Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/xen@4.18.5-r2?arch=armv7&distroversion=v3.20&reponame=main
Typeapk
Namespacealpine
Namexen
Version4.18.5-r2
Qualifiers
arch armv7
distroversion v3.20
reponame main
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version4.18.5-r3
Latest_non_vulnerable_version4.18.5-r9
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-h4vj-9fbc-m7a5
vulnerability_id VCID-h4vj-9fbc-m7a5
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-58142
reference_id
reference_type
scores
0
value 0.00045
scoring_system epss
scoring_elements 0.1421
published_at 2026-06-11T12:55:00Z
1
value 0.00045
scoring_system epss
scoring_elements 0.14329
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-58142
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58142
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58142
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120075
reference_id 1120075
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120075
4
reference_url https://xenbits.xenproject.org/xsa/advisory-472.html
reference_id advisory-472.html
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-09-11T14:24:28Z/
url https://xenbits.xenproject.org/xsa/advisory-472.html
5
reference_url https://xenbits.xen.org/xsa/advisory-472.html
reference_id XSA-472
reference_type
scores
url https://xenbits.xen.org/xsa/advisory-472.html
fixed_packages
0
url pkg:apk/alpine/xen@4.18.5-r2?arch=armv7&distroversion=v3.20&reponame=main
purl pkg:apk/alpine/xen@4.18.5-r2?arch=armv7&distroversion=v3.20&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.18.5-r2%3Farch=armv7&distroversion=v3.20&reponame=main
aliases CVE-2025-58142, XSA-472
risk_score 2.5
exploitability 0.5
weighted_severity 4.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h4vj-9fbc-m7a5
1
url VCID-thcc-he7d-gqag
vulnerability_id VCID-thcc-he7d-gqag
summary 
[This CNA information record relates to multiple CVEs; the
text explains which aspects/vulnerabilities correspond to which CVE.]

There are two issues related to the mapping of pages belonging to other
domains: For one, an assertion is wrong there, where the case actually
needs handling.  A NULL pointer de-reference could result on a release
build.  This is CVE-2025-58144.

And then the P2M lock isn't held until a page reference was actually
obtained (or the attempt to do so has failed).  Otherwise the page can
not only change type, but even ownership in between, thus allowing
domain boundaries to be violated.  This is CVE-2025-58145.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-58144
reference_id
reference_type
scores
0
value 0.00097
scoring_system epss
scoring_elements 0.26676
published_at 2026-06-11T12:55:00Z
1
value 0.00097
scoring_system epss
scoring_elements 0.26879
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-58144
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58144
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58144
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120075
reference_id 1120075
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120075
3
reference_url https://xenbits.xenproject.org/xsa/advisory-473.html
reference_id advisory-473.html
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-11T14:18:50Z/
url https://xenbits.xenproject.org/xsa/advisory-473.html
4
reference_url https://xenbits.xen.org/xsa/advisory-473.html
reference_id XSA-473
reference_type
scores
url https://xenbits.xen.org/xsa/advisory-473.html
fixed_packages
0
url pkg:apk/alpine/xen@4.18.5-r2?arch=armv7&distroversion=v3.20&reponame=main
purl pkg:apk/alpine/xen@4.18.5-r2?arch=armv7&distroversion=v3.20&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.18.5-r2%3Farch=armv7&distroversion=v3.20&reponame=main
aliases CVE-2025-58144, XSA-473
risk_score 1.9
exploitability 0.5
weighted_severity 3.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-thcc-he7d-gqag
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.18.5-r2%3Farch=armv7&distroversion=v3.20&reponame=main