Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-gv39-q6pw-yfh4
Summarynghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination
Aliases
0
alias CVE-2026-27135
Fixed_packages
0
url pkg:apk/alpine/nghttp2@1.68.1?arch=x86&distroversion=edge&reponame=main
purl pkg:apk/alpine/nghttp2@1.68.1?arch=x86&distroversion=edge&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nghttp2@1.68.1%3Farch=x86&distroversion=edge&reponame=main
1
url pkg:apk/alpine/nghttp2@1.68.1?arch=x86_64&distroversion=edge&reponame=main
purl pkg:apk/alpine/nghttp2@1.68.1?arch=x86_64&distroversion=edge&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nghttp2@1.68.1%3Farch=x86_64&distroversion=edge&reponame=main
2
url pkg:apk/alpine/nghttp2@1.68.1?arch=armhf&distroversion=edge&reponame=main
purl pkg:apk/alpine/nghttp2@1.68.1?arch=armhf&distroversion=edge&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nghttp2@1.68.1%3Farch=armhf&distroversion=edge&reponame=main
3
url pkg:apk/alpine/nghttp2@1.68.1?arch=armv7&distroversion=edge&reponame=main
purl pkg:apk/alpine/nghttp2@1.68.1?arch=armv7&distroversion=edge&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nghttp2@1.68.1%3Farch=armv7&distroversion=edge&reponame=main
4
url pkg:apk/alpine/nghttp2@1.68.1?arch=loongarch64&distroversion=edge&reponame=main
purl pkg:apk/alpine/nghttp2@1.68.1?arch=loongarch64&distroversion=edge&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nghttp2@1.68.1%3Farch=loongarch64&distroversion=edge&reponame=main
5
url pkg:apk/alpine/nghttp2@1.68.1?arch=ppc64le&distroversion=edge&reponame=main
purl pkg:apk/alpine/nghttp2@1.68.1?arch=ppc64le&distroversion=edge&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nghttp2@1.68.1%3Farch=ppc64le&distroversion=edge&reponame=main
6
url pkg:apk/alpine/nghttp2@1.68.1?arch=aarch64&distroversion=edge&reponame=main
purl pkg:apk/alpine/nghttp2@1.68.1?arch=aarch64&distroversion=edge&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nghttp2@1.68.1%3Farch=aarch64&distroversion=edge&reponame=main
7
url pkg:apk/alpine/nghttp2@1.68.1?arch=riscv64&distroversion=edge&reponame=main
purl pkg:apk/alpine/nghttp2@1.68.1?arch=riscv64&distroversion=edge&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nghttp2@1.68.1%3Farch=riscv64&distroversion=edge&reponame=main
8
url pkg:apk/alpine/nghttp2@1.68.1?arch=s390x&distroversion=edge&reponame=main
purl pkg:apk/alpine/nghttp2@1.68.1?arch=s390x&distroversion=edge&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nghttp2@1.68.1%3Farch=s390x&distroversion=edge&reponame=main
9
url pkg:deb/debian/nghttp2@1.68.1-1
purl pkg:deb/debian/nghttp2@1.68.1-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nghttp2@1.68.1-1
10
url pkg:deb/debian/nghttp2@1.68.1-1?distro=trixie
purl pkg:deb/debian/nghttp2@1.68.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nghttp2@1.68.1-1%3Fdistro=trixie
Affected_packages
0
url pkg:deb/debian/nghttp2@1.43.0-1%2Bdeb11u1
purl pkg:deb/debian/nghttp2@1.43.0-1%2Bdeb11u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-94sx-qnsn-5ucm
1
vulnerability VCID-gv39-q6pw-yfh4
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nghttp2@1.43.0-1%252Bdeb11u1
1
url pkg:deb/debian/nghttp2@1.43.0-1%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/nghttp2@1.43.0-1%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gv39-q6pw-yfh4
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nghttp2@1.43.0-1%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/nghttp2@1.52.0-1%2Bdeb12u2?distro=trixie
purl pkg:deb/debian/nghttp2@1.52.0-1%2Bdeb12u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gv39-q6pw-yfh4
