Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/arches@6.1.2

Type pypi

Namespace

Name arches

Version 6.1.2

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 6.2.1

Latest_non_vulnerable_version 7.2.0

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-6tkn-j1xj-13a6

vulnerability_id VCID-6tkn-j1xj-13a6

summary Arches is a web platform for creating, managing, & visualizing geospatial data. Versions prior to 6.1.2, 6.2.1, and 7.1.2 are vulnerable to SQL Injection. With a carefully crafted web request, it's possible to execute certain unwanted sql statements against the database. This issue is fixed in version 7.12, 6.2.1, and 6.1.2. Users are recommended to upgrade as soon as possible. There are no workarounds.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-41892

reference_id

reference_type

scores

value	0.00134
scoring_system	epss
scoring_elements	0.33216
published_at	2026-06-12T12:55:00Z

value	0.00134
scoring_system	epss
scoring_elements	0.33034
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-41892

reference_url

https://github.com/archesproject/arches

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/archesproject/arches

reference_url

https://github.com/archesproject/arches/commit/7ed53e23a616edf3301d95814d9d64de5e3072a9

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/archesproject/arches/commit/7ed53e23a616edf3301d95814d9d64de5e3072a9

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/arches/PYSEC-2022-42985.yaml

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/arches/PYSEC-2022-42985.yaml

reference_url

https://pypi.org/project/arches/6.1.2

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://pypi.org/project/arches/6.1.2

reference_url	https://pypi.org/project/arches/6.1.2/
reference_id
reference_type
scores
url	https://pypi.org/project/arches/6.1.2/

reference_url

https://pypi.org/project/arches/7.2.0

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://pypi.org/project/arches/7.2.0

reference_url	https://pypi.org/project/arches/7.2.0/
reference_id
reference_type
scores
url	https://pypi.org/project/arches/7.2.0/

reference_url

https://securitylab.github.com/advisories/GHSL-2022-070_GHSL-2022-072_Arches

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://securitylab.github.com/advisories/GHSL-2022-070_GHSL-2022-072_Arches

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-41892

reference_id

CVE-2022-41892

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-41892

reference_url

https://github.com/advisories/GHSA-gmpq-xrxj-xh8m

reference_id

GHSA-gmpq-xrxj-xh8m

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-gmpq-xrxj-xh8m

reference_url

https://github.com/archesproject/arches/security/advisories/GHSA-gmpq-xrxj-xh8m

reference_id

GHSA-gmpq-xrxj-xh8m

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:48:53Z/

url

https://github.com/archesproject/arches/security/advisories/GHSA-gmpq-xrxj-xh8m

fixed_packages

url	pkg:pypi/arches@6.1.2
purl	pkg:pypi/arches@6.1.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/arches@6.1.2

url	pkg:pypi/arches@6.2.1
purl	pkg:pypi/arches@6.2.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/arches@6.2.1

url	pkg:pypi/arches@7.2.0
purl	pkg:pypi/arches@7.2.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/arches@7.2.0

aliases CVE-2022-41892, GHSA-gmpq-xrxj-xh8m, PYSEC-2022-42985

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6tkn-j1xj-13a6

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/arches@6.1.2

Package Instance