Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/omero-web@5.9.0
Typepypi
Namespace
Nameomero-web
Version5.9.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.29.3
Latest_non_vulnerable_version5.29.3
Affected_by_vulnerabilities
0
url VCID-31u4-a1rs-e7gs
vulnerability_id VCID-31u4-a1rs-e7gs
summary OMERO.web provides a web based client and plugin infrastructure. In versions prior to 5.11.0, a variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of ``jQuery.html()``, there are a whole host of cross-site scripting possibilities with specially crafted input to a variety of fields. This issue is patched in version 5.11.0. There are no known workarounds aside from upgrading.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-41132
reference_id
reference_type
scores
0
value 0.00558
scoring_system epss
scoring_elements 0.68514
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-41132
1
reference_url https://github.com/ome/omero-web
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/ome/omero-web
2
reference_url https://github.com/ome/omero-web/commit/0168067accde5e635341b3c714b1d53ae92ba424
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/ome/omero-web/commit/0168067accde5e635341b3c714b1d53ae92ba424
3
reference_url https://github.com/ome/omero-web/security/advisories/GHSA-g67g-hvc3-xmvf
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/ome/omero-web/security/advisories/GHSA-g67g-hvc3-xmvf
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/omero-figure/PYSEC-2021-379.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/omero-figure/PYSEC-2021-379.yaml
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/omero-web/PYSEC-2021-372.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/omero-web/PYSEC-2021-372.yaml
6
reference_url https://www.openmicroscopy.org/security/advisories/2021-SV3
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.openmicroscopy.org/security/advisories/2021-SV3
7
reference_url https://www.openmicroscopy.org/security/advisories/2021-SV3/
reference_id
reference_type
scores
url https://www.openmicroscopy.org/security/advisories/2021-SV3/
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41132
reference_id CVE-2021-41132
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-41132
9
reference_url https://github.com/advisories/GHSA-g67g-hvc3-xmvf
reference_id GHSA-g67g-hvc3-xmvf
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g67g-hvc3-xmvf
fixed_packages
0
url pkg:pypi/omero-web@5.11.0
purl pkg:pypi/omero-web@5.11.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9au9-67c5-p7c6
1
vulnerability VCID-skae-vc4n-5qem
2
vulnerability VCID-wtbe-17ty-jke2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/omero-web@5.11.0
aliases CVE-2021-41132, GHSA-g67g-hvc3-xmvf, PYSEC-2021-372, PYSEC-2021-379
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-31u4-a1rs-e7gs
1
url VCID-9au9-67c5-p7c6
vulnerability_id VCID-9au9-67c5-p7c6
summary 
OMERO.web uses jquery-form library, which may be vulnerable to XSS attack
OMERO.web uses the jquery-form library throughout to handle form submission and response processing. Due to some unpatched potential vulnerabilities in jquery-form, OMERO.web 5.29.2 and earlier may be susceptible to XSS attacks.
