Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/botan3@3.12.0%2Bdfsg-2

Type deb

Namespace debian

Name botan3

Version 3.12.0+dfsg-2

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-2tn7-1mpw-n3gn

vulnerability_id VCID-2tn7-1mpw-n3gn

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32884.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32884.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-32884

reference_id

reference_type

scores

value	9e-05
scoring_system	epss
scoring_elements	0.01011
published_at	2026-06-11T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.01009
published_at	2026-06-12T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.01016
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-32884

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32884
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32884

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2453205
reference_id	2453205
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2453205

reference_url

https://github.com/randombit/botan/security/advisories/GHSA-7c3g-7763-ggj5

reference_id

GHSA-7c3g-7763-ggj5

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T18:50:34Z/

url

https://github.com/randombit/botan/security/advisories/GHSA-7c3g-7763-ggj5

fixed_packages

url	pkg:deb/debian/botan3@3.12.0%2Bdfsg-2
purl	pkg:deb/debian/botan3@3.12.0%2Bdfsg-2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/botan3@3.12.0%252Bdfsg-2

aliases CVE-2026-32884

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2tn7-1mpw-n3gn

url VCID-h2rp-935z-gkbf

vulnerability_id VCID-h2rp-935z-gkbf

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34582.json

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34582.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-34582

reference_id

reference_type

scores

value	0.00033
scoring_system	epss
scoring_elements	0.10113
published_at	2026-06-11T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.10159
published_at	2026-06-12T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.10164
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-34582

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34582
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34582

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2456285
reference_id	2456285
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2456285

reference_url

https://github.com/randombit/botan/security/advisories/GHSA-pxcj-9ppx-g86g

reference_id

GHSA-pxcj-9ppx-g86g

reference_type

scores

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-08T15:41:07Z/

url

https://github.com/randombit/botan/security/advisories/GHSA-pxcj-9ppx-g86g

fixed_packages

url	pkg:deb/debian/botan3@3.12.0%2Bdfsg-2
purl	pkg:deb/debian/botan3@3.12.0%2Bdfsg-2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/botan3@3.12.0%252Bdfsg-2

aliases CVE-2026-34582

risk_score 4.1

exploitability 0.5

weighted_severity 8.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h2rp-935z-gkbf

url VCID-kk6t-e2zm-5bck

vulnerability_id VCID-kk6t-e2zm-5bck

summary Botan is a C++ cryptography library. From version 2.3.0 to before version 3.11.0, during SM2 decryption, the code that checked the authentication code value (C3) failed to check that the encoded value was of the expected length prior to comparison. An invalid ciphertext can cause a heap over-read of up to 31 bytes, resulting in a crash or potentially other undefined behavior. This issue has been patched in version 3.11.0.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32877.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32877.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-32877

reference_id

reference_type

scores

value	0.00063
scoring_system	epss
scoring_elements	0.19873
published_at	2026-06-11T12:55:00Z

value	0.00063
scoring_system	epss
scoring_elements	0.20045
published_at	2026-06-12T12:55:00Z

value	0.00063
scoring_system	epss
scoring_elements	0.20065
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-32877

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32877
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32877

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2453209
reference_id	2453209
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2453209

reference_url

https://github.com/randombit/botan/security/advisories/GHSA-7jj6-4r42-w9h6

reference_id

GHSA-7jj6-4r42-w9h6

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T15:25:50Z/

url

https://github.com/randombit/botan/security/advisories/GHSA-7jj6-4r42-w9h6

fixed_packages

url	pkg:deb/debian/botan3@3.12.0%2Bdfsg-2
purl	pkg:deb/debian/botan3@3.12.0%2Bdfsg-2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/botan3@3.12.0%252Bdfsg-2

aliases CVE-2026-32877

risk_score 3.7

exploitability 0.5

weighted_severity 7.4

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kk6t-e2zm-5bck

url VCID-m4uz-wud7-3bf2

vulnerability_id VCID-m4uz-wud7-3bf2

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-44378

reference_id

reference_type

scores

value	0.00055
scoring_system	epss
scoring_elements	0.17592
published_at	2026-06-11T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17751
published_at	2026-06-12T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17767
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-44378

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/randombit/botan/security/advisories/GHSA-7q2v-3g27-6g3j

reference_id

GHSA-7q2v-3g27-6g3j

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-27T19:20:50Z/

url

https://github.com/randombit/botan/security/advisories/GHSA-7q2v-3g27-6g3j

fixed_packages

url	pkg:deb/debian/botan3@3.12.0%2Bdfsg-2
purl	pkg:deb/debian/botan3@3.12.0%2Bdfsg-2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/botan3@3.12.0%252Bdfsg-2

aliases CVE-2026-44378

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m4uz-wud7-3bf2

url VCID-twnz-2bvd-a7f5

vulnerability_id VCID-twnz-2bvd-a7f5

summary Botan is a C++ cryptography library. From version 3.0.0 to before version 3.11.0, during X509 path validation, OCSP responses were checked for an appropriate status code, but critically omitted verifying the signature of the OCSP response itself. This issue has been patched in version 3.11.0.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32883.json

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32883.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-32883

reference_id

reference_type

scores

value	9e-05
scoring_system	epss
scoring_elements	0.01077
published_at	2026-06-11T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.01074
published_at	2026-06-12T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.0108
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-32883

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2453204
reference_id	2453204
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2453204

reference_url

https://github.com/randombit/botan/security/advisories/GHSA-9j2j-hqmc-hf5x

reference_id

GHSA-9j2j-hqmc-hf5x

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T14:09:48Z/

url

https://github.com/randombit/botan/security/advisories/GHSA-9j2j-hqmc-hf5x

fixed_packages

url	pkg:deb/debian/botan3@3.12.0%2Bdfsg-2
purl	pkg:deb/debian/botan3@3.12.0%2Bdfsg-2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/botan3@3.12.0%252Bdfsg-2

aliases CVE-2026-32883

risk_score 3.0

exploitability 0.5

weighted_severity 6.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-twnz-2bvd-a7f5

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/botan3@3.12.0%252Bdfsg-2

Package Instance