Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:apk/alpine/nextcloud-client@3.6.6-r0?arch=aarch64&distroversion=edge&reponame=community

Type apk

Namespace alpine

Name nextcloud-client

Version 3.6.6-r0

Qualifiers

arch	aarch64
distroversion	edge
reponame	community

Subpath

Is_vulnerable false

Next_non_vulnerable_version 3.8.1-r0

Latest_non_vulnerable_version 3.8.1-r0

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-cdkh-vvd9-2bge

vulnerability_id VCID-cdkh-vvd9-2bge

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-28997

reference_id

reference_type

scores

value	0.00571
scoring_system	epss
scoring_elements	0.6919
published_at	2026-06-12T12:55:00Z

value	0.00571
scoring_system	epss
scoring_elements	0.69098
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-28997

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28997
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28997

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/nextcloud/desktop/pull/5324

reference_id

5324

reference_type

scores

value	6.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-11T15:32:23Z/

url

https://github.com/nextcloud/desktop/pull/5324

reference_url

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4p33-rw27-j5fc

reference_id

GHSA-4p33-rw27-j5fc

reference_type

scores

value	6.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-11T15:32:23Z/

url

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4p33-rw27-j5fc

reference_url

https://ethz.ch/content/dam/ethz/special-interest/infk/inst-infsec/appliedcrypto/education/theses/report_DanieleCoppola.pdf

reference_id

report_DanieleCoppola.pdf

reference_type

scores

value	6.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-11T15:32:23Z/

url

https://ethz.ch/content/dam/ethz/special-interest/infk/inst-infsec/appliedcrypto/education/theses/report_DanieleCoppola.pdf

fixed_packages

url	pkg:apk/alpine/nextcloud-client@3.6.6-r0?arch=aarch64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/nextcloud-client@3.6.6-r0?arch=aarch64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nextcloud-client@3.6.6-r0%3Farch=aarch64&distroversion=edge&reponame=community

aliases CVE-2023-28997

risk_score 3.0

exploitability 0.5

weighted_severity 6.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cdkh-vvd9-2bge

url VCID-ehvr-7r81-43h2

vulnerability_id VCID-ehvr-7r81-43h2

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-28998

reference_id

reference_type

scores

value	0.00487
scoring_system	epss
scoring_elements	0.65995
published_at	2026-06-12T12:55:00Z

value	0.00487
scoring_system	epss
scoring_elements	0.65899
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-28998

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28998
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28998

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/nextcloud/desktop/pull/5323

reference_id

5323

reference_type

scores

value	6.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-11T15:31:37Z/

url

https://github.com/nextcloud/desktop/pull/5323

reference_url

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-jh3g-wpwv-cqgr

reference_id

GHSA-jh3g-wpwv-cqgr

reference_type

scores

value	6.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-11T15:31:37Z/

url

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-jh3g-wpwv-cqgr

reference_url

https://ethz.ch/content/dam/ethz/special-interest/infk/inst-infsec/appliedcrypto/education/theses/report_DanieleCoppola.pdf

reference_id

report_DanieleCoppola.pdf

reference_type

scores

value	6.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-11T15:31:37Z/

url

https://ethz.ch/content/dam/ethz/special-interest/infk/inst-infsec/appliedcrypto/education/theses/report_DanieleCoppola.pdf

fixed_packages

url	pkg:apk/alpine/nextcloud-client@3.6.6-r0?arch=aarch64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/nextcloud-client@3.6.6-r0?arch=aarch64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nextcloud-client@3.6.6-r0%3Farch=aarch64&distroversion=edge&reponame=community

aliases CVE-2023-28998

risk_score 3.0

exploitability 0.5

weighted_severity 6.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ehvr-7r81-43h2

url VCID-ve6p-rpgm-5uep

vulnerability_id VCID-ve6p-rpgm-5uep

summary The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Versions prior to 3.6.3 are missing sanitisation on qml labels which are used for basic HTML elements such as `strong`, `em` and `head` lines in the UI of the desktop client. The lack of sanitisation may allow for javascript injection. It is recommended that the Nextcloud Desktop Client is upgraded to 3.6.3. There are no known workarounds for this issue.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-23942

reference_id

reference_type

scores

value	0.01776
scoring_system	epss
scoring_elements	0.83088
published_at	2026-06-11T12:55:00Z

value	0.01776
scoring_system	epss
scoring_elements	0.83149
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-23942

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23942
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23942

reference_url

https://hackerone.com/reports/1788598

reference_id

1788598

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:23Z/

url

https://hackerone.com/reports/1788598

reference_url

https://github.com/nextcloud/desktop/pull/5233

reference_id

5233

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:23Z/

url

https://github.com/nextcloud/desktop/pull/5233

reference_url

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-64qc-vf6v-8xgg

reference_id

GHSA-64qc-vf6v-8xgg

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:23Z/

url

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-64qc-vf6v-8xgg

fixed_packages

url	pkg:apk/alpine/nextcloud-client@3.6.6-r0?arch=aarch64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/nextcloud-client@3.6.6-r0?arch=aarch64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nextcloud-client@3.6.6-r0%3Farch=aarch64&distroversion=edge&reponame=community

aliases CVE-2023-23942

risk_score 2.5

exploitability 0.5

weighted_severity 4.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ve6p-rpgm-5uep

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nextcloud-client@3.6.6-r0%3Farch=aarch64&distroversion=edge&reponame=community

Package Instance