Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/omero-web@5.6.dev6

Type pypi

Namespace

Name omero-web

Version 5.6.dev6

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 5.29.3

Latest_non_vulnerable_version 5.29.3

Affected_by_vulnerabilities

url VCID-31u4-a1rs-e7gs

vulnerability_id VCID-31u4-a1rs-e7gs

summary OMERO.web provides a web based client and plugin infrastructure. In versions prior to 5.11.0, a variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of ``jQuery.html()``, there are a whole host of cross-site scripting possibilities with specially crafted input to a variety of fields. This issue is patched in version 5.11.0. There are no known workarounds aside from upgrading.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-41132

reference_id

reference_type

scores

value	0.00558
scoring_system	epss
scoring_elements	0.68514
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-41132

reference_url

https://github.com/ome/omero-web

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/ome/omero-web

reference_url

https://github.com/ome/omero-web/commit/0168067accde5e635341b3c714b1d53ae92ba424

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/ome/omero-web/commit/0168067accde5e635341b3c714b1d53ae92ba424

reference_url

https://github.com/ome/omero-web/security/advisories/GHSA-g67g-hvc3-xmvf

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/ome/omero-web/security/advisories/GHSA-g67g-hvc3-xmvf

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/omero-figure/PYSEC-2021-379.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/omero-figure/PYSEC-2021-379.yaml

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/omero-web/PYSEC-2021-372.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/omero-web/PYSEC-2021-372.yaml

reference_url

https://www.openmicroscopy.org/security/advisories/2021-SV3

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.openmicroscopy.org/security/advisories/2021-SV3

reference_url	https://www.openmicroscopy.org/security/advisories/2021-SV3/
reference_id
reference_type
scores
url	https://www.openmicroscopy.org/security/advisories/2021-SV3/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-41132

reference_id

CVE-2021-41132

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-41132

reference_url

https://github.com/advisories/GHSA-g67g-hvc3-xmvf

reference_id

GHSA-g67g-hvc3-xmvf

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-g67g-hvc3-xmvf

fixed_packages

url pkg:pypi/omero-web@5.11.0

purl pkg:pypi/omero-web@5.11.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9au9-67c5-p7c6

vulnerability	VCID-skae-vc4n-5qem

vulnerability	VCID-wtbe-17ty-jke2

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/omero-web@5.11.0

aliases CVE-2021-41132, GHSA-g67g-hvc3-xmvf, PYSEC-2021-372, PYSEC-2021-379

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-31u4-a1rs-e7gs

url VCID-7rje-5fyr-8udj

vulnerability_id VCID-7rje-5fyr-8udj

summary OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 loads various information about the current user such as their id, name and the groups they are in, and these are available on the main webclient pages. This represents an information exposure vulnerability. Some additional information being loaded is not used by the webclient and is being removed in this release. This is fixed in version 5.9.0.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-21376

reference_id

reference_type

scores

value	0.00424
scoring_system	epss
scoring_elements	0.6245
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-21376

reference_url

https://github.com/ome/omero-web

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

value	7.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/ome/omero-web

reference_url

https://github.com/ome/omero-web/blob/master/CHANGELOG.md#590-march-2021

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

value	7.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/ome/omero-web/blob/master/CHANGELOG.md#590-march-2021

reference_url

https://github.com/ome/omero-web/commit/952f8e5d28532fbb14fb665982211329d137908c

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

value	7.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/ome/omero-web/commit/952f8e5d28532fbb14fb665982211329d137908c

reference_url

https://github.com/ome/omero-web/security/advisories/GHSA-gfp2-w5jm-955q

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	7.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/ome/omero-web/security/advisories/GHSA-gfp2-w5jm-955q

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/omero-web/PYSEC-2021-31.yaml

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

value	7.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/omero-web/PYSEC-2021-31.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-21376

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

value	7.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-21376

reference_url

https://pypi.org/project/omero-web

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

value	7.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://pypi.org/project/omero-web

reference_url	https://pypi.org/project/omero-web/
reference_id
reference_type
scores
url	https://pypi.org/project/omero-web/

reference_url

https://www.openmicroscopy.org/security/advisories/2021-SV1

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

value	7.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.openmicroscopy.org/security/advisories/2021-SV1

reference_url	https://www.openmicroscopy.org/security/advisories/2021-SV1/
reference_id
reference_type
scores
url	https://www.openmicroscopy.org/security/advisories/2021-SV1/

reference_url

https://github.com/advisories/GHSA-gfp2-w5jm-955q

reference_id

GHSA-gfp2-w5jm-955q

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-gfp2-w5jm-955q

fixed_packages

url pkg:pypi/omero-web@5.9.0

purl pkg:pypi/omero-web@5.9.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-31u4-a1rs-e7gs

