Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/contao/core@2.11.4
Typecomposer
Namespacecontao
Namecore
Version2.11.4
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-2tyq-my7z-u7gt
vulnerability_id VCID-2tyq-my7z-u7gt
summary Cross-site Scripting in Contao
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-10125
reference_id
reference_type
scores
0
value 0.00328
scoring_system epss
scoring_elements 0.56172
published_at 2026-06-11T12:55:00Z
1
value 0.00328
scoring_system epss
scoring_elements 0.56291
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-10125
1
reference_url https://contao.org/en/news/contao-3_5_35.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://contao.org/en/news/contao-3_5_35.html
2
reference_url https://contao.org/en/news/contao-4_4_18.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://contao.org/en/news/contao-4_4_18.html
3
reference_url https://contao.org/en/security-advisories/cross-site-scripting-in-the-system-log.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://contao.org/en/security-advisories/cross-site-scripting-in-the-system-log.html
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-10125
reference_id CVE-2018-10125
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-10125
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2018-10125.yaml
reference_id CVE-2018-10125.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2018-10125.yaml
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2018-10125.yaml
reference_id CVE-2018-10125.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2018-10125.yaml
7
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/CVE-2018-10125.yaml
reference_id CVE-2018-10125.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/CVE-2018-10125.yaml
8
reference_url https://github.com/advisories/GHSA-pj4j-287j-f742
reference_id GHSA-pj4j-287j-f742
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pj4j-287j-f742
fixed_packages
0
url pkg:composer/contao/core@3.5.35
purl pkg:composer/contao/core@3.5.35
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-n85r-h4ck-8yb4
1
vulnerability VCID-y4v8-uegv-t3fm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core@3.5.35
aliases CVE-2018-10125, GHSA-pj4j-287j-f742
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2tyq-my7z-u7gt
1
url VCID-3dd2-swwc-2kgn
vulnerability_id VCID-3dd2-swwc-2kgn
summary Contao 3.x before 3.5.32 allows XSS via the unsubscribe module in the frontend newsletter extension.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-5478
reference_id
reference_type
scores
0
value 0.00076
scoring_system epss
scoring_elements 0.23116
published_at 2026-06-12T12:55:00Z
1
value 0.00076
scoring_system epss
scoring_elements 0.2292
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-5478
1
reference_url https://contao.org/en/news/contao-3_5_32.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://contao.org/en/news/contao-3_5_32.html
2
reference_url https://github.com/contao/core
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/contao/core
3
reference_url https://github.com/contao/core/commit/3123d6527ae6c46087b0ad8061eb8651cb645b8d
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/contao/core/commit/3123d6527ae6c46087b0ad8061eb8651cb645b8d
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-5478
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-5478
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/CVE-2018-5478.yaml
reference_id CVE-2018-5478.yaml
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T18:43:11Z/
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/CVE-2018-5478.yaml
6
reference_url https://github.com/advisories/GHSA-mpg7-2rx9-h5qp
reference_id GHSA-mpg7-2rx9-h5qp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mpg7-2rx9-h5qp
7
reference_url https://security.snyk.io/vuln/SNYK-PHP-CONTAOCORE-70397
reference_id SNYK-PHP-CONTAOCORE-70397
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T18:43:11Z/
url https://security.snyk.io/vuln/SNYK-PHP-CONTAOCORE-70397
fixed_packages
0
url pkg:composer/contao/core@3.5.32
purl pkg:composer/contao/core@3.5.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2tyq-my7z-u7gt
1
vulnerability VCID-n85r-h4ck-8yb4
2
vulnerability VCID-y4v8-uegv-t3fm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core@3.5.32
