ek-6uky-zfhe

vulnerability	VCID-c7gk-qn1s-dubr

vulnerability	VCID-ffv6-84e5-sfd8

vulnerability	VCID-kheq-7jts-zyfm

vulnerability	VCID-p4he-5us6-jbcx

vulnerability	VCID-pt6y-r5jy-17gf

vulnerability	VCID-z5kz-6edv-a3fk

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/omero-web@5.6.2

url pkg:pypi/omero-web@5.6.3

purl pkg:pypi/omero-web@5.6.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-44ek-6uky-zfhe

vulnerability	VCID-c7gk-qn1s-dubr

vulnerability	VCID-ffv6-84e5-sfd8

vulnerability	VCID-kheq-7jts-zyfm

vulnerability	VCID-p4he-5us6-jbcx

vulnerability	VCID-z5kz-6edv-a3fk

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/omero-web@5.6.3

url pkg:pypi/omero-web@5.7.0

purl pkg:pypi/omero-web@5.7.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-44ek-6uky-zfhe

vulnerability	VCID-c7gk-qn1s-dubr

vulnerability	VCID-ffv6-84e5-sfd8

vulnerability	VCID-kheq-7jts-zyfm

vulnerability	VCID-p4he-5us6-jbcx

vulnerability	VCID-z5kz-6edv-a3fk

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/omero-web@5.7.0

url pkg:pypi/omero-web@5.7.1

purl pkg:pypi/omero-web@5.7.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-44ek-6uky-zfhe

vulnerability	VCID-c7gk-qn1s-dubr

vulnerability	VCID-ffv6-84e5-sfd8

vulnerability	VCID-kheq-7jts-zyfm

vulnerability	VCID-p4he-5us6-jbcx

vulnerability	VCID-z5kz-6edv-a3fk

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/omero-web@5.7.1

url pkg:pypi/omero-web@5.8.0

purl pkg:pypi/omero-web@5.8.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-44ek-6uky-zfhe

vulnerability	VCID-c7gk-qn1s-dubr

vulnerability	VCID-ffv6-84e5-sfd8

vulnerability	VCID-kheq-7jts-zyfm

vulnerability	VCID-p4he-5us6-jbcx

vulnerability	VCID-z5kz-6edv-a3fk

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/omero-web@5.8.0

url pkg:pypi/omero-web@5.8.1

purl pkg:pypi/omero-web@5.8.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-44ek-6uky-zfhe

vulnerability	VCID-c7gk-qn1s-dubr

vulnerability	VCID-ffv6-84e5-sfd8

vulnerability	VCID-kheq-7jts-zyfm

vulnerability	VCID-p4he-5us6-jbcx

vulnerability	VCID-z5kz-6edv-a3fk

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/omero-web@5.8.1

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-21376

reference_id

reference_type

scores

value	0.00424
scoring_system	epss
scoring_elements	0.62601
published_at	2026-06-11T12:55:00Z

value	0.00424
scoring_system	epss
scoring_elements	0.62702
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-21376

reference_url

https://github.com/ome/omero-web

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

value	7.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/ome/omero-web

reference_url

https://github.com/ome/omero-web/blob/master/CHANGELOG.md#590-march-2021

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

value	7.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/ome/omero-web/blob/master/CHANGELOG.md#590-march-2021

reference_url

https://github.com/ome/omero-web/commit/952f8e5d28532fbb14fb665982211329d137908c

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

value	7.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/ome/omero-web/commit/952f8e5d28532fbb14fb665982211329d137908c

reference_url

https://github.com/ome/omero-web/security/advisories/GHSA-gfp2-w5jm-955q

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	7.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/ome/omero-web/security/advisories/GHSA-gfp2-w5jm-955q

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/omero-web/PYSEC-2021-31.yaml

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

value	7.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/omero-web/PYSEC-2021-31.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-21376

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

value	7.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-21376

reference_url

https://pypi.org/project/omero-web

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

value	7.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://pypi.org/project/omero-web

reference_url	https://pypi.org/project/omero-web/
reference_id
reference_type
scores
url	https://pypi.org/project/omero-web/

reference_url

https://www.openmicroscopy.org/security/advisories/2021-SV1

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

value	7.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.openmicroscopy.org/security/advisories/2021-SV1

reference_url	https://www.openmicroscopy.org/security/advisories/2021-SV1/
reference_id
reference_type
scores
url	https://www.openmicroscopy.org/security/advisories/2021-SV1/

reference_url

https://github.com/advisories/GHSA-gfp2-w5jm-955q

reference_id

GHSA-gfp2-w5jm-955q

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-gfp2-w5jm-955q

Weaknesses

cwe_id	200
name	Exposure of Sensitive Information to an Unauthorized Actor
description	The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

Exploits

Severity_range_score 6.4 - 8.9

Exploitability 0.5

Weighted_severity 8.0

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ffv6-84e5-sfd8

Vulnerability Instance