Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-292c-g8n3-cyfn
Summarylibexpat before 2.7.6 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.
Aliases
0
alias CVE-2026-41080
Fixed_packages
0
url pkg:apk/alpine/expat@2.8.0-r0?arch=aarch64&distroversion=edge&reponame=main
purl pkg:apk/alpine/expat@2.8.0-r0?arch=aarch64&distroversion=edge&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/expat@2.8.0-r0%3Farch=aarch64&distroversion=edge&reponame=main
1
url pkg:apk/alpine/expat@2.8.0-r0?arch=armhf&distroversion=edge&reponame=main
purl pkg:apk/alpine/expat@2.8.0-r0?arch=armhf&distroversion=edge&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/expat@2.8.0-r0%3Farch=armhf&distroversion=edge&reponame=main
2
url pkg:apk/alpine/expat@2.8.0-r0?arch=armv7&distroversion=edge&reponame=main
purl pkg:apk/alpine/expat@2.8.0-r0?arch=armv7&distroversion=edge&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/expat@2.8.0-r0%3Farch=armv7&distroversion=edge&reponame=main
3
url pkg:apk/alpine/expat@2.8.0-r0?arch=loongarch64&distroversion=edge&reponame=main
purl pkg:apk/alpine/expat@2.8.0-r0?arch=loongarch64&distroversion=edge&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/expat@2.8.0-r0%3Farch=loongarch64&distroversion=edge&reponame=main
4
url pkg:apk/alpine/expat@2.8.0-r0?arch=ppc64le&distroversion=edge&reponame=main
purl pkg:apk/alpine/expat@2.8.0-r0?arch=ppc64le&distroversion=edge&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/expat@2.8.0-r0%3Farch=ppc64le&distroversion=edge&reponame=main
5
url pkg:apk/alpine/expat@2.8.0-r0?arch=riscv64&distroversion=edge&reponame=main
purl pkg:apk/alpine/expat@2.8.0-r0?arch=riscv64&distroversion=edge&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/expat@2.8.0-r0%3Farch=riscv64&distroversion=edge&reponame=main
6
url pkg:apk/alpine/expat@2.8.0-r0?arch=s390x&distroversion=edge&reponame=main
purl pkg:apk/alpine/expat@2.8.0-r0?arch=s390x&distroversion=edge&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/expat@2.8.0-r0%3Farch=s390x&distroversion=edge&reponame=main
7
url pkg:apk/alpine/expat@2.8.0-r0?arch=x86&distroversion=edge&reponame=main
purl pkg:apk/alpine/expat@2.8.0-r0?arch=x86&distroversion=edge&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/expat@2.8.0-r0%3Farch=x86&distroversion=edge&reponame=main
8
url pkg:apk/alpine/expat@2.8.0-r0?arch=x86_64&distroversion=edge&reponame=main
purl pkg:apk/alpine/expat@2.8.0-r0?arch=x86_64&distroversion=edge&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/expat@2.8.0-r0%3Farch=x86_64&distroversion=edge&reponame=main
9
url pkg:deb/debian/expat@2.8.0-1
purl pkg:deb/debian/expat@2.8.0-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.8.0-1
10
url pkg:deb/debian/expat@2.8.0-1?distro=trixie
purl pkg:deb/debian/expat@2.8.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.8.0-1%3Fdistro=trixie
Affected_packages
0
url pkg:deb/debian/expat@2.2.10-2%2Bdeb11u5
purl pkg:deb/debian/expat@2.2.10-2%2Bdeb11u5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fms-7y9v-dfc5
1
vulnerability VCID-292c-g8n3-cyfn
2
vulnerability VCID-77y6-jskt-qucb
3
vulnerability VCID-7ndj-4zn8-cqa4
4
vulnerability VCID-d26t-ex9d-x3ev
5
vulnerability VCID-gtcn-kyd2-xqdk
6
vulnerability VCID-jqe4-44gw-wbhu
7
vulnerability VCID-k2kp-fv3q-vyh2
8
vulnerability VCID-nguf-68jf-ryaz
9
vulnerability VCID-nktd-7gph-kkb1
10
vulnerability VCID-nw3z-nwyg-87e5
11
vulnerability VCID-qmx9-wkj4-67h3
12
vulnerability VCID-u5pr-wheu-h7c6
13
vulnerability VCID-utz3-ytaf-cbht
14
vulnerability VCID-v41j-xj8s-m7ar
15
vulnerability VCID-yw8s-ezc7-6ub8
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u5
1
url pkg:deb/debian/expat@2.2.10-2%2Bdeb11u5?distro=trixie
purl pkg:deb/debian/expat@2.2.10-2%2Bdeb11u5?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fms-7y9v-dfc5
1
vulnerability VCID-292c-g8n3-cyfn
2
vulnerability VCID-77y6-jskt-qucb
3
vulnerability VCID-jqe4-44gw-wbhu
4
vulnerability VCID-nguf-68jf-ryaz
5
vulnerability VCID-nktd-7gph-kkb1
6
vulnerability VCID-qmx9-wkj4-67h3
7
vulnerability VCID-u5pr-wheu-h7c6
8
vulnerability VCID-utz3-ytaf-cbht
9
vulnerability VCID-v41j-xj8s-m7ar
10
vulnerability VCID-yw8s-ezc7-6ub8
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u5%3Fdistro=trixie
2
url pkg:deb/debian/expat@2.5.0-1%2Bdeb12u2
purl pkg:deb/debian/expat@2.5.0-1%2Bdeb12u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-292c-g8n3-cyfn
1
vulnerability VCID-77y6-jskt-qucb
2
vulnerability VCID-jqe4-44gw-wbhu
3
vulnerability VCID-nktd-7gph-kkb1
4
vulnerability VCID-qmx9-wkj4-67h3
5
vulnerability VCID-u5pr-wheu-h7c6
6
vulnerability VCID-utz3-ytaf-cbht
7
vulnerability VCID-v41j-xj8s-m7ar
8
vulnerability VCID-yw8s-ezc7-6ub8
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.5.0-1%252Bdeb12u2