aliases CVE-2018-5478, GHSA-mpg7-2rx9-h5qp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3dd2-swwc-2kgn
2
url VCID-69m2-8zku-fbet
vulnerability_id VCID-69m2-8zku-fbet
summary contao/core Insufficient input validation allows for code injection and remote execution
references
0
reference_url https://c-c-a.org/aktuelles/news/details/eine-neue-kritische-sicherheitsluecke-in-contao-entdeckt
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://c-c-a.org/aktuelles/news/details/eine-neue-kritische-sicherheitsluecke-in-contao-entdeckt
1
reference_url https://github.com/contao/core/commit/d45503568751a868193929ef349a49ae5e6686f0
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/contao/core/commit/d45503568751a868193929ef349a49ae5e6686f0
2
reference_url https://github.com/contao/core/commit/d4a14f167e0cbb2e77c7829299e5b36f55c1ebce
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/contao/core/commit/d4a14f167e0cbb2e77c7829299e5b36f55c1ebce
3
reference_url https://github.com/contao/core/issues/6855
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/contao/core/issues/6855
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/2014-04-07.yaml
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/2014-04-07.yaml
5
reference_url https://web.archive.org/web/20240214121817/https://contao.org/en/news/new-security-hole-found-in-contao
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20240214121817/https://contao.org/en/news/new-security-hole-found-in-contao
6
reference_url https://github.com/advisories/GHSA-wxxw-5gq6-j2g5
reference_id GHSA-wxxw-5gq6-j2g5
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wxxw-5gq6-j2g5
fixed_packages
0
url pkg:composer/contao/core@2.11.17
purl pkg:composer/contao/core@2.11.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2tyq-my7z-u7gt
1
vulnerability VCID-3dd2-swwc-2kgn
2
vulnerability VCID-n6hu-u6yq-tye6
3
vulnerability VCID-n85r-h4ck-8yb4
4
vulnerability VCID-w1hn-3rks-byfc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core@2.11.17
1
url pkg:composer/contao/core@3.2.9
purl pkg:composer/contao/core@3.2.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2tyq-my7z-u7gt
1
vulnerability VCID-3dd2-swwc-2kgn
2
vulnerability VCID-g68d-qdm4-uya6
3
vulnerability VCID-n6hu-u6yq-tye6
4
vulnerability VCID-n85r-h4ck-8yb4
5
vulnerability VCID-y4v8-uegv-t3fm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core@3.2.9
aliases GHSA-wxxw-5gq6-j2g5
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-69m2-8zku-fbet
3
url VCID-85s5-54sm-fyfk
vulnerability_id VCID-85s5-54sm-fyfk
summary 
Improper Input Validation
Insufficient input validation allows for code injection and remote execution.
references
0
reference_url https://contao.org/en/news/new-security-hole-found-in-contao.html
reference_id
reference_type
scores
url https://contao.org/en/news/new-security-hole-found-in-contao.html
fixed_packages
0
url pkg:composer/contao/core@2.11.17
purl pkg:composer/contao/core@2.11.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2tyq-my7z-u7gt
1
vulnerability VCID-3dd2-swwc-2kgn
2
vulnerability VCID-n6hu-u6yq-tye6
3
vulnerability VCID-n85r-h4ck-8yb4
4
vulnerability VCID-w1hn-3rks-byfc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core@2.11.17
1
url pkg:composer/contao/core@3.2.9
purl pkg:composer/contao/core@3.2.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2tyq-my7z-u7gt
1
vulnerability VCID-3dd2-swwc-2kgn
2
vulnerability VCID-g68d-qdm4-uya6
3
vulnerability VCID-n6hu-u6yq-tye6
4
vulnerability VCID-n85r-h4ck-8yb4
5
vulnerability VCID-y4v8-uegv-t3fm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core@3.2.9
2
url pkg:composer/contao/core@3.2.11
purl pkg:composer/contao/core@3.2.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2tyq-my7z-u7gt
1
vulnerability VCID-3dd2-swwc-2kgn
2
vulnerability VCID-g68d-qdm4-uya6
3
vulnerability VCID-n6hu-u6yq-tye6
4
vulnerability VCID-n85r-h4ck-8yb4
5
vulnerability VCID-y4v8-uegv-t3fm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core@3.2.11
aliases GMS-2014-36
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-85s5-54sm-fyfk
4
url VCID-8b51-hqnr-ayh1
vulnerability_id VCID-8b51-hqnr-ayh1
summary contao/core PHP object injection vulnerability allows for arbitrary code execution
references
0