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nghttp2@1.52.0-1%252Bdeb12u2%3Fdistro=trixie
3
url pkg:deb/debian/nghttp2@1.52.0-1%2Bdeb12u2
purl pkg:deb/debian/nghttp2@1.52.0-1%2Bdeb12u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gv39-q6pw-yfh4
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nghttp2@1.52.0-1%252Bdeb12u2
4
url pkg:deb/debian/nghttp2@1.64.0-1.1?distro=trixie
purl pkg:deb/debian/nghttp2@1.64.0-1.1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gv39-q6pw-yfh4
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nghttp2@1.64.0-1.1%3Fdistro=trixie
5
url pkg:deb/debian/nghttp2@1.64.0-1.1
purl pkg:deb/debian/nghttp2@1.64.0-1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gv39-q6pw-yfh4
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nghttp2@1.64.0-1.1
6
url pkg:rpm/redhat/nghttp2@1.33.0-3.el8_2?arch=4
purl pkg:rpm/redhat/nghttp2@1.33.0-3.el8_2?arch=4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gv39-q6pw-yfh4
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/nghttp2@1.33.0-3.el8_2%3Farch=4
7
url pkg:rpm/redhat/nghttp2@1.33.0-4.el8_4?arch=3
purl pkg:rpm/redhat/nghttp2@1.33.0-4.el8_4?arch=3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gv39-q6pw-yfh4
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/nghttp2@1.33.0-4.el8_4%3Farch=3
8
url pkg:rpm/redhat/nghttp2@1.33.0-4.el8_6?arch=3
purl pkg:rpm/redhat/nghttp2@1.33.0-4.el8_6?arch=3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gv39-q6pw-yfh4
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/nghttp2@1.33.0-4.el8_6%3Farch=3
9
url pkg:rpm/redhat/nghttp2@1.33.0-5.el8_8?arch=2
purl pkg:rpm/redhat/nghttp2@1.33.0-5.el8_8?arch=2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gv39-q6pw-yfh4
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/nghttp2@1.33.0-5.el8_8%3Farch=2
10
url pkg:rpm/redhat/nghttp2@1.33.0-6.el8_10?arch=2
purl pkg:rpm/redhat/nghttp2@1.33.0-6.el8_10?arch=2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gv39-q6pw-yfh4
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/nghttp2@1.33.0-6.el8_10%3Farch=2
11
url pkg:rpm/redhat/nghttp2@1.43.0-5.el9_0?arch=4
purl pkg:rpm/redhat/nghttp2@1.43.0-5.el9_0?arch=4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gv39-q6pw-yfh4
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/nghttp2@1.43.0-5.el9_0%3Farch=4
12
url pkg:rpm/redhat/nghttp2@1.43.0-5.el9_2?arch=4
purl pkg:rpm/redhat/nghttp2@1.43.0-5.el9_2?arch=4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gv39-q6pw-yfh4
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/nghttp2@1.43.0-5.el9_2%3Farch=4
13
url pkg:rpm/redhat/nghttp2@1.43.0-5.el9_4?arch=4
purl pkg:rpm/redhat/nghttp2@1.43.0-5.el9_4?arch=4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gv39-q6pw-yfh4
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/nghttp2@1.43.0-5.el9_4%3Farch=4
14
url pkg:rpm/redhat/nghttp2@1.43.0-6.el9_6?arch=1
purl pkg:rpm/redhat/nghttp2@1.43.0-6.el9_6?arch=1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gv39-q6pw-yfh4
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/nghttp2@1.43.0-6.el9_6%3Farch=1
15
url pkg:rpm/redhat/nghttp2@1.43.0-6.el9_7?arch=1
purl pkg:rpm/redhat/nghttp2@1.43.0-6.el9_7?arch=1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gv39-q6pw-yfh4
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/nghttp2@1.43.0-6.el9_7%3Farch=1
16
url pkg:rpm/redhat/nghttp2@1.64.0-2.el10_1?arch=1
purl pkg:rpm/redhat/nghttp2@1.64.0-2.el10_1?arch=1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gv39-q6pw-yfh4
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/nghttp2@1.64.0-2.el10_1%3Farch=1
17
url pkg:rpm/redhat/nodejs22@1:22.22.2-1?arch=el10_1
