Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/silverstripe/cms@3.7.2
Typecomposer
Namespacesilverstripe
Namecms
Version3.7.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.11.3
Latest_non_vulnerable_version4.11.3
Affected_by_vulnerabilities
0
url VCID-2s8q-qgpm-cqh7
vulnerability_id VCID-2s8q-qgpm-cqh7
summary 
Unrestricted Upload of File with Dangerous Type
Silverstripe CMS can be susceptible to script execution from malicious upload contents under allowed file extensions (for example HTML code in a TXT file). When these files are stored as protected or draft files, the MIME detection can cause browsers to execute the file contents.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-9309
reference_id
reference_type
scores
0
value 0.00727
scoring_system epss
scoring_elements 0.73027
published_at 2026-06-05T12:55:00Z
1
value 0.00727
scoring_system epss
scoring_elements 0.7299
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-9309
1
reference_url https://github.com/silverstripe/silverstripe-cms
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-cms
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-9309
reference_id CVE-2020-9309
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-9309
3
reference_url https://www.silverstripe.org/download/security-releases/CVE-2020-9309
reference_id CVE-2020-9309
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2020-9309
4
reference_url https://github.com/advisories/GHSA-h77w-655f-6j3m
reference_id GHSA-h77w-655f-6j3m
reference_type
scores
url https://github.com/advisories/GHSA-h77w-655f-6j3m
fixed_packages
0
url pkg:composer/silverstripe/cms@4.5.1
purl pkg:composer/silverstripe/cms@4.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-uy47-3s8a-hbdn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/cms@4.5.1
aliases CVE-2020-9309, GHSA-h77w-655f-6j3m
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2s8q-qgpm-cqh7
1
url VCID-umhc-fdfh-1fdx
vulnerability_id VCID-umhc-fdfh-1fdx
summary 
Cross-site Scripting
In SilverStripe, malicious users with a valid Silverstripe CMS login (usually CMS access) can craft profile information which can lead to XSS for other users through specially crafted login form URLs.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-9311
reference_id
reference_type
scores
0
value 0.00343
scoring_system epss
scoring_elements 0.57206
published_at 2026-06-05T12:55:00Z
1
value 0.00343
scoring_system epss
scoring_elements 0.57155
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-9311
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-9311.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-9311.yaml
2
reference_url https://github.com/silverstripe/silverstripe-cms
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-cms
3
reference_url https://www.silverstripe.org/download/security-releases/cve-2020-9311
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2020-9311
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-9311
reference_id CVE-2020-9311
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-9311
5
reference_url https://www.silverstripe.org/download/security-releases/CVE-2020-9311
reference_id CVE-2020-9311
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2020-9311
6
reference_url https://github.com/advisories/GHSA-2pw2-qpcp-m47x
reference_id GHSA-2pw2-qpcp-m47x
reference_type
scores
url https://github.com/advisories/GHSA-2pw2-qpcp-m47x
fixed_packages
0
url pkg:composer/silverstripe/cms@4.5.1
purl pkg:composer/silverstripe/cms@4.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-uy47-3s8a-hbdn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/cms@4.5.1
aliases CVE-2020-9311, GHSA-2pw2-qpcp-m47x
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-umhc-fdfh-1fdx
2
url VCID-ytbc-8mhd-b3fc
vulnerability_id VCID-ytbc-8mhd-b3fc
summary 
Information Exposure
In SilverStripe, a specific URL path configured by default through the silverstripe/framework module can be used to disclose the fact that a domain is hosting a Silverstripe application. There is no disclosure of the specific version. The functionality on this URL path is limited to execution in a CLI context, and is not known to present a vulnerability through web-based access. As a side effect, this preconfigured path also blocks the creation of other resources on this path (e.g. a page).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-6164
reference_id
reference_type
scores
0
value 0.00703
scoring_system epss
scoring_elements 0.72448
published_at 2026-06-04T12:55:00Z
1
value 0.00703
scoring_system epss
scoring_elements 0.7249