3
url pkg:deb/debian/expat@2.5.0-1%2Bdeb12u2?distro=trixie
purl pkg:deb/debian/expat@2.5.0-1%2Bdeb12u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-292c-g8n3-cyfn
1
vulnerability VCID-77y6-jskt-qucb
2
vulnerability VCID-jqe4-44gw-wbhu
3
vulnerability VCID-nktd-7gph-kkb1
4
vulnerability VCID-qmx9-wkj4-67h3
5
vulnerability VCID-u5pr-wheu-h7c6
6
vulnerability VCID-utz3-ytaf-cbht
7
vulnerability VCID-v41j-xj8s-m7ar
8
vulnerability VCID-yw8s-ezc7-6ub8
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.5.0-1%252Bdeb12u2%3Fdistro=trixie
4
url pkg:deb/debian/expat@2.7.1-2
purl pkg:deb/debian/expat@2.7.1-2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-292c-g8n3-cyfn
1
vulnerability VCID-77y6-jskt-qucb
2
vulnerability VCID-jqe4-44gw-wbhu
3
vulnerability VCID-nktd-7gph-kkb1
4
vulnerability VCID-utz3-ytaf-cbht
5
vulnerability VCID-v41j-xj8s-m7ar
6
vulnerability VCID-yw8s-ezc7-6ub8
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.1-2
5
url pkg:deb/debian/expat@2.7.1-2?distro=trixie
purl pkg:deb/debian/expat@2.7.1-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-292c-g8n3-cyfn
1
vulnerability VCID-77y6-jskt-qucb
2
vulnerability VCID-jqe4-44gw-wbhu
3
vulnerability VCID-nktd-7gph-kkb1
4
vulnerability VCID-utz3-ytaf-cbht
5
vulnerability VCID-v41j-xj8s-m7ar
6
vulnerability VCID-yw8s-ezc7-6ub8
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.1-2%3Fdistro=trixie
6
url pkg:deb/debian/expat@2.7.5-1
purl pkg:deb/debian/expat@2.7.5-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-292c-g8n3-cyfn
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.5-1
7
url pkg:deb/debian/expat@2.7.5-1?distro=trixie
purl pkg:deb/debian/expat@2.7.5-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-292c-g8n3-cyfn
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.7.5-1%3Fdistro=trixie
8
url pkg:rpm/redhat/expat-main@2.8.0-0.1?arch=hum1
purl pkg:rpm/redhat/expat-main@2.8.0-0.1?arch=hum1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-292c-g8n3-cyfn
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/expat-main@2.8.0-0.1%3Farch=hum1
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41080.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41080.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-41080
reference_id
reference_type
scores
0
value 0.00025
scoring_system epss
scoring_elements 0.06902
published_at 2026-04-21T12:55:00Z
1
value 0.00025
scoring_system epss
scoring_elements 0.06758
published_at 2026-04-18T12:55:00Z
2
value 0.0003
scoring_system epss
scoring_elements 0.08692
published_at 2026-04-24T12:55:00Z
3
value 0.0003
scoring_system epss
scoring_elements 0.08646
published_at 2026-04-26T12:55:00Z
4
value 0.00033
scoring_system epss
scoring_elements 0.09592
published_at 2026-04-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-41080
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41080
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41080
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 2.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://www.openwall.com/lists/oss-security/2026/04/26/1
reference_id 1
reference_type
scores
0
value 2.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-18T02:32:34Z/
url https://www.openwall.com/lists/oss-security/2026/04/26/1
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134732
reference_id 1134732
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134732
6
reference_url https://github.com/libexpat/libexpat/pull/1183
reference_id 1183
reference_type
scores
0
value 2.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-18T02:32:34Z/
url https://github.com/libexpat/libexpat/pull/1183
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2458967
reference_id 2458967
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2458967
8
reference_url https://github.com/libexpat/libexpat/issues/47
reference_id 47
reference_type
scores
0
value 2.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-18T02:32:34Z/
url https://github.com/libexpat/libexpat/issues/47
9
reference_url https://blog.hartwork.org/posts/expat-2-8-0-released/
reference_id expat-2-8-0-released
reference_type
scores
0
value 2.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-18T02:32:34Z/
url https://blog.hartwork.org/posts/expat-2-8-0-released/
10
reference_url https://access.redhat.com/errata/RHSA-2026:11004
reference_id RHSA-2026:11004
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:11004
Weaknesses
0
cwe_id 331
name Insufficient Entropy
description The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.
Exploits
Severity_range_score2.5 - 7.5
Exploitability0.5
Weighted_severity6.8
Risk_score3.4
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-292c-g8n3-cyfn