purl pkg:rpm/redhat/nodejs22@1:22.22.2-1?arch=el10_1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dt7u-3usg-9uet
1
vulnerability VCID-gv39-q6pw-yfh4
2
vulnerability VCID-hgd1-7u6j-p7dh
3
vulnerability VCID-hzsn-68be-dkej
4
vulnerability VCID-kq3k-xr3z-z3c4
5
vulnerability VCID-n6ew-t7g1-33gn
6
vulnerability VCID-q4u6-6pbw-5bcq
7
vulnerability VCID-sy2z-sqgk-d7hg
8
vulnerability VCID-z7ac-jr58-gkfm
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/nodejs22@1:22.22.2-1%3Farch=el10_1
18
url pkg:rpm/redhat/nodejs22@1:22.22.2-2?arch=el10_0
purl pkg:rpm/redhat/nodejs22@1:22.22.2-2?arch=el10_0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dt7u-3usg-9uet
1
vulnerability VCID-gv39-q6pw-yfh4
2
vulnerability VCID-hgd1-7u6j-p7dh
3
vulnerability VCID-hzsn-68be-dkej
4
vulnerability VCID-kq3k-xr3z-z3c4
5
vulnerability VCID-n6ew-t7g1-33gn
6
vulnerability VCID-q4u6-6pbw-5bcq
7
vulnerability VCID-sy2z-sqgk-d7hg
8
vulnerability VCID-z7ac-jr58-gkfm
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/nodejs22@1:22.22.2-2%3Farch=el10_0
19
url pkg:rpm/redhat/nodejs24@1:24.14.1-2?arch=el10_1
purl pkg:rpm/redhat/nodejs24@1:24.14.1-2?arch=el10_1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1vp3-fzdr-yqbm
1
vulnerability VCID-2t7c-dju9-pff6
2
vulnerability VCID-96yh-1wub-zucg
3
vulnerability VCID-bjza-25hu-vkad
4
vulnerability VCID-dgkh-jdah-wfh9
5
vulnerability VCID-dt7u-3usg-9uet
6
vulnerability VCID-fetp-hvhq-dube
7
vulnerability VCID-gv39-q6pw-yfh4
8
vulnerability VCID-hgd1-7u6j-p7dh
9
vulnerability VCID-hzsn-68be-dkej
10
vulnerability VCID-n6ew-t7g1-33gn
11
vulnerability VCID-ph2p-u33d-8yh3
12
vulnerability VCID-q4u6-6pbw-5bcq
13
vulnerability VCID-sy2z-sqgk-d7hg
14
vulnerability VCID-twc8-ewm7-wkb1
15
vulnerability VCID-vdca-exd1-rfce
16
vulnerability VCID-xert-byqc-xbe2
17
vulnerability VCID-z7ac-jr58-gkfm
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/nodejs24@1:24.14.1-2%3Farch=el10_1
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27135.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27135.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-27135
reference_id
reference_type
scores
0
value 0.00017
scoring_system epss
scoring_elements 0.04001
published_at 2026-04-02T12:55:00Z
1
value 0.00017
scoring_system epss
scoring_elements 0.03971
published_at 2026-04-16T12:55:00Z
2
value 0.00017
scoring_system epss
scoring_elements 0.04038
published_at 2026-04-08T12:55:00Z
3
value 0.00017
scoring_system epss
scoring_elements 0.04057
published_at 2026-04-09T12:55:00Z
4
value 0.00017
scoring_system epss
scoring_elements 0.0403
published_at 2026-04-11T12:55:00Z
5
value 0.00017
scoring_system epss
scoring_elements 0.04016
published_at 2026-04-12T12:55:00Z
6
value 0.00017
scoring_system epss
scoring_elements 0.03988
published_at 2026-04-13T12:55:00Z
7
value 0.00017
scoring_system epss
scoring_elements 0.04018
published_at 2026-04-04T12:55:00Z
8
value 0.00017
scoring_system epss
scoring_elements 0.04032
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-27135
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27135
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27135
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131369
reference_id 1131369
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131369
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2448754
reference_id 2448754
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2448754
6
reference_url https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1
reference_id 5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-18T18:36:41Z/
url https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1
7
