Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/com.vaadin/vaadin-bom@18.0.4
Typemaven
Namespacecom.vaadin
Namevaadin-bom
Version18.0.4
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version20.0.6
Latest_non_vulnerable_version20.0.6
Affected_by_vulnerabilities
0
url VCID-4r96-z5zh-cubc
vulnerability_id VCID-4r96-z5zh-cubc
summary 
Exposure of Resource to Wrong Sphere
Improper sanitization of path in default `RouteNotFoundError` view allows network attacker to enumerate all available routes via crafted HTTP request when application is running in production mode and no custom handler for NotFoundException is provided.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-31412
reference_id
reference_type
scores
0
value 0.00686
scoring_system epss
scoring_elements 0.72095
published_at 2026-06-04T12:55:00Z
1
value 0.00686
scoring_system epss
scoring_elements 0.72136
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-31412
1
reference_url https://github.com/vaadin/flow/pull/11107
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/flow/pull/11107
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-31412
reference_id CVE-2021-31412
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-31412
3
reference_url https://vaadin.com/security/cve-2021-31412
reference_id CVE-2021-31412
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://vaadin.com/security/cve-2021-31412
4
reference_url https://github.com/advisories/GHSA-qrg9-f472-qwfm
reference_id GHSA-qrg9-f472-qwfm
reference_type
scores
url https://github.com/advisories/GHSA-qrg9-f472-qwfm
5
reference_url https://github.com/vaadin/platform/security/advisories/GHSA-qrg9-f472-qwfm
reference_id GHSA-qrg9-f472-qwfm
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/platform/security/advisories/GHSA-qrg9-f472-qwfm
fixed_packages
0
url pkg:maven/com.vaadin/vaadin-bom@19.0.9
purl pkg:maven/com.vaadin/vaadin-bom@19.0.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hemz-191r-fyej
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin-bom@19.0.9
aliases CVE-2021-31412, GHSA-qrg9-f472-qwfm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4r96-z5zh-cubc
1
url VCID-93dy-76qc-8fb7
vulnerability_id VCID-93dy-76qc-8fb7
summary 
Insufficient Session Expiration
Authentication.logout() helper in com.vaadin:flow-client versions 5.0.0 prior to 6.0.0 (Vaadin 18), and 6.0.0 through 6.0.4 (Vaadin 19.0.0 through 19.0.3) uses incorrect HTTP method, which, in combination with Spring Security CSRF protection, allows local attackers to access Fusion endpoints after the user attempted to log out.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-31408
reference_id
reference_type
scores
0
value 0.00048
scoring_system epss
scoring_elements 0.15139
published_at 2026-06-04T12:55:00Z
1
value 0.00048
scoring_system epss
scoring_elements 0.15225
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-31408
1
reference_url https://github.com/vaadin/flow/pull/10577
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/flow/pull/10577
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-31408
reference_id CVE-2021-31408
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-31408
3
reference_url https://vaadin.com/security/cve-2021-31408
reference_id CVE-2021-31408
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://vaadin.com/security/cve-2021-31408
4
reference_url https://github.com/advisories/GHSA-mr8h-j9cv-4m8h
reference_id GHSA-mr8h-j9cv-4m8h
reference_type
scores
url https://github.com/advisories/GHSA-mr8h-j9cv-4m8h
5
reference_url https://github.com/vaadin/platform/security/advisories/GHSA-mr8h-j9cv-4m8h
reference_id GHSA-mr8h-j9cv-4m8h
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/platform/security/advisories/GHSA-mr8h-j9cv-4m8h
fixed_packages
0
url pkg:maven/com.vaadin/vaadin-bom@19.0.4
purl pkg:maven/com.vaadin/vaadin-bom@19.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4r96-z5zh-cubc
1
vulnerability VCID-9fku-daga-ebgv
2
vulnerability VCID-hemz-191r-fyej
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin-bom@19.0.4
aliases CVE-2021-31408, GHSA-mr8h-j9cv-4m8h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-93dy-76qc-8fb7
2
url VCID-9fku-daga-ebgv
vulnerability_id VCID-9fku-daga-ebgv
summary 
Improper Neutralization
URL encoding error in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.6.1 (Vaadin 14.0.0 through 14.6.1), 3.0.0 through 6.0.9 (Vaadin 15.0.0 through 19.0.8) allows local user to execute arbitrary JavaScript code by opening crafted URL in browser.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-33604
