Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-s28v-vbvy-3bgb
SummaryImproper Restriction of Excessive Authentication Attempts in GitHub repository janeczku/calibre-web prior to 0.6.20.
Aliases
0
alias CVE-2022-2525
1
alias GHSA-jg8w-wgx2-g7q4
Fixed_packages
0
url pkg:pypi/calibreweb@0.6.20
purl pkg:pypi/calibreweb@0.6.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4xd2-y3tq-ckh8
1
vulnerability VCID-gb1g-yf4f-tygr
2
vulnerability VCID-gwc3-dztv-37dw
3
vulnerability VCID-m8wg-f36t-pygt
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/calibreweb@0.6.20
Affected_packages
0
url pkg:pypi/calibreweb@0.6.12
purl pkg:pypi/calibreweb@0.6.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4xd2-y3tq-ckh8
1
vulnerability VCID-6z85-9d5x-nyaq
2
vulnerability VCID-9jsz-tc58-2ud8
3
vulnerability VCID-am1q-9mhn-c7fr
4
vulnerability VCID-bkzx-fvcv-t3g8
5
vulnerability VCID-c5yg-2q1m-qkf6
6
vulnerability VCID-g6g1-rcqv-wkdj
7
vulnerability VCID-gb1g-yf4f-tygr
8
vulnerability VCID-gwc3-dztv-37dw
9
vulnerability VCID-hsbf-rfcu-qyaq
10
vulnerability VCID-jcpd-2fkh-mkc1
11
vulnerability VCID-kekh-f74c-m7bt
12
vulnerability VCID-kswt-bt4h-nbdf
13
vulnerability VCID-m8wg-f36t-pygt
14
vulnerability VCID-mayx-3wtu-nkbp
15
vulnerability VCID-s28v-vbvy-3bgb
16
vulnerability VCID-xmnj-teby-fygk
17
vulnerability VCID-y3wa-7wgk-3khp
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/calibreweb@0.6.12
1
url pkg:pypi/calibreweb@0.6.13
purl pkg:pypi/calibreweb@0.6.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4xd2-y3tq-ckh8
1
vulnerability VCID-6z85-9d5x-nyaq
2
vulnerability VCID-9jsz-tc58-2ud8
3
vulnerability VCID-am1q-9mhn-c7fr
4
vulnerability VCID-bkzx-fvcv-t3g8
5
vulnerability VCID-c5yg-2q1m-qkf6
6
vulnerability VCID-g6g1-rcqv-wkdj
7
vulnerability VCID-gb1g-yf4f-tygr
8
vulnerability VCID-gwc3-dztv-37dw
9
vulnerability VCID-hsbf-rfcu-qyaq
10
vulnerability VCID-jcpd-2fkh-mkc1
11
vulnerability VCID-kekh-f74c-m7bt
12
vulnerability VCID-kswt-bt4h-nbdf
13
vulnerability VCID-m8wg-f36t-pygt
14
vulnerability VCID-mayx-3wtu-nkbp
15
vulnerability VCID-s28v-vbvy-3bgb
16
vulnerability VCID-xmnj-teby-fygk
17
vulnerability VCID-y3wa-7wgk-3khp
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/calibreweb@0.6.13
2
url pkg:pypi/calibreweb@0.6.14
purl pkg:pypi/calibreweb@0.6.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4xd2-y3tq-ckh8
1
vulnerability VCID-6z85-9d5x-nyaq
2
vulnerability VCID-9jsz-tc58-2ud8
3
vulnerability VCID-am1q-9mhn-c7fr
4
vulnerability VCID-bkzx-fvcv-t3g8
5
vulnerability VCID-c5yg-2q1m-qkf6
6
vulnerability VCID-g6g1-rcqv-wkdj
7
vulnerability VCID-gb1g-yf4f-tygr
8
vulnerability VCID-gwc3-dztv-37dw
9
vulnerability VCID-hsbf-rfcu-qyaq
10
vulnerability VCID-jcpd-2fkh-mkc1
11
vulnerability VCID-kekh-f74c-m7bt
12
vulnerability VCID-kswt-bt4h-nbdf
13
vulnerability VCID-m8wg-f36t-pygt
14
vulnerability VCID-mayx-3wtu-nkbp
15
vulnerability VCID-s28v-vbvy-3bgb
16
vulnerability VCID-xmnj-teby-fygk
17
vulnerability VCID-y3wa-7wgk-3khp
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/calibreweb@0.6.14
3
url pkg:pypi/calibreweb@0.6.15
purl pkg:pypi/calibreweb@0.6.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4xd2-y3tq-ckh8
1
vulnerability VCID-6z85-9d5x-nyaq
2
vulnerability VCID-9jsz-tc58-2ud8
3
vulnerability VCID-am1q-9mhn-c7fr
4
vulnerability VCID-bkzx-fvcv-t3g8
5
vulnerability VCID-g6g1-rcqv-wkdj
6
vulnerability VCID-gb1g-yf4f-tygr
7
vulnerability VCID-gwc3-dztv-37dw
8
vulnerability VCID-jcpd-2fkh-mkc1
9
vulnerability VCID-kekh-f74c-m7bt
10