reference_url https://contao.org/en/news/major-security-hole-found-in-contao.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://contao.org/en/news/major-security-hole-found-in-contao.html
1
reference_url https://github.com/contao/core/commit/d67c46c1f1283134e3050244cfdda0ef26fa5cd4
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/contao/core/commit/d67c46c1f1283134e3050244cfdda0ef26fa5cd4
2
reference_url https://github.com/contao/core/commit/f939b5be8a0048ef779def3289e2072febef1b37
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/contao/core/commit/f939b5be8a0048ef779def3289e2072febef1b37
3
reference_url https://github.com/contao/core/issues/6695
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/contao/core/issues/6695
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/2014-02-13.yaml
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/2014-02-13.yaml
5
reference_url https://github.com/advisories/GHSA-wq43-8r5p-w3mc
reference_id GHSA-wq43-8r5p-w3mc
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wq43-8r5p-w3mc
fixed_packages
0
url pkg:composer/contao/core@2.11.14
purl pkg:composer/contao/core@2.11.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2tyq-my7z-u7gt
1
vulnerability VCID-3dd2-swwc-2kgn
2
vulnerability VCID-69m2-8zku-fbet
3
vulnerability VCID-85s5-54sm-fyfk
4
vulnerability VCID-n6hu-u6yq-tye6
5
vulnerability VCID-n85r-h4ck-8yb4
6
vulnerability VCID-u83s-5ng6-4uab
7
vulnerability VCID-w1hn-3rks-byfc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core@2.11.14
1
url pkg:composer/contao/core@3.2.5
purl pkg:composer/contao/core@3.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2tyq-my7z-u7gt
1
vulnerability VCID-3dd2-swwc-2kgn
2
vulnerability VCID-69m2-8zku-fbet
3
vulnerability VCID-85s5-54sm-fyfk
4
vulnerability VCID-g68d-qdm4-uya6
5
vulnerability VCID-n6hu-u6yq-tye6
6
vulnerability VCID-n85r-h4ck-8yb4
7
vulnerability VCID-u83s-5ng6-4uab
8
vulnerability VCID-y4v8-uegv-t3fm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core@3.2.5
aliases GHSA-wq43-8r5p-w3mc
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8b51-hqnr-ayh1
5
url VCID-n6hu-u6yq-tye6
vulnerability_id VCID-n6hu-u6yq-tye6
summary Contao Core directory traversal vulnerability
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-10993
reference_id
reference_type
scores
0
value 0.00825
scoring_system epss
scoring_elements 0.74909
published_at 2026-06-11T12:55:00Z
1
value 0.00825
scoring_system epss
scoring_elements 0.7498
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-10993
1
reference_url https://contao.org/en/news/contao-3_5_28.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://contao.org/en/news/contao-3_5_28.html
2
reference_url https://contao.org/en/news/contao-4_4_1.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://contao.org/en/news/contao-4_4_1.html
3
reference_url https://github.com/contao/core-bundle/commit/2a85914f4ba858780ffbac38a468acb7028772c7
reference_id
reference_type
scores
url https://github.com/contao/core-bundle/commit/2a85914f4ba858780ffbac38a468acb7028772c7
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-10993
reference_id CVE-2017-10993
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-10993
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2017-10993.yaml
reference_id CVE-2017-10993.YAML
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2017-10993.yaml
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2017-10993.yaml
reference_id CVE-2017-10993.YAML
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2017-10993.yaml
7
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/CVE-2017-10993.yaml
reference_id CVE-2017-10993.YAML
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/CVE-2017-10993.yaml
8
reference_url https://github.com/advisories/GHSA-x5g4-crxq-qxjx
reference_id GHSA-x5g4-crxq-qxjx
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x5g4-crxq-qxjx
fixed_packages
0
url pkg:composer/contao/core@3.5.28
purl pkg:composer/contao/core@3.5.28
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2tyq-my7z-u7gt
1
vulnerability VCID-3dd2-swwc-2kgn
2
vulnerability VCID-n85r-h4ck-8yb4
3
vulnerability VCID-y4v8-uegv-t3fm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core@3.5.28
aliases CVE-2017-10993, GHSA-x5g4-crxq-qxjx
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n6hu-u6yq-tye6
6
url VCID-n85r-h4ck-8yb4