reference_id
reference_type
scores
0
value 0.00054
scoring_system epss
scoring_elements 0.17126
published_at 2026-06-05T12:55:00Z
1
value 0.00054
scoring_system epss
scoring_elements 0.1705
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-33604
1
reference_url https://github.com/vaadin/flow
reference_id
reference_type
scores
0
value 2.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/flow
2
reference_url https://github.com/vaadin/flow/pull/11099
reference_id
reference_type
scores
0
value 2.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/flow/pull/11099
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-33604
reference_id CVE-2021-33604
reference_type
scores
0
value 2.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-33604
4
reference_url https://vaadin.com/security/cve-2021-33604
reference_id CVE-2021-33604
reference_type
scores
0
value 2.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://vaadin.com/security/cve-2021-33604
5
reference_url https://github.com/advisories/GHSA-c99r-67x4-whj6
reference_id GHSA-c99r-67x4-whj6
reference_type
scores
url https://github.com/advisories/GHSA-c99r-67x4-whj6
6
reference_url https://github.com/vaadin/platform/security/advisories/GHSA-c99r-67x4-whj6
reference_id GHSA-c99r-67x4-whj6
reference_type
scores
0
value 2.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/platform/security/advisories/GHSA-c99r-67x4-whj6
fixed_packages
0
url pkg:maven/com.vaadin/vaadin-bom@19.0.9
purl pkg:maven/com.vaadin/vaadin-bom@19.0.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hemz-191r-fyej
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin-bom@19.0.9
aliases CVE-2021-33604, GHSA-c99r-67x4-whj6
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9fku-daga-ebgv
3
url VCID-bud2-81n2-wyhc
vulnerability_id VCID-bud2-81n2-wyhc
summary 
Insecure Temporary File
Insecure temporary directory usage in frontend build functionality of com.vaadin:flow-server allows local users to inject malicious code into frontend resources during application rebuilds.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-31411
reference_id
reference_type
scores
0
value 0.00049
scoring_system epss
scoring_elements 0.1562
published_at 2026-06-05T12:55:00Z
1
value 0.00049
scoring_system epss
scoring_elements 0.15538
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-31411
1
reference_url https://github.com/vaadin/flow/pull/10640
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/flow/pull/10640
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-31411
reference_id CVE-2021-31411
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-31411
3
reference_url https://vaadin.com/security/cve-2021-31411
reference_id CVE-2021-31411
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://vaadin.com/security/cve-2021-31411
4
reference_url https://github.com/advisories/GHSA-p826-8vhq-h439
reference_id GHSA-p826-8vhq-h439
reference_type
scores
url https://github.com/advisories/GHSA-p826-8vhq-h439
5
reference_url https://github.com/vaadin/platform/security/advisories/GHSA-p826-8vhq-h439
reference_id GHSA-p826-8vhq-h439
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/platform/security/advisories/GHSA-p826-8vhq-h439
fixed_packages
0
url pkg:maven/com.vaadin/vaadin-bom@19.0.3
purl pkg:maven/com.vaadin/vaadin-bom@19.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4r96-z5zh-cubc
1
vulnerability VCID-93dy-76qc-8fb7
2
vulnerability VCID-9fku-daga-ebgv
3
vulnerability VCID-hemz-191r-fyej
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin-bom@19.0.3
1
url pkg:maven/com.vaadin/vaadin-bom@19.0.5
purl pkg:maven/com.vaadin/vaadin-bom@19.0.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4r96-z5zh-cubc
1
vulnerability VCID-9fku-daga-ebgv
2
vulnerability VCID-hemz-191r-fyej
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin-bom@19.0.5
aliases CVE-2021-31411, GHSA-p826-8vhq-h439
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bud2-81n2-wyhc
4
url VCID-hemz-191r-fyej
vulnerability_id VCID-hemz-191r-fyej
summary 
Unauthorized property update in CheckboxGroup component in Vaadin 12-14 and 15-20
Improper check in `CheckboxGroup` in `com.vaadin:vaadin-checkbox-flow` versions 1.2.0 prior to 2.0.0 (Vaadin 12.0.0 prior to 14.0.0), 2.0.0 prior to 3.0.0 (Vaadin 14.0.0 prior to 14.5.0), 3.0.0 through 4.0.1 (Vaadin 15.0.0 through 17.0.11), 14.5.0 through 14.6.7 (Vaadin 14.5.0 through 14.6.7), and 18.0.0 through 20.0.5 (Vaadin 18.0.0 through 20.0.5) allows attackers to modify the value of a disabled `Checkbox` inside enabled `CheckboxGroup` component via unspecified vectors.