vulnerability	VCID-9au9-67c5-p7c6

vulnerability	VCID-skae-vc4n-5qem

vulnerability	VCID-wtbe-17ty-jke2

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/omero-web@5.9.0

aliases CVE-2021-21376, GHSA-gfp2-w5jm-955q, PYSEC-2021-31

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7rje-5fyr-8udj

url VCID-9au9-67c5-p7c6

vulnerability_id VCID-9au9-67c5-p7c6

summary

OMERO.web uses jquery-form library, which may be vulnerable to XSS attack
OMERO.web uses the jquery-form library throughout to handle form submission and response processing. Due to some unpatched potential vulnerabilities in jquery-form, OMERO.web 5.29.2 and earlier may be susceptible to XSS attacks.

references

reference_url

https://github.com/jquery-form/form/issues/604

reference_id

reference_type

scores

value	1.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/jquery-form/form/issues/604

reference_url

https://github.com/ome/omero-web

reference_id

reference_type

scores

value	1.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/ome/omero-web

reference_url

https://github.com/ome/omero-web/commit/a3eadf722cfada2b844b97abe65baf5856e77c4f

reference_id

reference_type

scores

value	1.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/ome/omero-web/commit/a3eadf722cfada2b844b97abe65baf5856e77c4f

reference_url

https://github.com/advisories/GHSA-j4gv-6x9v-v23g

reference_id

GHSA-j4gv-6x9v-v23g

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-j4gv-6x9v-v23g

reference_url

https://github.com/ome/omero-web/security/advisories/GHSA-j4gv-6x9v-v23g

reference_id

GHSA-j4gv-6x9v-v23g

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

value	1.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/ome/omero-web/security/advisories/GHSA-j4gv-6x9v-v23g

fixed_packages

url	pkg:pypi/omero-web@5.29.3
purl	pkg:pypi/omero-web@5.29.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/omero-web@5.29.3

aliases GHSA-j4gv-6x9v-v23g

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9au9-67c5-p7c6

url VCID-qqhk-myh6-3ffw

vulnerability_id VCID-qqhk-myh6-3ffw

summary OMERO.web before 5.6.3 optionally allows sensitive data elements (e.g., a session key) to be passed as URL query parameters. If an attacker tricks a user into clicking a malicious link in OMERO.web, the information in the query parameters may be exposed in the Referer header seen by the target. Information in the URL path such as object IDs may also be exposed.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-7932

reference_id

reference_type

scores

value	0.00345
scoring_system	epss
scoring_elements	0.57325
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-7932

reference_url

https://github.com/ome/omero-web

reference_id

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ome/omero-web

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/omero-web/PYSEC-2020-244.yaml

reference_id

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/omero-web/PYSEC-2020-244.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-7932

reference_id

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-7932

reference_url

https://www.openmicroscopy.org/security/advisories/2019-SV4

reference_id

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.openmicroscopy.org/security/advisories/2019-SV4

reference_url	https://www.openmicroscopy.org/security/advisories/2019-SV4/
reference_id
reference_type
scores
url	https://www.openmicroscopy.org/security/advisories/2019-SV4/

reference_url	https://github.com/advisories/GHSA-vwxv-frj6-fhc9
reference_id	GHSA-vwxv-frj6-fhc9
reference_type
scores
url	https://github.com/advisories/GHSA-vwxv-frj6-fhc9

fixed_packages

url pkg:pypi/omero-web@5.6.3

purl pkg:pypi/omero-web@5.6.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-31u4-a1rs-e7gs

vulnerability	VCID-7rje-5fyr-8udj

vulnerability	VCID-9au9-67c5-p7c6

vulnerability	VCID-skae-vc4n-5qem

vulnerability	VCID-wtbe-17ty-jke2

vulnerability	VCID-zpk9-2fb7-sqfj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/omero-web@5.6.3

aliases CVE-2020-7932, GHSA-vwxv-frj6-fhc9, PYSEC-2020-244

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qqhk-myh6-3ffw

url VCID-skae-vc4n-5qem

vulnerability_id VCID-skae-vc4n-5qem

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-54791

reference_id

reference_type

scores

value	0.00085
scoring_system	epss
scoring_elements	0.24626
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-54791

reference_url

https://github.com/ome/omero-web

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ome/omero-web

reference_url

https://github.com/ome/omero-web/commit/8aa2789e8f759c73f1517abe9a0abd44e86644ad

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-13T14:25:17Z/

url

https://github.com/ome/omero-web/commit/8aa2789e8f759c73f1517abe9a0abd44e86644ad

reference_url

https://github.com/ome/omero-web/security/advisories/GHSA-gpmg-4x4g-mr5r

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-13T14:25:17Z/

url

https://github.com/ome/omero-web/security/advisories/GHSA-gpmg-4x4g-mr5r

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-54791

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-54791

reference_url	https://github.com/advisories/GHSA-gpmg-4x4g-mr5r
reference_id	GHSA-gpmg-4x4g-mr5r
reference_type
scores
url	https://github.com/advisories/GHSA-gpmg-4x4g-mr5r

fixed_packages

url pkg:pypi/omero-web@5.29.2

purl pkg:pypi/omero-web@5.29.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9au9-67c5-p7c6