reference_url https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6
reference_id GHSA-6933-cjhr-5qg6
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-18T18:36:41Z/
url https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6
8
reference_url https://access.redhat.com/errata/RHSA-2026:7080
reference_id RHSA-2026:7080
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7080
9
reference_url https://access.redhat.com/errata/RHSA-2026:7123
reference_id RHSA-2026:7123
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7123
10
reference_url https://access.redhat.com/errata/RHSA-2026:7302
reference_id RHSA-2026:7302
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7302
11
reference_url https://access.redhat.com/errata/RHSA-2026:7310
reference_id RHSA-2026:7310
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7310
12
reference_url https://access.redhat.com/errata/RHSA-2026:7350
reference_id RHSA-2026:7350
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7350
13
reference_url https://access.redhat.com/errata/RHSA-2026:7666
reference_id RHSA-2026:7666
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7666
14
reference_url https://access.redhat.com/errata/RHSA-2026:7667
reference_id RHSA-2026:7667
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7667
15
reference_url https://access.redhat.com/errata/RHSA-2026:7668
reference_id RHSA-2026:7668
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7668
16
reference_url https://access.redhat.com/errata/RHSA-2026:7670
reference_id RHSA-2026:7670
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7670
17
reference_url https://access.redhat.com/errata/RHSA-2026:7675
reference_id RHSA-2026:7675
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7675
18
reference_url https://access.redhat.com/errata/RHSA-2026:7896
reference_id RHSA-2026:7896
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7896
19
reference_url https://access.redhat.com/errata/RHSA-2026:7983
reference_id RHSA-2026:7983
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7983
20
reference_url https://access.redhat.com/errata/RHSA-2026:8339
reference_id RHSA-2026:8339
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8339
21
reference_url https://access.redhat.com/errata/RHSA-2026:8538
reference_id RHSA-2026:8538
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8538
22
reference_url https://access.redhat.com/errata/RHSA-2026:8539
reference_id RHSA-2026:8539
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8539
23
reference_url https://access.redhat.com/errata/RHSA-2026:8540
reference_id RHSA-2026:8540
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8540
24
reference_url https://access.redhat.com/errata/RHSA-2026:8541
reference_id RHSA-2026:8541
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8541
25
reference_url https://access.redhat.com/errata/RHSA-2026:8545
reference_id RHSA-2026:8545
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8545
26
reference_url https://access.redhat.com/errata/RHSA-2026:8546
reference_id RHSA-2026:8546
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8546
27
reference_url https://access.redhat.com/errata/RHSA-2026:8547
reference_id RHSA-2026:8547
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8547
28
reference_url https://access.redhat.com/errata/RHSA-2026:8548
reference_id RHSA-2026:8548
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8548
Weaknesses
0
cwe_id 617
name Reachable Assertion
description The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
Exploits
Severity_range_score7.5 - 7.5
Exploitability0.5
Weighted_severity6.8
Risk_score3.4
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-gv39-q6pw-yfh4