Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/backbone@1.4.0~dfsg%2B~1.4.5-2?distro=trixie

Type deb

Namespace debian

Name backbone

Version 1.4.0~dfsg+~1.4.5-2

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 1.4.1~dfsg+~1.4.15-3

Latest_non_vulnerable_version 1.4.1~dfsg+~1.4.15-4

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-kg1r-gkxt-yfcs

vulnerability_id VCID-kg1r-gkxt-yfcs

summary Cross-Site Scripting in backbone

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-10537

reference_id

reference_type

scores

value	0.00191
scoring_system	epss
scoring_elements	0.40949
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-10537

reference_url

https://backbonejs.org/#changelog

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://backbonejs.org/#changelog

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10537
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10537

reference_url

https://github.com/jashkenas/backbone

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jashkenas/backbone

reference_url

https://github.com/jashkenas/backbone/blame/0cdc525961d3fa98e810ffae6bcc8e3838e36d93/backbone.js

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jashkenas/backbone/blame/0cdc525961d3fa98e810ffae6bcc8e3838e36d93/backbone.js

reference_url

https://github.com/jashkenas/backbone/commit/0cdc525961d3fa98e810ffae6bcc8e3838e36d93

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jashkenas/backbone/commit/0cdc525961d3fa98e810ffae6bcc8e3838e36d93

reference_url

https://github.com/jashkenas/backbone/commit/7ae0384120c2552e1c426cda7fb02fdce6ef1076

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jashkenas/backbone/commit/7ae0384120c2552e1c426cda7fb02fdce6ef1076

reference_url

https://github.com/jashkenas/backbone/compare/0.3.3...0.5.0#diff-0d56d0d310de7ff18b3cef9c2f8f75dcL1008

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jashkenas/backbone/compare/0.3.3...0.5.0#diff-0d56d0d310de7ff18b3cef9c2f8f75dcL1008

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-10537

reference_id

CVE-2016-10537

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-10537

reference_url

https://github.com/advisories/GHSA-j6p2-cx3w-6jcp

reference_id

GHSA-j6p2-cx3w-6jcp

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-j6p2-cx3w-6jcp

fixed_packages

url	pkg:deb/debian/backbone@0.5.3-1?distro=trixie
purl	pkg:deb/debian/backbone@0.5.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/backbone@0.5.3-1%3Fdistro=trixie

url	pkg:deb/debian/backbone@1.4.0~dfsg%2B~1.4.5-2?distro=trixie
purl	pkg:deb/debian/backbone@1.4.0~dfsg%2B~1.4.5-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/backbone@1.4.0~dfsg%252B~1.4.5-2%3Fdistro=trixie

url	pkg:deb/debian/backbone@1.4.1~dfsg%2B~1.4.15-3?distro=trixie
purl	pkg:deb/debian/backbone@1.4.1~dfsg%2B~1.4.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/backbone@1.4.1~dfsg%252B~1.4.15-3%3Fdistro=trixie

url	pkg:deb/debian/backbone@1.4.1~dfsg%2B~1.4.15-4?distro=trixie
purl	pkg:deb/debian/backbone@1.4.1~dfsg%2B~1.4.15-4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/backbone@1.4.1~dfsg%252B~1.4.15-4%3Fdistro=trixie

aliases CVE-2016-10537, GHSA-j6p2-cx3w-6jcp

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kg1r-gkxt-yfcs

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/backbone@1.4.0~dfsg%252B~1.4.5-2%3Fdistro=trixie

Package Instance