Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/com.vaadin/vaadin-bom@8.6.2
Typemaven
Namespacecom.vaadin
Namevaadin-bom
Version8.6.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version8.14.1
Latest_non_vulnerable_version20.0.6
Affected_by_vulnerabilities
0
url VCID-akx4-pzw3-u3bj
vulnerability_id VCID-akx4-pzw3-u3bj
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Missing variable sanitization in Grid component in com.vaadin:vaadin-server versions 7.4.0 through 7.7.19 (Vaadin 7.4.0 through 7.7.19), and 8.0.0 through 8.8.4 (Vaadin 8.0.0 through 8.8.4) allows attacker to inject malicious JavaScript via unspecified vector
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-25028
reference_id
reference_type
scores
0
value 0.00347
scoring_system epss
scoring_elements 0.57573
published_at 2026-06-05T12:55:00Z
1
value 0.00347
scoring_system epss
scoring_elements 0.57577
published_at 2026-06-09T12:55:00Z
2
value 0.00347
scoring_system epss
scoring_elements 0.57559
published_at 2026-06-08T12:55:00Z
3
value 0.00347
scoring_system epss
scoring_elements 0.57571
published_at 2026-06-07T12:55:00Z
4
value 0.00347
scoring_system epss
scoring_elements 0.57582
published_at 2026-06-06T12:55:00Z
5
value 0.00347
scoring_system epss
scoring_elements 0.57521
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-25028
1
reference_url https://github.com/vaadin/framework/pull/11644
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/framework/pull/11644
2
reference_url https://github.com/vaadin/framework/pull/11645
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/framework/pull/11645
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-25028
reference_id CVE-2019-25028
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-25028
4
reference_url https://vaadin.com/security/cve-2019-25028
reference_id CVE-2019-25028
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://vaadin.com/security/cve-2019-25028
5
reference_url https://github.com/advisories/GHSA-q74r-4xw3-ppx9
reference_id GHSA-q74r-4xw3-ppx9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q74r-4xw3-ppx9
6
reference_url https://github.com/vaadin/framework/security/advisories/GHSA-q74r-4xw3-ppx9
reference_id GHSA-q74r-4xw3-ppx9
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/framework/security/advisories/GHSA-q74r-4xw3-ppx9
fixed_packages
0
url pkg:maven/com.vaadin/vaadin-bom@8.8.5
purl pkg:maven/com.vaadin/vaadin-bom@8.8.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-m2y6-tfe3-93de
1
vulnerability VCID-r72j-8p2b-ebcr
2
vulnerability VCID-zq3b-qwfb-ykeq
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin-bom@8.8.5
aliases CVE-2019-25028, GHSA-q74r-4xw3-ppx9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-akx4-pzw3-u3bj
1
url VCID-m2y6-tfe3-93de
vulnerability_id VCID-m2y6-tfe3-93de
summary 
Regular expression Denial of Service (ReDoS) in EmailValidator class in V7 compatibility module in Vaadin 8
Unsafe validation RegEx in `EmailValidator` component in `com.vaadin:vaadin-compatibility-server` versions 8.0.0 through 8.12.4 (Vaadin versions 8.0.0 through 8.12.4) allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses.