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-6164
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-6164.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-6164.yaml
2
reference_url https://github.com/silverstripe/silverstripe-cms
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-cms
3
reference_url https://github.com/silverstripe/silverstripe-framework/commit/91d30db88f68b9b87980ef9a59e208a81980b72c
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/91d30db88f68b9b87980ef9a59e208a81980b72c
4
reference_url https://github.com/silverstripe/silverstripe-framework/commit/cce2b1630937895aa28c2914837651e7cd56d74b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/cce2b1630937895aa28c2914837651e7cd56d74b
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-6164
reference_id CVE-2020-6164
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-6164
6
reference_url https://www.silverstripe.org/download/security-releases/CVE-2020-6164
reference_id CVE-2020-6164
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2020-6164
7
reference_url https://github.com/advisories/GHSA-gm5x-hpmw-xpxg
reference_id GHSA-gm5x-hpmw-xpxg
reference_type
scores
url https://github.com/advisories/GHSA-gm5x-hpmw-xpxg
fixed_packages
0
url pkg:composer/silverstripe/cms@4.5.1
purl pkg:composer/silverstripe/cms@4.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-uy47-3s8a-hbdn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/cms@4.5.1
aliases CVE-2020-6164, GHSA-gm5x-hpmw-xpxg
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ytbc-8mhd-b3fc
3
url VCID-z94y-nz4f-y7er
vulnerability_id VCID-z94y-nz4f-y7er
summary 
Improper Privilege Management
In SilverStripe, a missing warning about leaving `install.php` in a public webroot can lead to unauthenticated admin access.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12204
reference_id
reference_type
scores
0
value 0.00832
scoring_system epss
scoring_elements 0.74941
published_at 2026-06-04T12:55:00Z
1
value 0.00832
scoring_system epss
scoring_elements 0.74969
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12204
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://forum.silverstripe.org/c/releases
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12204.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12204.yaml
3
reference_url https://packagist.org/packages/silverstripe/cms
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://packagist.org/packages/silverstripe/cms
4
reference_url https://packagist.org/packages/silverstripe/framework
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://packagist.org/packages/silverstripe/framework
5
reference_url https://www.silverstripe.org/download/security-releases
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases
6
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
7
reference_url https://www.silverstripe.org/download/security-releases/cve-2019-12204
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2019-12204
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12204
reference_id CVE-2019-12204
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12204
9
reference_url https://www.silverstripe.org/download/security-releases/cve-2019-12204/
reference_id CVE-2019-12204
reference_type
scores
url https://www.silverstripe.org/download/security-releases/cve-2019-12204/
10
reference_url https://www.silverstripe.org/download/security-releases/CVE-2019-12204
reference_id CVE-2019-12204
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2019-12204
11
reference_url https://github.com/advisories/GHSA-cg8j-8w52-735v
reference_id GHSA-cg8j-8w52-735v
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cg8j-8w52-735v
fixed_packages
0
url pkg:composer/silverstripe/cms@4.3.6
purl pkg:composer/silverstripe/cms@4.3.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/cms@4.3.6
1
url pkg:composer/silverstripe/cms@4.4.0-rc1
purl pkg:composer/silverstripe/cms@4.4.0-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s8q-qgpm-cqh7
1
vulnerability VCID-umhc-fdfh-1fdx
2
vulnerability VCID-uy47-3s8a-hbdn
3
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/cms@4.4.0-rc1
2
url pkg:composer/silverstripe/cms@4.4.4
purl pkg:composer/silverstripe/cms@4.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s8q-qgpm-cqh7
1
vulnerability VCID-umhc-fdfh-1fdx
2
vulnerability VCID-uy47-3s8a-hbdn
3
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/cms@4.4.4
aliases CVE-2019-12204, GHSA-cg8j-8w52-735v
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z94y-nz4f-y7er
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/cms@3.7.2