Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/fava@1.13
Typepypi
Namespace
Namefava
Version1.13
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.22.3
Latest_non_vulnerable_version1.22.3
Affected_by_vulnerabilities
0
url VCID-e3tw-125b-6ug2
vulnerability_id VCID-e3tw-125b-6ug2
summary The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2514
reference_id
reference_type
scores
0
value 0.0032
scoring_system epss
scoring_elements 0.55355
published_at 2026-06-04T12:55:00Z
1
value 0.0032
scoring_system epss
scoring_elements 0.55386
published_at 2026-06-08T12:55:00Z
2
value 0.0032
scoring_system epss
scoring_elements 0.55405
published_at 2026-06-09T12:55:00Z
3
value 0.0032
scoring_system epss
scoring_elements 0.55417
published_at 2026-06-06T12:55:00Z
4
value 0.0032
scoring_system epss
scoring_elements 0.55411
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2514
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2514
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2514
2
reference_url https://github.com/advisories/GHSA-xrf4-39fm-j5f2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-xrf4-39fm-j5f2
3
reference_url https://github.com/beancount/fava
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/beancount/fava
4
reference_url https://github.com/beancount/fava/commit/ca9e3882c7b5fbf5273ba52340b9fea6a99f3711
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/beancount/fava/commit/ca9e3882c7b5fbf5273ba52340b9fea6a99f3711
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/fava/PYSEC-2022-239.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/fava/PYSEC-2022-239.yaml
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/fava/PYSEC-2022-43182.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/fava/PYSEC-2022-43182.yaml
7
reference_url https://huntr.dev/bounties/dbf77139-4384-4dc5-9994-45a5e0747429
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/dbf77139-4384-4dc5-9994-45a5e0747429
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-2514
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-2514
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016971
reference_id 1016971
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016971
fixed_packages
0
url pkg:pypi/fava@1.22.0
purl pkg:pypi/fava@1.22.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fava@1.22.0
1
url pkg:pypi/fava@1.22
purl pkg:pypi/fava@1.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-nmpg-e4rn-5ffd
1
vulnerability VCID-x45u-rng5-n3dm
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fava@1.22
aliases CVE-2022-2514, GHSA-xrf4-39fm-j5f2, PYSEC-2022-239, PYSEC-2022-43182
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e3tw-125b-6ug2
1
url VCID-nmpg-e4rn-5ffd
vulnerability_id VCID-nmpg-e4rn-5ffd
summary Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/fava prior to 1.22.2.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2523
reference_id
reference_type
scores
0
value 0.0032
scoring_system epss
scoring_elements 0.55355
published_at 2026-06-04T12:55:00Z
1
value 0.0032
scoring_system epss
scoring_elements 0.55386
published_at 2026-06-08T12:55:00Z
2
value 0.0032
scoring_system epss
scoring_elements 0.55405
published_at 2026-06-09T12:55:00Z
3
value 0.0032
scoring_system epss
scoring_elements 0.55417
published_at 2026-06-06T12:55:00Z
4
value 0.0032
scoring_system epss
scoring_elements 0.55411
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2523
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2523
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2523
2
reference_url https://github.com/advisories/GHSA-q8hg-3vqv-f8v3
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-q8hg-3vqv-f8v3
3
reference_url https://github.com/beancount/fava
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/beancount/fava
4
reference_url https://github.com/beancount/fava/commit/dccfb6a2f4567f35ce2e9a78e24f92ebf946bc9b
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/beancount/fava/commit/dccfb6a2f4567f35ce2e9a78e24f92ebf946bc9b
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/fava/PYSEC-2022-240.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/fava/PYSEC-2022-240.yaml
6
reference_url https://huntr.dev/bounties/2a1802d8-1c2e-4919-96a7-d4dcf7ffcf8f
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/2a1802d8-1c2e-4919-96a7-d4dcf7ffcf8f
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-2523
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-2523
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016971
reference_id 1016971
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016971
fixed_packages
0
url pkg:pypi/fava@1.22.2
purl pkg:pypi/fava@1.22.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x45u-rng5-n3dm
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fava@1.22.2
aliases CVE-2022-2523, GHSA-q8hg-3vqv-f8v3, PYSEC-2022-240
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nmpg-e4rn-5ffd
2
url VCID-x45u-rng5-n3dm
vulnerability_id VCID-x45u-rng5-n3dm
summary Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/fava prior to 1.22.3.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2589
reference_id
reference_type
scores
0
value 0.00247
scoring_system epss
scoring_elements 0.48202
published_at 2026-06-07T12:55:00Z
1
value 0.00247
scoring_system epss
scoring_elements 0.48185
published_at 2026-06-09T12:55:00Z
2
value 0.00247
scoring_system epss
scoring_elements 0.48172
published_at 2026-06-08T12:55:00Z
3
value 0.00247
scoring_system epss
scoring_elements 0.48154
published_at 2026-06-04T12:55:00Z
4
value 0.00247
scoring_system epss
scoring_elements 0.48217
published_at 2026-06-05T12:55:00Z
5
value 0.00247
scoring_system epss
scoring_elements 0.4822
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2589
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2589
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2589
2
reference_url https://github.com/advisories/GHSA-6hcj-qrw3-m66q
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-6hcj-qrw3-m66q
3
reference_url https://github.com/beancount/fava
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/beancount/fava
4
reference_url https://github.com/beancount/fava/commit/68bbb6e39319deb35ab9f18d0b6aa9fa70472539
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/beancount/fava/commit/68bbb6e39319deb35ab9f18d0b6aa9fa70472539
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/fava/PYSEC-2022-246.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/fava/PYSEC-2022-246.yaml
6
reference_url https://huntr.dev/bounties/8705800d-cf2f-433d-9c3e-dbef6a3f7e08
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/8705800d-cf2f-433d-9c3e-dbef6a3f7e08
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-2589
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-2589
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016971
reference_id 1016971
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016971
fixed_packages
0
url pkg:pypi/fava@1.22.3
purl pkg:pypi/fava@1.22.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fava@1.22.3
aliases CVE-2022-2589, GHSA-6hcj-qrw3-m66q, PYSEC-2022-246
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x45u-rng5-n3dm
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/fava@1.13