references
0
reference_url https://github.com/jquery-form/form/issues/604
reference_id
reference_type
scores
0
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/jquery-form/form/issues/604
1
reference_url https://github.com/ome/omero-web
reference_id
reference_type
scores
0
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/ome/omero-web
2
reference_url https://github.com/ome/omero-web/commit/a3eadf722cfada2b844b97abe65baf5856e77c4f
reference_id
reference_type
scores
0
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/ome/omero-web/commit/a3eadf722cfada2b844b97abe65baf5856e77c4f
3
reference_url https://github.com/advisories/GHSA-j4gv-6x9v-v23g
reference_id GHSA-j4gv-6x9v-v23g
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j4gv-6x9v-v23g
4
reference_url https://github.com/ome/omero-web/security/advisories/GHSA-j4gv-6x9v-v23g
reference_id GHSA-j4gv-6x9v-v23g
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/ome/omero-web/security/advisories/GHSA-j4gv-6x9v-v23g
fixed_packages
0
url pkg:pypi/omero-web@5.29.3
purl pkg:pypi/omero-web@5.29.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/omero-web@5.29.3
aliases GHSA-j4gv-6x9v-v23g
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9au9-67c5-p7c6
2
url VCID-skae-vc4n-5qem
vulnerability_id VCID-skae-vc4n-5qem
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-54791
reference_id
reference_type
scores
0
value 0.00085
scoring_system epss
scoring_elements 0.24626
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-54791
1
reference_url https://github.com/ome/omero-web
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ome/omero-web
2
reference_url https://github.com/ome/omero-web/commit/8aa2789e8f759c73f1517abe9a0abd44e86644ad
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-13T14:25:17Z/
url https://github.com/ome/omero-web/commit/8aa2789e8f759c73f1517abe9a0abd44e86644ad
3
reference_url https://github.com/ome/omero-web/security/advisories/GHSA-gpmg-4x4g-mr5r
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-13T14:25:17Z/
url https://github.com/ome/omero-web/security/advisories/GHSA-gpmg-4x4g-mr5r
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-54791
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-54791
5
reference_url https://github.com/advisories/GHSA-gpmg-4x4g-mr5r
reference_id GHSA-gpmg-4x4g-mr5r
reference_type
scores
url https://github.com/advisories/GHSA-gpmg-4x4g-mr5r
fixed_packages
0
url pkg:pypi/omero-web@5.29.2
purl pkg:pypi/omero-web@5.29.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9au9-67c5-p7c6
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/omero-web@5.29.2
aliases CVE-2025-54791, GHSA-gpmg-4x4g-mr5r
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-skae-vc4n-5qem
3
url VCID-wtbe-17ty-jke2
vulnerability_id VCID-wtbe-17ty-jke2
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-35180
reference_id
reference_type
scores
0
value 0.00422
scoring_system epss
scoring_elements 0.62352
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-35180
1
reference_url https://github.com/ome/omero-web
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ome/omero-web
2
reference_url https://github.com/ome/omero-web/commit/d41207cbb82afc56ea79e84db532608aa24ab4aa
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-21T15:13:29Z/
url https://github.com/ome/omero-web/commit/d41207cbb82afc56ea79e84db532608aa24ab4aa
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-35180
reference_id CVE-2024-35180
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-35180
4
reference_url https://github.com/advisories/GHSA-vr85-5pwx-c6gq
reference_id GHSA-vr85-5pwx-c6gq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vr85-5pwx-c6gq
5
reference_url https://github.com/ome/omero-web/security/advisories/GHSA-vr85-5pwx-c6gq
reference_id GHSA-vr85-5pwx-c6gq
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-21T15:13:29Z/
url https://github.com/ome/omero-web/security/advisories/GHSA-vr85-5pwx-c6gq
fixed_packages
0
url pkg:pypi/omero-web@5.26.0
purl pkg:pypi/omero-web@5.26.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9au9-67c5-p7c6
1
vulnerability VCID-skae-vc4n-5qem
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/omero-web@5.26.0
aliases CVE-2024-35180, GHSA-vr85-5pwx-c6gq
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wtbe-17ty-jke2
Fixing_vulnerabilities
0
url VCID-7rje-5fyr-8udj
vulnerability_id VCID-7rje-5fyr-8udj
summary OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 loads various information about the current user such as their id, name and the groups they are in, and these are available on the main webclient pages. This represents an information exposure vulnerability. Some additional information being loaded is not used by the webclient and is being removed in this release. This is fixed in version 5.9.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21376
reference_id
reference_type
scores
0
value 0.00424
scoring_system epss
scoring_elements 0.6245
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21376
1
reference_url https://github.com/ome/omero-web
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value 7.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ome/omero-web
2
reference_url https://github.com/ome/omero-web/blob/master/CHANGELOG.md#590-march-2021