vulnerability VCID-m8wg-f36t-pygt
11
vulnerability VCID-s28v-vbvy-3bgb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/calibreweb@0.6.15
4
url pkg:pypi/calibreweb@0.6.16
purl pkg:pypi/calibreweb@0.6.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4xd2-y3tq-ckh8
1
vulnerability VCID-bkzx-fvcv-t3g8
2
vulnerability VCID-g6g1-rcqv-wkdj
3
vulnerability VCID-gb1g-yf4f-tygr
4
vulnerability VCID-gwc3-dztv-37dw
5
vulnerability VCID-jcpd-2fkh-mkc1
6
vulnerability VCID-kekh-f74c-m7bt
7
vulnerability VCID-m8wg-f36t-pygt
8
vulnerability VCID-s28v-vbvy-3bgb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/calibreweb@0.6.16
5
url pkg:pypi/calibreweb@0.6.17
purl pkg:pypi/calibreweb@0.6.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4xd2-y3tq-ckh8
1
vulnerability VCID-bkzx-fvcv-t3g8
2
vulnerability VCID-gb1g-yf4f-tygr
3
vulnerability VCID-gwc3-dztv-37dw
4
vulnerability VCID-jcpd-2fkh-mkc1
5
vulnerability VCID-m8wg-f36t-pygt
6
vulnerability VCID-s28v-vbvy-3bgb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/calibreweb@0.6.17
6
url pkg:pypi/calibreweb@0.6.18
purl pkg:pypi/calibreweb@0.6.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4xd2-y3tq-ckh8
1
vulnerability VCID-bkzx-fvcv-t3g8
2
vulnerability VCID-gb1g-yf4f-tygr
3
vulnerability VCID-gwc3-dztv-37dw
4
vulnerability VCID-m8wg-f36t-pygt
5
vulnerability VCID-s28v-vbvy-3bgb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/calibreweb@0.6.18
7
url pkg:pypi/calibreweb@0.6.19
purl pkg:pypi/calibreweb@0.6.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4xd2-y3tq-ckh8
1
vulnerability VCID-bkzx-fvcv-t3g8
2
vulnerability VCID-gb1g-yf4f-tygr
3
vulnerability VCID-gwc3-dztv-37dw
4
vulnerability VCID-m8wg-f36t-pygt
5
vulnerability VCID-s28v-vbvy-3bgb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/calibreweb@0.6.19
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2525
reference_id
reference_type
scores
0
value 0.00351
scoring_system epss
scoring_elements 0.57887
published_at 2026-06-06T12:55:00Z
1
value 0.00351
scoring_system epss
scoring_elements 0.57863
published_at 2026-06-08T12:55:00Z
2
value 0.00351
scoring_system epss
scoring_elements 0.57825
published_at 2026-06-04T12:55:00Z
3
value 0.00351
scoring_system epss
scoring_elements 0.57876
published_at 2026-06-07T12:55:00Z
4
value 0.00351
scoring_system epss
scoring_elements 0.57878
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2525
1
reference_url https://github.com/janeczku/calibre-web/commit/49e4f540c9b204c7e39b3c27ceadecd83ed60e7e
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-06T16:02:14Z/
url https://github.com/janeczku/calibre-web/commit/49e4f540c9b204c7e39b3c27ceadecd83ed60e7e
2
reference_url https://huntr.dev/bounties/9ff87820-c14c-4454-9764-406496254ef0
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-06T16:02:14Z/
url https://huntr.dev/bounties/9ff87820-c14c-4454-9764-406496254ef0
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-2525
reference_id CVE-2022-2525
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-2525
4
reference_url https://github.com/advisories/GHSA-jg8w-wgx2-g7q4
reference_id GHSA-jg8w-wgx2-g7q4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jg8w-wgx2-g7q4
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 307
name Improper Restriction of Excessive Authentication Attempts
description The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_score4.0 - 9.8
Exploitability0.5
Weighted_severity8.8
Risk_score4.4
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-s28v-vbvy-3bgb