Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/gdown@4.6.6
Typepypi
Namespace
Namegdown
Version4.6.6
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.2.2
Latest_non_vulnerable_version5.2.2
Affected_by_vulnerabilities
0
url VCID-616u-yhzp-hkf7
vulnerability_id VCID-616u-yhzp-hkf7
summary gdown is a Google Drive public file/folder downloader. Versions prior to 5.2.2 are vulnerable to a Path Traversal attack within the extractall functionality. When extracting a maliciously crafted ZIP or TAR archive, the library fails to sanitize or validate the filenames of the archive members. This allow files to be written outside the intended destination directory, potentially leading to arbitrary file overwrite and Remote Code Execution (RCE). Version 5.2.2 contains a fix.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-40491
reference_id
reference_type
scores
0
value 0.00105
scoring_system epss
scoring_elements 0.27968
published_at 2026-06-11T12:55:00Z
1
value 0.00105
scoring_system epss
scoring_elements 0.28167
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-40491
1
reference_url https://github.com/wkentaro/gdown
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wkentaro/gdown
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-40491
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-40491
3
reference_url https://github.com/wkentaro/gdown/commit/af569fc6ed300b7974dee66dc51e9f01b57b4dff
reference_id af569fc6ed300b7974dee66dc51e9f01b57b4dff
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-20T15:49:26Z/
url https://github.com/wkentaro/gdown/commit/af569fc6ed300b7974dee66dc51e9f01b57b4dff
4
reference_url https://github.com/advisories/GHSA-76hw-p97h-883f
reference_id GHSA-76hw-p97h-883f
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-76hw-p97h-883f
5
reference_url https://github.com/wkentaro/gdown/security/advisories/GHSA-76hw-p97h-883f
reference_id GHSA-76hw-p97h-883f
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-20T15:49:26Z/
url https://github.com/wkentaro/gdown/security/advisories/GHSA-76hw-p97h-883f
6
reference_url https://github.com/wkentaro/gdown/releases/tag/v5.2.2
reference_id v5.2.2
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-20T15:49:26Z/
url https://github.com/wkentaro/gdown/releases/tag/v5.2.2
fixed_packages
0
url pkg:pypi/gdown@5.2.2
purl pkg:pypi/gdown@5.2.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/gdown@5.2.2
aliases CVE-2026-40491, GHSA-76hw-p97h-883f
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-616u-yhzp-hkf7
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/gdown@4.6.6