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value 7.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ome/omero-web/blob/master/CHANGELOG.md#590-march-2021
3
reference_url https://github.com/ome/omero-web/commit/952f8e5d28532fbb14fb665982211329d137908c
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value 7.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ome/omero-web/commit/952f8e5d28532fbb14fb665982211329d137908c
4
reference_url https://github.com/ome/omero-web/security/advisories/GHSA-gfp2-w5jm-955q
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 7.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ome/omero-web/security/advisories/GHSA-gfp2-w5jm-955q
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/omero-web/PYSEC-2021-31.yaml
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value 7.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/omero-web/PYSEC-2021-31.yaml
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21376
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value 7.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21376
7
reference_url https://pypi.org/project/omero-web
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value 7.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pypi.org/project/omero-web
8
reference_url https://pypi.org/project/omero-web/
reference_id
reference_type
scores
url https://pypi.org/project/omero-web/
9
reference_url https://www.openmicroscopy.org/security/advisories/2021-SV1
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value 7.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.openmicroscopy.org/security/advisories/2021-SV1
10
reference_url https://www.openmicroscopy.org/security/advisories/2021-SV1/
reference_id
reference_type
scores
url https://www.openmicroscopy.org/security/advisories/2021-SV1/
11
reference_url https://github.com/advisories/GHSA-gfp2-w5jm-955q
reference_id GHSA-gfp2-w5jm-955q
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gfp2-w5jm-955q
fixed_packages
0
url pkg:pypi/omero-web@5.9.0
purl pkg:pypi/omero-web@5.9.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-31u4-a1rs-e7gs
1
vulnerability VCID-9au9-67c5-p7c6
2
vulnerability VCID-skae-vc4n-5qem
3
vulnerability VCID-wtbe-17ty-jke2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/omero-web@5.9.0
aliases CVE-2021-21376, GHSA-gfp2-w5jm-955q, PYSEC-2021-31
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7rje-5fyr-8udj
1
url VCID-zpk9-2fb7-sqfj
vulnerability_id VCID-zpk9-2fb7-sqfj
summary OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 supports redirection to a given URL after performing login or switching the group context. These URLs are not validated, allowing redirection to untrusted sites. OMERO.web 5.9.0 adds URL validation before redirecting. External URLs are not considered valid, unless specified in the omero.web.redirect_allowed_hosts setting.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21377
reference_id
reference_type
scores
0
value 0.00314
scoring_system epss
scoring_elements 0.54759
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21377
1
reference_url https://github.com/ome/omero-web
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ome/omero-web
2
reference_url https://github.com/ome/omero-web/blob/master/CHANGELOG.md#590-march-2021
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ome/omero-web/blob/master/CHANGELOG.md#590-march-2021
3
reference_url https://github.com/ome/omero-web/commit/952f8e5d28532fbb14fb665982211329d137908c
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ome/omero-web/commit/952f8e5d28532fbb14fb665982211329d137908c
4
reference_url https://github.com/ome/omero-web/security/advisories/GHSA-g4rf-pc26-6hmr
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ome/omero-web/security/advisories/GHSA-g4rf-pc26-6hmr
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/omero-web/PYSEC-2021-32.yaml
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/omero-web/PYSEC-2021-32.yaml
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21377
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21377
7
reference_url https://pypi.org/project/omero-web
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://pypi.org/project/omero-web
8
reference_url https://pypi.org/project/omero-web/
reference_id
reference_type
scores
url https://pypi.org/project/omero-web/
9
reference_url https://www.openmicroscopy.org/security/advisories/2021-SV2
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.openmicroscopy.org/security/advisories/2021-SV2
10
reference_url https://www.openmicroscopy.org/security/advisories/2021-SV2/
reference_id
reference_type
scores
url https://www.openmicroscopy.org/security/advisories/2021-SV2/
11
reference_url https://github.com/advisories/GHSA-g4rf-pc26-6hmr
reference_id GHSA-g4rf-pc26-6hmr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g4rf-pc26-6hmr
fixed_packages
0
url pkg:pypi/omero-web@5.9.0
purl pkg:pypi/omero-web@5.9.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-31u4-a1rs-e7gs
1
vulnerability VCID-9au9-67c5-p7c6
2
vulnerability VCID-skae-vc4n-5qem
3
vulnerability VCID-wtbe-17ty-jke2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/omero-web@5.9.0
aliases CVE-2021-21377, GHSA-g4rf-pc26-6hmr, PYSEC-2021-32
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zpk9-2fb7-sqfj
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/omero-web@5.9.0