Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:apk/alpine/pdns-recursor@5.4.1-r0?arch=aarch64&distroversion=edge&reponame=community

Type apk

Namespace alpine

Name pdns-recursor

Version 5.4.1-r0

Qualifiers

arch	aarch64
distroversion	edge
reponame	community

Subpath

Is_vulnerable false

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-26wf-1bqp-sbff

vulnerability_id VCID-26wf-1bqp-sbff

summary If you use the zoneToCache function with a malicious authoritative server, an attacker can send a zone that result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-33601

reference_id

reference_type

scores

value	4e-05
scoring_system	epss
scoring_elements	0.00174
published_at	2026-04-26T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.00212
published_at	2026-04-24T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.00259
published_at	2026-04-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-33601

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33601
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33601

reference_url

https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html

reference_id

powerdns-advisory-powerdns-2026-03.html

reference_type

scores

value	4.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T17:52:54Z/

url

https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html

fixed_packages

url	pkg:apk/alpine/pdns-recursor@5.4.1-r0?arch=aarch64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/pdns-recursor@5.4.1-r0?arch=aarch64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/pdns-recursor@5.4.1-r0%3Farch=aarch64&distroversion=edge&reponame=community

aliases CVE-2026-33601

risk_score 1.1

exploitability 0.5

weighted_severity 2.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-26wf-1bqp-sbff

url VCID-5afe-ws96-nqh9

vulnerability_id VCID-5afe-ws96-nqh9

summary By publishing and querying a crafted zone an attacker can cause allocation of large entries in the negative and aggressive NSEC(3) caches.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-33258

reference_id

reference_type

scores

value	3e-05
scoring_system	epss
scoring_elements	0.00114
published_at	2026-04-24T12:55:00Z

value	3e-05
scoring_system	epss
scoring_elements	0.00082
published_at	2026-04-26T12:55:00Z

value	3e-05
scoring_system	epss
scoring_elements	0.00131
published_at	2026-04-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-33258

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33258
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33258

reference_url

https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html

reference_id

powerdns-advisory-powerdns-2026-03.html

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T17:54:49Z/

url

https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html

fixed_packages

url	pkg:apk/alpine/pdns-recursor@5.4.1-r0?arch=aarch64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/pdns-recursor@5.4.1-r0?arch=aarch64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/pdns-recursor@5.4.1-r0%3Farch=aarch64&distroversion=edge&reponame=community

aliases CVE-2026-33258

risk_score 1.3

exploitability 0.5

weighted_severity 2.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5afe-ws96-nqh9

url VCID-anab-r9ty-1yh1

vulnerability_id VCID-anab-r9ty-1yh1

summary An RPZ sent by a malicious authoritative server can result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-33600

reference_id

reference_type

scores

value	0.00018
scoring_system	epss
scoring_elements	0.04891
published_at	2026-04-24T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04927
published_at	2026-04-26T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06375
published_at	2026-04-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-33600

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33600
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33600

reference_url

https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html

reference_id

powerdns-advisory-powerdns-2026-03.html

reference_type

scores

value	4.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T17:52:53Z/

url

https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html

fixed_packages

url	pkg:apk/alpine/pdns-recursor@5.4.1-r0?arch=aarch64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/pdns-recursor@5.4.1-r0?arch=aarch64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/pdns-recursor@5.4.1-r0%3Farch=aarch64&distroversion=edge&reponame=community

aliases CVE-2026-33600

risk_score 1.1

exploitability 0.5

weighted_severity 2.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-anab-r9ty-1yh1

url VCID-k3re-ss39-zugm

vulnerability_id VCID-k3re-ss39-zugm

summary An attacker can send replies that result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service. Cookies are disabled by default.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-33262

reference_id

reference_type

scores

value	4e-05
scoring_system	epss
scoring_elements	0.00196
published_at	2026-04-26T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.00247
published_at	2026-04-24T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.00276
published_at	2026-04-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-33262