vulnerability_id VCID-n85r-h4ck-8yb4
summary
references
0
reference_url http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16558
reference_id
reference_type
scores
url http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16558
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-16558
reference_id
reference_type
scores
0
value 0.00288
scoring_system epss
scoring_elements 0.52587
published_at 2026-06-11T12:55:00Z
1
value 0.00288
scoring_system epss
scoring_elements 0.52715
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-16558
2
reference_url https://contao.org/de/changelog/versions/4.4.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://contao.org/de/changelog/versions/4.4.html
3
reference_url https://contao.org/en/news/contao-4_4_8.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://contao.org/en/news/contao-4_4_8.html
4
reference_url https://github.com/contao/contao/blob/4.4.57/CHANGELOG.md#448-2017-11-15
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao/blob/4.4.57/CHANGELOG.md#448-2017-11-15
5
reference_url https://github.com/contao/contao/commit/501cb3cd34d61089b94e7ed78da53977bc71fc3e
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao/commit/501cb3cd34d61089b94e7ed78da53977bc71fc3e
6
reference_url https://github.com/contao/contao/commit/6b4a2711edf166c85cfd7a53fed6aea56d4f0544
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao/commit/6b4a2711edf166c85cfd7a53fed6aea56d4f0544
7
reference_url https://github.com/contao/core-bundle/commit/92598f97b513e0b831dbfd68d471c44c79c425a4
reference_id
reference_type
scores
url https://github.com/contao/core-bundle/commit/92598f97b513e0b831dbfd68d471c44c79c425a4
8
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2017-16558.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2017-16558.yaml
9
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2017-16558.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2017-16558.yaml
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/listing-bundle/CVE-2017-16558.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/listing-bundle/CVE-2017-16558.yaml
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-16558
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-16558
fixed_packages
aliases CVE-2017-16558, GHSA-w38g-hj45-mjjp
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n85r-h4ck-8yb4
7
url VCID-u83s-5ng6-4uab
vulnerability_id VCID-u83s-5ng6-4uab
summary 
Code Injection
PHP object injection vulnerability allows for arbitrary code execution.
references
0
reference_url https://contao.org/en/news/major-security-hole-found-in-contao.html
reference_id
reference_type
scores
url https://contao.org/en/news/major-security-hole-found-in-contao.html
fixed_packages
0
url pkg:composer/contao/core@2.11.16
purl pkg:composer/contao/core@2.11.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2tyq-my7z-u7gt
1
vulnerability VCID-3dd2-swwc-2kgn
2
vulnerability VCID-69m2-8zku-fbet
3
vulnerability VCID-85s5-54sm-fyfk
4
vulnerability VCID-n6hu-u6yq-tye6
5
vulnerability VCID-n85r-h4ck-8yb4
6
vulnerability VCID-w1hn-3rks-byfc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core@2.11.16
1
url pkg:composer/contao/core@3.2.7
purl pkg:composer/contao/core@3.2.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2tyq-my7z-u7gt
1
vulnerability VCID-3dd2-swwc-2kgn
2
vulnerability VCID-69m2-8zku-fbet
3
vulnerability VCID-85s5-54sm-fyfk
4
vulnerability VCID-g68d-qdm4-uya6
5
vulnerability VCID-n6hu-u6yq-tye6
6
vulnerability VCID-n85r-h4ck-8yb4
7
vulnerability VCID-y4v8-uegv-t3fm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core@3.2.7
aliases GMS-2014-35
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u83s-5ng6-4uab
8
url VCID-w1hn-3rks-byfc
vulnerability_id VCID-w1hn-3rks-byfc
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-0269
reference_id
reference_type
scores
0
value 0.0046
scoring_system epss
scoring_elements 0.6457
published_at 2026-06-11T12:55:00Z
1
value 0.0046
scoring_system epss
scoring_elements 0.64673
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-0269
1
reference_url https://contao.org/en/news/contao-3_2_19.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://contao.org/en/news/contao-3_2_19.html
2
reference_url https://contao.org/en/news/contao-3_4_4.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://contao.org/en/news/contao-3_4_4.html
