Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/getformwork/formwork@1.13.0
Typecomposer
Namespacegetformwork
Nameformwork
Version1.13.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.3.4
Latest_non_vulnerable_version2.3.4
Affected_by_vulnerabilities
0
url VCID-apsg-z7ny-gkag
vulnerability_id VCID-apsg-z7ny-gkag
summary Formwork is a flat file-based Content Management System (CMS). Prior to version 2.2.0, inserting unsanitized data into the blog tag field results in stored cross‑site scripting (XSS). Any user with credentials to the Formwork CMS who accesses or edits an affected blog post will have attacker‑controlled script executed in their browser. The issue is persistent and impacts privileged administrative workflows. This issue has been patched in version 2.2.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-65956
reference_id
reference_type
scores
0
value 0.00025
scoring_system epss
scoring_elements 0.07645
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-65956
1
reference_url https://github.com/getformwork/formwork
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/getformwork/formwork
2
reference_url https://github.com/getformwork/formwork/commit/4abcd60ae7692b46d316f956b0b20fb85336f3b2
reference_id 4abcd60ae7692b46d316f956b0b20fb85336f3b2
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-26T16:10:59Z/
url https://github.com/getformwork/formwork/commit/4abcd60ae7692b46d316f956b0b20fb85336f3b2
3
reference_url https://github.com/getformwork/formwork/pull/791
reference_id 791
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-26T16:10:59Z/
url https://github.com/getformwork/formwork/pull/791
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-65956
reference_id CVE-2025-65956
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-65956
5
reference_url https://github.com/advisories/GHSA-7j46-f57w-76pj
reference_id GHSA-7j46-f57w-76pj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7j46-f57w-76pj
6
reference_url https://github.com/getformwork/formwork/security/advisories/GHSA-7j46-f57w-76pj
reference_id GHSA-7j46-f57w-76pj
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-26T16:10:59Z/
url https://github.com/getformwork/formwork/security/advisories/GHSA-7j46-f57w-76pj
fixed_packages
0
url pkg:composer/getformwork/formwork@2.2.0
purl pkg:composer/getformwork/formwork@2.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x5rd-94xr-xuea
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/getformwork/formwork@2.2.0
aliases CVE-2025-65956, GHSA-7j46-f57w-76pj
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-apsg-z7ny-gkag
1
url VCID-cyvu-6p8a-jfhz
vulnerability_id VCID-cyvu-6p8a-jfhz
summary Formwork is a flat file-based Content Management System (CMS). An attackers (requires administrator privilege) to execute arbitrary web scripts by modifying site options via /panel/options/site. This type of attack is suitable for persistence, affecting visitors across all pages (except the dashboard). This vulnerability is fixed in 1.13.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-37160
reference_id
reference_type
scores
0
value 0.00721
scoring_system epss
scoring_elements 0.72947
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-37160
1
reference_url https://github.com/getformwork/formwork
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/getformwork/formwork
2
reference_url https://github.com/getformwork/formwork/commit/9d471204f7ebb51c3c27131581c2b834315b5e0b
reference_id 9d471204f7ebb51c3c27131581c2b834315b5e0b
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-07T16:41:21Z/
url https://github.com/getformwork/formwork/commit/9d471204f7ebb51c3c27131581c2b834315b5e0b
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-37160
reference_id CVE-2024-37160
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-37160
4
reference_url https://github.com/getformwork/formwork/commit/f5312015a5a5e89b95ef2bd07e496f8474d579c5
reference_id f5312015a5a5e89b95ef2bd07e496f8474d579c5
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-07T16:41:21Z/
url https://github.com/getformwork/formwork/commit/f5312015a5a5e89b95ef2bd07e496f8474d579c5
5
reference_url https://github.com/advisories/GHSA-5pxr-7m4j-jjc6
reference_id GHSA-5pxr-7m4j-jjc6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5pxr-7m4j-jjc6
6
reference_url https://github.com/getformwork/formwork/security/advisories/GHSA-5pxr-7m4j-jjc6
reference_id GHSA-5pxr-7m4j-jjc6
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-07T16:41:21Z/
url https://github.com/getformwork/formwork/security/advisories/GHSA-5pxr-7m4j-jjc6
fixed_packages
0
url pkg:composer/getformwork/formwork@1.13.1
purl pkg:composer/getformwork/formwork@1.13.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-apsg-z7ny-gkag
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/getformwork/formwork@1.13.1
1