references
0
reference_url https://github.com/vaadin/framework
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/framework
1
reference_url https://vaadin.com/security/cve-2021-31409
reference_id CVE-2021-31409
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://vaadin.com/security/cve-2021-31409
2
reference_url https://github.com/advisories/GHSA-jfmf-w293-8xr8
reference_id GHSA-jfmf-w293-8xr8
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jfmf-w293-8xr8
3
reference_url https://github.com/vaadin/framework/security/advisories/GHSA-jfmf-w293-8xr8
reference_id GHSA-jfmf-w293-8xr8
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/framework/security/advisories/GHSA-jfmf-w293-8xr8
fixed_packages
0
url pkg:maven/com.vaadin/vaadin-bom@8.13.0
purl pkg:maven/com.vaadin/vaadin-bom@8.13.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-zq3b-qwfb-ykeq
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin-bom@8.13.0
aliases GHSA-jfmf-w293-8xr8, GMS-2021-70
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m2y6-tfe3-93de
2
url VCID-r72j-8p2b-ebcr
vulnerability_id VCID-r72j-8p2b-ebcr
summary 
Observable Discrepancy
Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:vaadin-server versions 7.0.0 through 7.7.23 (Vaadin 7.0.0 through 7.7.23), and 8.0.0 through 8.12.2 (Vaadin 8.0.0 through 8.12.2) allows attacker to guess a security token via timing attack
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-31403
reference_id
reference_type
scores
0
value 0.00128
scoring_system epss
scoring_elements 0.31781
published_at 2026-06-07T12:55:00Z
1
value 0.00128
scoring_system epss
scoring_elements 0.31772
published_at 2026-06-09T12:55:00Z
2
value 0.00128
scoring_system epss
scoring_elements 0.31749
published_at 2026-06-08T12:55:00Z
3
value 0.00128
scoring_system epss
scoring_elements 0.31819
published_at 2026-06-06T12:55:00Z
4
value 0.00128
scoring_system epss
scoring_elements 0.3185
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-31403
1
reference_url https://github.com/vaadin/framework/pull/12188
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/framework/pull/12188
2
reference_url https://github.com/vaadin/framework/pull/12190
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/framework/pull/12190
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-31403
reference_id CVE-2021-31403
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-31403
4
reference_url https://vaadin.com/security/cve-2021-31403
reference_id CVE-2021-31403
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://vaadin.com/security/cve-2021-31403
5
reference_url https://github.com/advisories/GHSA-75xc-qvxh-27f8
reference_id GHSA-75xc-qvxh-27f8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-75xc-qvxh-27f8
6
reference_url https://github.com/vaadin/framework/security/advisories/GHSA-75xc-qvxh-27f8
reference_id GHSA-75xc-qvxh-27f8
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/framework/security/advisories/GHSA-75xc-qvxh-27f8
fixed_packages
0
url pkg:maven/com.vaadin/vaadin-bom@8.12.3
purl pkg:maven/com.vaadin/vaadin-bom@8.12.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-m2y6-tfe3-93de
1
vulnerability VCID-zq3b-qwfb-ykeq
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin-bom@8.12.3
aliases CVE-2021-31403, GHSA-75xc-qvxh-27f8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r72j-8p2b-ebcr
3
url VCID-zq3b-qwfb-ykeq
vulnerability_id VCID-zq3b-qwfb-ykeq
summary 
Uncontrolled Resource Consumption
Missing check in DataCommunicator class in com.vaadin:vaadin-server versions 8.0.0 through 8.14.0 (Vaadin 8.0.0 through 8.14.0) allows authenticated network attacker to cause heap exhaustion by requesting too many rows of data.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-33609
reference_id
reference_type
scores
0
value 0.00612
scoring_system epss
scoring_elements 0.70249
published_at 2026-06-07T12:55:00Z
1
value 0.00612
scoring_system epss
scoring_elements 0.70261
published_at 2026-06-09T12:55:00Z
2
value 0.00612
scoring_system epss
scoring_elements 0.70238
published_at 2026-06-08T12:55:00Z
3
value 0.00612
scoring_system epss
scoring_elements 0.70216
published_at 2026-06-04T12:55:00Z
4
value 0.00612
scoring_system epss
scoring_elements 0.70258
published_at 2026-06-05T12:55:00Z
5
value 0.00612
scoring_system epss
scoring_elements 0.70266
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-33609
1
reference_url https://github.com/vaadin/framework
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/framework
2
reference_url https://github.com/vaadin/framework/pull/12415
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/framework/pull/12415
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-33609
reference_id CVE-2021-33609
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-33609
4
reference_url https://vaadin.com/security/cve-2021-33609
reference_id CVE-2021-33609
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://vaadin.com/security/cve-2021-33609
5
reference_url https://github.com/advisories/GHSA-qcgx-crrx-38v5
reference_id GHSA-qcgx-crrx-38v5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qcgx-crrx-38v5
6
reference_url https://github.com/vaadin/framework/security/advisories/GHSA-qcgx-crrx-38v5
reference_id GHSA-qcgx-crrx-38v5
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/framework/security/advisories/GHSA-qcgx-crrx-38v5
fixed_packages
0
url pkg:maven/com.vaadin/vaadin-bom@8.14.1
purl pkg:maven/com.vaadin/vaadin-bom@8.14.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin-bom@8.14.1
aliases CVE-2021-33609, GHSA-qcgx-crrx-38v5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zq3b-qwfb-ykeq
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin-bom@8.6.2