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33262
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33262

reference_url

https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html

reference_id

powerdns-advisory-powerdns-2026-03.html

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T17:52:58Z/

url

https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html

fixed_packages

url	pkg:apk/alpine/pdns-recursor@5.4.1-r0?arch=aarch64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/pdns-recursor@5.4.1-r0?arch=aarch64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/pdns-recursor@5.4.1-r0%3Farch=aarch64&distroversion=edge&reponame=community

aliases CVE-2026-33262

risk_score 1.5

exploitability 0.5

weighted_severity 3.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k3re-ss39-zugm

url VCID-mzne-k7ry-pubm

vulnerability_id VCID-mzne-k7ry-pubm

summary Having many concurrent transfers of the same RPZ can lead to inconsistent RPZ data, use after free and/or a crash of the recursor. Normally concurrent transfers of the same RPZ zone can only occur with a malfunctioning RPZ provider.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-33259

reference_id

reference_type

scores

value	2e-05
scoring_system	epss
scoring_elements	0.00038
published_at	2026-04-24T12:55:00Z

value	2e-05
scoring_system	epss
scoring_elements	0.00028
published_at	2026-04-26T12:55:00Z

value	2e-05
scoring_system	epss
scoring_elements	0.00039
published_at	2026-04-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-33259

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33259
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33259

reference_url

https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html

reference_id

powerdns-advisory-powerdns-2026-03.html

reference_type

scores

value	5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T17:52:55Z/

url

https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html

fixed_packages

url	pkg:apk/alpine/pdns-recursor@5.4.1-r0?arch=aarch64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/pdns-recursor@5.4.1-r0?arch=aarch64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/pdns-recursor@5.4.1-r0%3Farch=aarch64&distroversion=edge&reponame=community

aliases CVE-2026-33259

risk_score 1.2

exploitability 0.5

weighted_severity 2.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mzne-k7ry-pubm

url VCID-v9yz-hcqv-83gu

vulnerability_id VCID-v9yz-hcqv-83gu

summary A zone transition from NSEC to NSEC3 might trigger an internal inconsistency and cause a denial of service.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-33261

reference_id

reference_type

scores

value	2e-05
scoring_system	epss
scoring_elements	0.00049
published_at	2026-04-26T12:55:00Z

value	3e-05
scoring_system	epss
scoring_elements	0.00076
published_at	2026-04-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-33261

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33261
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33261

reference_url

https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html

reference_id

powerdns-advisory-powerdns-2026-03.html

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T17:52:56Z/

url

https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html

fixed_packages

url	pkg:apk/alpine/pdns-recursor@5.4.1-r0?arch=aarch64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/pdns-recursor@5.4.1-r0?arch=aarch64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/pdns-recursor@5.4.1-r0%3Farch=aarch64&distroversion=edge&reponame=community

aliases CVE-2026-33261

risk_score 1.5

exploitability 0.5

weighted_severity 3.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v9yz-hcqv-83gu

url VCID-xasd-r2rc-2ufq

vulnerability_id VCID-xasd-r2rc-2ufq

summary An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-33256

reference_id

reference_type

scores

value	3e-05
scoring_system	epss
scoring_elements	0.00114
published_at	2026-04-24T12:55:00Z

value	3e-05
scoring_system	epss
scoring_elements	0.00083
published_at	2026-04-26T12:55:00Z

value	3e-05
scoring_system	epss
scoring_elements	0.00132
published_at	2026-04-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-33256

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33256
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33256

reference_url

https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html

reference_id

powerdns-advisory-powerdns-2026-03.html

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T17:54:46Z/

url

https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html

fixed_packages

url	pkg:apk/alpine/pdns-recursor@5.4.1-r0?arch=aarch64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/pdns-recursor@5.4.1-r0?arch=aarch64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/pdns-recursor@5.4.1-r0%3Farch=aarch64&distroversion=edge&reponame=community

aliases CVE-2026-33256

risk_score 1.3

exploitability 0.5

weighted_severity 2.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xasd-r2rc-2ufq

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/pdns-recursor@5.4.1-r0%3Farch=aarch64&distroversion=edge&reponame=community

Package Instance