url pkg:composer/getformwork/formwork@2.0.0-beta.2
purl pkg:composer/getformwork/formwork@2.0.0-beta.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-am1a-amf4-v7gj
1
vulnerability VCID-apsg-z7ny-gkag
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/getformwork/formwork@2.0.0-beta.2
aliases CVE-2024-37160, GHSA-5pxr-7m4j-jjc6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cyvu-6p8a-jfhz
Fixing_vulnerabilities
0
url VCID-ms8j-pza2-qfaj
vulnerability_id VCID-ms8j-pza2-qfaj
summary A stored cross-site scripting (XSS) vulnerability in the component /formwork/panel/dashboard of Formwork v1.12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page title parameter.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-24230
reference_id
reference_type
scores
0
value 0.00379
scoring_system epss
scoring_elements 0.59795
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-24230
1
reference_url https://github.com/getformwork/formwork
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/getformwork/formwork
2
reference_url https://github.com/getformwork/formwork/commit/8781ee17ca9b9b7b0b57e090e7f2ba1b27dc1415
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/getformwork/formwork/commit/8781ee17ca9b9b7b0b57e090e7f2ba1b27dc1415
3
reference_url https://medium.com/@0x2bit/formwork-1-12-1-stored-xss-vulnerability-at-page-title-b6efba27891a
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://medium.com/@0x2bit/formwork-1-12-1-stored-xss-vulnerability-at-page-title-b6efba27891a
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-24230
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-24230
5
reference_url https://github.com/getformwork/formwork/releases/tag/1.12.1
reference_id 1.12.1
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-24T18:01:56Z/
url https://github.com/getformwork/formwork/releases/tag/1.12.1
6
reference_url https://medium.com/%400x2bit/formwork-1-12-1-stored-xss-vulnerability-at-page-title-b6efba27891a
reference_id formwork-1-12-1-stored-xss-vulnerability-at-page-title-b6efba27891a
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-24T18:01:56Z/
url https://medium.com/%400x2bit/formwork-1-12-1-stored-xss-vulnerability-at-page-title-b6efba27891a
7
reference_url https://github.com/advisories/GHSA-fvrh-wrpf-6q7h
reference_id GHSA-fvrh-wrpf-6q7h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fvrh-wrpf-6q7h
fixed_packages
0
url pkg:composer/getformwork/formwork@1.13.0
purl pkg:composer/getformwork/formwork@1.13.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-apsg-z7ny-gkag
1
vulnerability VCID-cyvu-6p8a-jfhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/getformwork/formwork@1.13.0
aliases CVE-2023-24230, GHSA-fvrh-wrpf-6q7h
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ms8j-pza2-qfaj
1
url VCID-wmt4-ht54-xbff
vulnerability_id VCID-wmt4-ht54-xbff
summary A cross-site scripting (XSS) vulnerability in the Edit function of Formwork before 1.13.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content field.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-35621
reference_id
reference_type
scores
0
value 0.00187
scoring_system epss
scoring_elements 0.40348
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-35621
1
reference_url https://github.com/getformwork/formwork
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/getformwork/formwork
2
reference_url https://github.com/getformwork/formwork/commit/2d92e6dbf99a9a49797947afbda0cdd4e56e11df
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/getformwork/formwork/commit/2d92e6dbf99a9a49797947afbda0cdd4e56e11df
3
reference_url https://github.com/getformwork/formwork/commit/6adc302f5a294f2ffbbf1571dd4ffea6b7876723
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/getformwork/formwork/commit/6adc302f5a294f2ffbbf1571dd4ffea6b7876723
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-35621
reference_id CVE-2024-35621
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-35621
5
reference_url https://github.com/advisories/GHSA-gx8m-f3mp-fg99
reference_id GHSA-gx8m-f3mp-fg99
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gx8m-f3mp-fg99
6
reference_url https://github.com/getformwork/formwork/security/advisories/GHSA-gx8m-f3mp-fg99
reference_id GHSA-gx8m-f3mp-fg99
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-16T18:03:04Z/
url https://github.com/getformwork/formwork/security/advisories/GHSA-gx8m-f3mp-fg99
fixed_packages
0
url pkg:composer/getformwork/formwork@1.13.0
purl pkg:composer/getformwork/formwork@1.13.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-apsg-z7ny-gkag
1
vulnerability VCID-cyvu-6p8a-jfhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/getformwork/formwork@1.13.0
aliases CVE-2024-35621, GHSA-gx8m-f3mp-fg99
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wmt4-ht54-xbff
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/getformwork/formwork@1.13.0