- https://vaadin.com/security/cve-2021-33605
references
0
reference_url https://github.com/advisories/GHSA-hw7r-qrhp-5pff
reference_id GHSA-hw7r-qrhp-5pff
reference_type
scores
url https://github.com/advisories/GHSA-hw7r-qrhp-5pff
1
reference_url https://github.com/vaadin/platform/security/advisories/GHSA-hw7r-qrhp-5pff
reference_id GHSA-hw7r-qrhp-5pff
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/platform/security/advisories/GHSA-hw7r-qrhp-5pff
fixed_packages
0
url pkg:maven/com.vaadin/vaadin-bom@20.0.6
purl pkg:maven/com.vaadin/vaadin-bom@20.0.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin-bom@20.0.6
aliases GHSA-hw7r-qrhp-5pff, GMS-2021-68
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hemz-191r-fyej
5
url VCID-tmht-98ed-a3fq
vulnerability_id VCID-tmht-98ed-a3fq
summary Cross-Site Request Forgery (CSRF) in com.vaadin:vaadin-bom.
references
0
reference_url https://github.com/vaadin/platform
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/platform
1
reference_url https://vaadin.com/security/cve-2021-31406
reference_id CVE-2021-31406
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://vaadin.com/security/cve-2021-31406
2
reference_url https://github.com/advisories/GHSA-9h6g-6mxg-vvp4
reference_id GHSA-9h6g-6mxg-vvp4
reference_type
scores
url https://github.com/advisories/GHSA-9h6g-6mxg-vvp4
3
reference_url https://github.com/vaadin/platform/security/advisories/GHSA-9h6g-6mxg-vvp4
reference_id GHSA-9h6g-6mxg-vvp4
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/platform/security/advisories/GHSA-9h6g-6mxg-vvp4
fixed_packages
0
url pkg:maven/com.vaadin/vaadin-bom@18.0.7
purl pkg:maven/com.vaadin/vaadin-bom@18.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4r96-z5zh-cubc
1
vulnerability VCID-93dy-76qc-8fb7
2
vulnerability VCID-9fku-daga-ebgv
3
vulnerability VCID-bud2-81n2-wyhc
4
vulnerability VCID-hemz-191r-fyej
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin-bom@18.0.7
1
url pkg:maven/com.vaadin/vaadin-bom@19.0.1
purl pkg:maven/com.vaadin/vaadin-bom@19.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4r96-z5zh-cubc
1
vulnerability VCID-93dy-76qc-8fb7
2
vulnerability VCID-9fku-daga-ebgv
3
vulnerability VCID-bud2-81n2-wyhc
4
vulnerability VCID-hemz-191r-fyej
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin-bom@19.0.1
aliases GHSA-9h6g-6mxg-vvp4, GMS-2021-66
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tmht-98ed-a3fq
6
url VCID-tywj-48df-uqcb
vulnerability_id VCID-tywj-48df-uqcb
summary Cross-Site Request Forgery (CSRF) in com.vaadin:vaadin-bom.
references
0
reference_url https://github.com/vaadin/platform
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/platform
1
reference_url https://vaadin.com/security/cve-2021-31404
reference_id CVE-2021-31404
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://vaadin.com/security/cve-2021-31404
2
reference_url https://github.com/advisories/GHSA-c6c4-7x48-4cqp
reference_id GHSA-c6c4-7x48-4cqp
reference_type
scores
url https://github.com/advisories/GHSA-c6c4-7x48-4cqp
3
reference_url https://github.com/vaadin/platform/security/advisories/GHSA-c6c4-7x48-4cqp
reference_id GHSA-c6c4-7x48-4cqp
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/platform/security/advisories/GHSA-c6c4-7x48-4cqp
fixed_packages
0
url pkg:maven/com.vaadin/vaadin-bom@18.0.6
purl pkg:maven/com.vaadin/vaadin-bom@18.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4r96-z5zh-cubc
1
vulnerability VCID-93dy-76qc-8fb7
2
vulnerability VCID-9fku-daga-ebgv
3
vulnerability VCID-bud2-81n2-wyhc
4
vulnerability VCID-hemz-191r-fyej
5
vulnerability VCID-tmht-98ed-a3fq
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin-bom@18.0.6
aliases GHSA-c6c4-7x48-4cqp, GMS-2021-67
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tywj-48df-uqcb
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin-bom@18.0.4