Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/omero-web@5.7.0

Type pypi

Namespace

Name omero-web

Version 5.7.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 5.11.0

Latest_non_vulnerable_version 5.29.3

Affected_by_vulnerabilities

url VCID-31u4-a1rs-e7gs

vulnerability_id VCID-31u4-a1rs-e7gs

summary OMERO.web provides a web based client and plugin infrastructure. In versions prior to 5.11.0, a variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of ``jQuery.html()``, there are a whole host of cross-site scripting possibilities with specially crafted input to a variety of fields. This issue is patched in version 5.11.0. There are no known workarounds aside from upgrading.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-41132

reference_id

reference_type

scores

value	0.00558
scoring_system	epss
scoring_elements	0.68514
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-41132

reference_url

https://github.com/ome/omero-web

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/ome/omero-web

reference_url

https://github.com/ome/omero-web/commit/0168067accde5e635341b3c714b1d53ae92ba424

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/ome/omero-web/commit/0168067accde5e635341b3c714b1d53ae92ba424

reference_url

https://github.com/ome/omero-web/security/advisories/GHSA-g67g-hvc3-xmvf

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/ome/omero-web/security/advisories/GHSA-g67g-hvc3-xmvf

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/omero-figure/PYSEC-2021-379.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/omero-figure/PYSEC-2021-379.yaml

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/omero-web/PYSEC-2021-372.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/omero-web/PYSEC-2021-372.yaml

reference_url

https://www.openmicroscopy.org/security/advisories/2021-SV3

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.openmicroscopy.org/security/advisories/2021-SV3

reference_url	https://www.openmicroscopy.org/security/advisories/2021-SV3/
reference_id
reference_type
scores
url	https://www.openmicroscopy.org/security/advisories/2021-SV3/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-41132

reference_id

CVE-2021-41132

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-41132

reference_url

https://github.com/advisories/GHSA-g67g-hvc3-xmvf

reference_id

GHSA-g67g-hvc3-xmvf

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-g67g-hvc3-xmvf

fixed_packages

url	pkg:pypi/omero-web@5.11.0
purl	pkg:pypi/omero-web@5.11.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/omero-web@5.11.0

aliases CVE-2021-41132, GHSA-g67g-hvc3-xmvf, PYSEC-2021-372, PYSEC-2021-379

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-31u4-a1rs-e7gs

url VCID-7rje-5fyr-8udj

vulnerability_id VCID-7rje-5fyr-8udj

summary OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 loads various information about the current user such as their id, name and the groups they are in, and these are available on the main webclient pages. This represents an information exposure vulnerability. Some additional information being loaded is not used by the webclient and is being removed in this release. This is fixed in version 5.9.0.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-21376

reference_id

reference_type

scores

value	0.00424
scoring_system	epss
scoring_elements	0.6245
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-21376

reference_url

https://github.com/ome/omero-web

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

value	7.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/ome/omero-web

reference_url

https://github.com/ome/omero-web/blob/master/CHANGELOG.md#590-march-2021

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

value	7.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/ome/omero-web/blob/master/CHANGELOG.md#590-march-2021

reference_url

https://github.com/ome/omero-web/commit/952f8e5d28532fbb14fb665982211329d137908c

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

value	7.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/ome/omero-web/commit/952f8e5d28532fbb14fb665982211329d137908c

reference_url

https://github.com/ome/omero-web/security/advisories/GHSA-gfp2-w5jm-955q

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	7.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/ome/omero-web/security/advisories/GHSA-gfp2-w5jm-955q

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/omero-web/PYSEC-2021-31.yaml

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

value	7.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/omero-web/PYSEC-2021-31.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-21376

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

value	7.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-21376

reference_url

https://pypi.org/project/omero-web

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

value	7.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://pypi.org/project/omero-web

reference_url	https://pypi.org/project/omero-web/
reference_id
reference_type
scores
url	https://pypi.org/project/omero-web/

reference_url

https://www.openmicroscopy.org/security/advisories/2021-SV1

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

value	7.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.openmicroscopy.org/security/advisories/2021-SV1

reference_url	https://www.openmicroscopy.org/security/advisories/2021-SV1/
reference_id
reference_type
scores
url	https://www.openmicroscopy.org/security/advisories/2021-SV1/

reference_url

https://github.com/advisories/GHSA-gfp2-w5jm-955q

reference_id

GHSA-gfp2-w5jm-955q

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-gfp2-w5jm-955q

fixed_packages

url pkg:pypi/omero-web@5.9.0

purl pkg:pypi/omero-web@5.9.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-31u4-a1rs-e7gs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/omero-web@5.9.0

aliases CVE-2021-21376, GHSA-gfp2-w5jm-955q, PYSEC-2021-31

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7rje-5fyr-8udj

url VCID-zpk9-2fb7-sqfj

vulnerability_id VCID-zpk9-2fb7-sqfj

summary OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 supports redirection to a given URL after performing login or switching the group context. These URLs are not validated, allowing redirection to untrusted sites. OMERO.web 5.9.0 adds URL validation before redirecting. External URLs are not considered valid, unless specified in the omero.web.redirect_allowed_hosts setting.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-21377

reference_id

reference_type

scores

value	0.00314
scoring_system	epss
scoring_elements	0.54759
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-21377

reference_url

https://github.com/ome/omero-web

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

value	5.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ome/omero-web

reference_url

https://github.com/ome/omero-web/blob/master/CHANGELOG.md#590-march-2021

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

value	5.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ome/omero-web/blob/master/CHANGELOG.md#590-march-2021

reference_url

https://github.com/ome/omero-web/commit/952f8e5d28532fbb14fb665982211329d137908c

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

value	5.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ome/omero-web/commit/952f8e5d28532fbb14fb665982211329d137908c

reference_url

https://github.com/ome/omero-web/security/advisories/GHSA-g4rf-pc26-6hmr

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	5.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ome/omero-web/security/advisories/GHSA-g4rf-pc26-6hmr

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/omero-web/PYSEC-2021-32.yaml

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

value	5.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/omero-web/PYSEC-2021-32.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-21377

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

value	5.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-21377

reference_url

https://pypi.org/project/omero-web

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

value	5.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://pypi.org/project/omero-web

reference_url	https://pypi.org/project/omero-web/
reference_id
reference_type
scores
url	https://pypi.org/project/omero-web/

reference_url

https://www.openmicroscopy.org/security/advisories/2021-SV2

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

value	5.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.openmicroscopy.org/security/advisories/2021-SV2

reference_url	https://www.openmicroscopy.org/security/advisories/2021-SV2/
reference_id
reference_type
scores
url	https://www.openmicroscopy.org/security/advisories/2021-SV2/

reference_url

https://github.com/advisories/GHSA-g4rf-pc26-6hmr

reference_id

GHSA-g4rf-pc26-6hmr

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-g4rf-pc26-6hmr

fixed_packages

url pkg:pypi/omero-web@5.9.0

purl pkg:pypi/omero-web@5.9.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-31u4-a1rs-e7gs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/omero-web@5.9.0

aliases CVE-2021-21377, GHSA-g4rf-pc26-6hmr, PYSEC-2021-32

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zpk9-2fb7-sqfj

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/omero-web@5.7.0

Package Instance