Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/apache-dolphinscheduler@0.1.0

Type pypi

Namespace

Name apache-dolphinscheduler

Version 0.1.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 3.0.2

Latest_non_vulnerable_version 3.0.2

Affected_by_vulnerabilities

url VCID-9nf3-ytdq-hfcu

vulnerability_id VCID-9nf3-ytdq-hfcu

summary Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-45875

reference_id

reference_type

scores

value	0.02223
scoring_system	epss
scoring_elements	0.84816
published_at	2026-06-04T12:55:00Z

value	0.02223
scoring_system	epss
scoring_elements	0.84844
published_at	2026-06-06T12:55:00Z

value	0.02223
scoring_system	epss
scoring_elements	0.8484
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-45875

reference_url

https://github.com/apache/dolphinscheduler

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/dolphinscheduler

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/apache-dolphinscheduler/PYSEC-2023-4.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/apache-dolphinscheduler/PYSEC-2023-4.yaml

reference_url

https://lists.apache.org/thread/r0wqzkjsoq17j6ww381kmpx3jjp9hb6r

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-03T15:20:27Z/

url

https://lists.apache.org/thread/r0wqzkjsoq17j6ww381kmpx3jjp9hb6r

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-45875

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-45875

reference_url

http://www.openwall.com/lists/oss-security/2023/11/22/2

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-03T15:20:27Z/

url

http://www.openwall.com/lists/oss-security/2023/11/22/2

reference_url

https://github.com/advisories/GHSA-3xh5-8hvq-rc8x

reference_id

GHSA-3xh5-8hvq-rc8x

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-3xh5-8hvq-rc8x

fixed_packages

url	pkg:pypi/apache-dolphinscheduler@3.0.2
purl	pkg:pypi/apache-dolphinscheduler@3.0.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/apache-dolphinscheduler@3.0.2

aliases CVE-2022-45875, GHSA-3xh5-8hvq-rc8x, PYSEC-2023-4

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9nf3-ytdq-hfcu

url VCID-yc2s-jxa6-8ua9

vulnerability_id VCID-yc2s-jxa6-8ua9

summary Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-25598

reference_id

reference_type

scores

value	0.01127
scoring_system	epss
scoring_elements	0.78636
published_at	2026-06-04T12:55:00Z

value	0.01127
scoring_system	epss
scoring_elements	0.78671
published_at	2026-06-06T12:55:00Z

value	0.01127
scoring_system	epss
scoring_elements	0.78663
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-25598

reference_url

https://github.com/advisories/GHSA-qg5x-66hp-cw5p

reference_id

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qg5x-66hp-cw5p

reference_url

https://github.com/apache/dolphinscheduler

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/dolphinscheduler

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/apache-dolphinscheduler/PYSEC-2022-176.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/apache-dolphinscheduler/PYSEC-2022-176.yaml

reference_url

https://lists.apache.org/thread/hwnw7xr969sg5nv84wz75nfr2c76fl93

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread/hwnw7xr969sg5nv84wz75nfr2c76fl93

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-25598

reference_id

CVE-2022-25598

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-25598

fixed_packages

url pkg:pypi/apache-dolphinscheduler@2.0.5

purl pkg:pypi/apache-dolphinscheduler@2.0.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9nf3-ytdq-hfcu

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-dolphinscheduler@2.0.5

aliases CVE-2022-25598, GHSA-qg5x-66hp-cw5p, PYSEC-2022-176

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yc2s-jxa6-8ua9

Fixing_vulnerabilities

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-dolphinscheduler@0.1.0

Package Instance