3
reference_url https://contao.org/en/news/directory-traversal-vulnerability-cve-2015-0269.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://contao.org/en/news/directory-traversal-vulnerability-cve-2015-0269.html
4
reference_url https://github.com/contao/core
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/contao/core
5
reference_url https://github.com/contao/core/commit/0229e839b4849e402256b972eb62f89f2c29674d
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/contao/core/commit/0229e839b4849e402256b972eb62f89f2c29674d
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/CVE-2015-0269.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/CVE-2015-0269.yaml
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-0269
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-0269
fixed_packages
0
url pkg:composer/contao/core@3.0.0
purl pkg:composer/contao/core@3.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2tyq-my7z-u7gt
1
vulnerability VCID-3dd2-swwc-2kgn
2
vulnerability VCID-69m2-8zku-fbet
3
vulnerability VCID-85s5-54sm-fyfk
4
vulnerability VCID-8b51-hqnr-ayh1
5
vulnerability VCID-g68d-qdm4-uya6
6
vulnerability VCID-n6hu-u6yq-tye6
7
vulnerability VCID-n85r-h4ck-8yb4
8
vulnerability VCID-u83s-5ng6-4uab
9
vulnerability VCID-y4v8-uegv-t3fm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core@3.0.0
1
url pkg:composer/contao/core@3.2.19
purl pkg:composer/contao/core@3.2.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2tyq-my7z-u7gt
1
vulnerability VCID-3dd2-swwc-2kgn
2
vulnerability VCID-g68d-qdm4-uya6
3
vulnerability VCID-n6hu-u6yq-tye6
4
vulnerability VCID-n85r-h4ck-8yb4
5
vulnerability VCID-y4v8-uegv-t3fm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core@3.2.19
2
url pkg:composer/contao/core@3.4.4
purl pkg:composer/contao/core@3.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2tyq-my7z-u7gt
1
vulnerability VCID-3dd2-swwc-2kgn
2
vulnerability VCID-g68d-qdm4-uya6
3
vulnerability VCID-n6hu-u6yq-tye6
4
vulnerability VCID-n85r-h4ck-8yb4
5
vulnerability VCID-y4v8-uegv-t3fm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core@3.4.4
aliases CVE-2015-0269, GHSA-4r6g-xhx7-fm36
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w1hn-3rks-byfc
Fixing_vulnerabilities
0
url VCID-znsr-tvpa-pqa3
vulnerability_id VCID-znsr-tvpa-pqa3
summary Contao core SQL Injection Vulnerability
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-4383
reference_id
reference_type
scores
0
value 0.00244
scoring_system epss
scoring_elements 0.48113
published_at 2026-06-12T12:55:00Z
1
value 0.00244
scoring_system epss
scoring_elements 0.47975
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-4383
1
reference_url https://github.com/contao/core
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/contao/core
2
reference_url https://github.com/contao/core/commit/2bf4fc380e19895127cbeaba62bff951a3b8e5cb
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/contao/core/commit/2bf4fc380e19895127cbeaba62bff951a3b8e5cb
3
reference_url https://github.com/contao/core/issues/4427
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/contao/core/issues/4427
4
reference_url http://www.openwall.com/lists/oss-security/2012/08/31/14
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2012/08/31/14
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-4383
reference_id CVE-2012-4383
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-4383
6
reference_url https://github.com/advisories/GHSA-9jq2-jvwc-p52f
reference_id GHSA-9jq2-jvwc-p52f
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9jq2-jvwc-p52f
fixed_packages
0
url pkg:composer/contao/core@2.11.4
purl pkg:composer/contao/core@2.11.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2tyq-my7z-u7gt
1
vulnerability VCID-3dd2-swwc-2kgn
2
vulnerability VCID-69m2-8zku-fbet
3
vulnerability VCID-85s5-54sm-fyfk
4
vulnerability VCID-8b51-hqnr-ayh1
5
vulnerability VCID-n6hu-u6yq-tye6
6
vulnerability VCID-n85r-h4ck-8yb4
7
vulnerability VCID-u83s-5ng6-4uab
8
vulnerability VCID-w1hn-3rks-byfc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core@2.11.4
aliases CVE-2012-4383, GHSA-9jq2-jvwc-p52f
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-znsr-tvpa-pqa3
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/contao/core@2.11.4