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/omero-web@5.29.2

aliases CVE-2025-54791, GHSA-gpmg-4x4g-mr5r

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-skae-vc4n-5qem

url VCID-wtbe-17ty-jke2

vulnerability_id VCID-wtbe-17ty-jke2

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-35180

reference_id

reference_type

scores

value	0.00422
scoring_system	epss
scoring_elements	0.62352
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-35180

reference_url

https://github.com/ome/omero-web

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ome/omero-web

reference_url

https://github.com/ome/omero-web/commit/d41207cbb82afc56ea79e84db532608aa24ab4aa

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-21T15:13:29Z/

url

https://github.com/ome/omero-web/commit/d41207cbb82afc56ea79e84db532608aa24ab4aa

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-35180

reference_id

CVE-2024-35180

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-35180

reference_url

https://github.com/advisories/GHSA-vr85-5pwx-c6gq

reference_id

GHSA-vr85-5pwx-c6gq

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-vr85-5pwx-c6gq

reference_url

https://github.com/ome/omero-web/security/advisories/GHSA-vr85-5pwx-c6gq

reference_id

GHSA-vr85-5pwx-c6gq

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-21T15:13:29Z/

url

https://github.com/ome/omero-web/security/advisories/GHSA-vr85-5pwx-c6gq

fixed_packages

url pkg:pypi/omero-web@5.26.0

purl pkg:pypi/omero-web@5.26.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9au9-67c5-p7c6

vulnerability	VCID-skae-vc4n-5qem

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/omero-web@5.26.0

aliases CVE-2024-35180, GHSA-vr85-5pwx-c6gq

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wtbe-17ty-jke2

url VCID-zpk9-2fb7-sqfj

vulnerability_id VCID-zpk9-2fb7-sqfj

summary OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 supports redirection to a given URL after performing login or switching the group context. These URLs are not validated, allowing redirection to untrusted sites. OMERO.web 5.9.0 adds URL validation before redirecting. External URLs are not considered valid, unless specified in the omero.web.redirect_allowed_hosts setting.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-21377

reference_id

reference_type

scores

value	0.00314
scoring_system	epss
scoring_elements	0.54759
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-21377

reference_url

https://github.com/ome/omero-web

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

value	5.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ome/omero-web

reference_url

https://github.com/ome/omero-web/blob/master/CHANGELOG.md#590-march-2021

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

value	5.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ome/omero-web/blob/master/CHANGELOG.md#590-march-2021

reference_url

https://github.com/ome/omero-web/commit/952f8e5d28532fbb14fb665982211329d137908c

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

value	5.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ome/omero-web/commit/952f8e5d28532fbb14fb665982211329d137908c

reference_url

https://github.com/ome/omero-web/security/advisories/GHSA-g4rf-pc26-6hmr

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	5.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ome/omero-web/security/advisories/GHSA-g4rf-pc26-6hmr

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/omero-web/PYSEC-2021-32.yaml

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

value	5.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/omero-web/PYSEC-2021-32.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-21377

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

value	5.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-21377

reference_url

https://pypi.org/project/omero-web

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

value	5.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://pypi.org/project/omero-web

reference_url	https://pypi.org/project/omero-web/
reference_id
reference_type
scores
url	https://pypi.org/project/omero-web/

reference_url

https://www.openmicroscopy.org/security/advisories/2021-SV2

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

value	5.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.openmicroscopy.org/security/advisories/2021-SV2

reference_url	https://www.openmicroscopy.org/security/advisories/2021-SV2/
reference_id
reference_type
scores
url	https://www.openmicroscopy.org/security/advisories/2021-SV2/

reference_url

https://github.com/advisories/GHSA-g4rf-pc26-6hmr

reference_id

GHSA-g4rf-pc26-6hmr

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-g4rf-pc26-6hmr

fixed_packages

url pkg:pypi/omero-web@5.9.0

purl pkg:pypi/omero-web@5.9.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-31u4-a1rs-e7gs

vulnerability	VCID-9au9-67c5-p7c6

vulnerability	VCID-skae-vc4n-5qem

vulnerability	VCID-wtbe-17ty-jke2

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/omero-web@5.9.0

aliases CVE-2021-21377, GHSA-g4rf-pc26-6hmr, PYSEC-2021-32

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zpk9-2fb7-sqfj

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/omero-web@5.6.dev6

Package Instance