Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:apk/alpine/ruby@2.7.3-r0?arch=armv7&distroversion=v3.12&reponame=main

Type apk

Namespace alpine

Name ruby

Version 2.7.3-r0

Qualifiers

arch	armv7
distroversion	v3.12
reponame	main

Subpath

Is_vulnerable false

Next_non_vulnerable_version 2.7.4-r0

Latest_non_vulnerable_version 2.7.6-r0

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-jp6h-be3s-97ah

vulnerability_id VCID-jp6h-be3s-97ah

summary In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-28966

reference_id

reference_type

scores

value	0.00247
scoring_system	epss
scoring_elements	0.48291
published_at	2026-06-11T12:55:00Z

value	0.00247
scoring_system	epss
scoring_elements	0.48427
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-28966

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/tmpdir/CVE-2021-28966.yml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/tmpdir/CVE-2021-28966.yml

reference_url

https://github.com/ruby/tmpdir

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/ruby/tmpdir

reference_url

https://github.com/ruby/tmpdir/commit/93798c01cb7c10476e50a4d80130a329ba47f348

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/ruby/tmpdir/commit/93798c01cb7c10476e50a4d80130a329ba47f348

reference_url

https://github.com/ruby/tmpdir/pull/8

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/ruby/tmpdir/pull/8

reference_url

https://hackerone.com/reports/1131465

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://hackerone.com/reports/1131465

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-28966

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-28966

reference_url

https://rubygems.org/gems/tmpdir

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://rubygems.org/gems/tmpdir

reference_url

https://security.netapp.com/advisory/ntap-20210902-0004

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210902-0004

reference_url

https://www.ruby-lang.org/en/news/2021/04/05/tempfile-path-traversal-on-windows-cve-2021-28966

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.ruby-lang.org/en/news/2021/04/05/tempfile-path-traversal-on-windows-cve-2021-28966

reference_url

https://www.ruby-lang.org/en/news/2021/04/05/tempfile-path-traversal-on-windows-cve-2021-28966/

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

url

https://www.ruby-lang.org/en/news/2021/04/05/tempfile-path-traversal-on-windows-cve-2021-28966/

reference_url

https://github.com/advisories/GHSA-46f2-3v63-3xrp

reference_id

GHSA-46f2-3v63-3xrp

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-46f2-3v63-3xrp

fixed_packages

url	pkg:apk/alpine/ruby@2.7.3-r0?arch=armv7&distroversion=v3.12&reponame=main
purl	pkg:apk/alpine/ruby@2.7.3-r0?arch=armv7&distroversion=v3.12&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@2.7.3-r0%3Farch=armv7&distroversion=v3.12&reponame=main

aliases CVE-2021-28966, GHSA-46f2-3v63-3xrp

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jp6h-be3s-97ah

url VCID-w7kr-jh2c-6kda

vulnerability_id VCID-w7kr-jh2c-6kda

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28965.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28965.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-28965

reference_id

reference_type

scores

value	0.00576
scoring_system	epss
scoring_elements	0.6926
published_at	2026-06-11T12:55:00Z

value	0.00576
scoring_system	epss
scoring_elements	0.69352
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-28965

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28965
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28965

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31799
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31799

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31810
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31810

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32066
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32066

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41817
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41817

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41819
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41819

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/ruby/rexml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/ruby/rexml

reference_url

https://github.com/ruby/rexml/commit/2fe62e29094d95921d7e19abbd2e26b23d78dc5b

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/ruby/rexml/commit/2fe62e29094d95921d7e19abbd2e26b23d78dc5b

reference_url

https://github.com/ruby/rexml/commit/3c137eb119550874b2b3e27d12b733ca67033377

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/ruby/rexml/commit/3c137eb119550874b2b3e27d12b733ca67033377

reference_url

https://github.com/ruby/rexml/commit/6a250d2cd1194c2be72becbdd9c3e770aa16e752

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/ruby/rexml/commit/6a250d2cd1194c2be72becbdd9c3e770aa16e752

reference_url

https://github.com/ruby/rexml/commit/9b311e59ae05749e082eb6bbefa1cb620d1a786e

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/ruby/rexml/commit/9b311e59ae05749e082eb6bbefa1cb620d1a786e

reference_url

https://github.com/ruby/rexml/commit/a659c63e37414506dfb0d4655e031bb7a2e73fc8

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/ruby/rexml/commit/a659c63e37414506dfb0d4655e031bb7a2e73fc8

reference_url

https://github.com/ruby/rexml/commit/f7bab8937513b1403cea5aff874cbf32fd5e8551

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/ruby/rexml/commit/f7bab8937513b1403cea5aff874cbf32fd5e8551

reference_url

https://github.com/ruby/rexml/commit/f9d88e4948b4a43294c25dc0edb16815bd9d8618

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/ruby/rexml/commit/f9d88e4948b4a43294c25dc0edb16815bd9d8618

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rexml/CVE-2021-28965.yml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rexml/CVE-2021-28965.yml

reference_url

https://hackerone.com/reports/1104077

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://hackerone.com/reports/1104077

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTVFTLFVCSUE5CXHINJEUCKSHU4SWDMT

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTVFTLFVCSUE5CXHINJEUCKSHU4SWDMT

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTVFTLFVCSUE5CXHINJEUCKSHU4SWDMT/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTVFTLFVCSUE5CXHINJEUCKSHU4SWDMT/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-28965

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-28965

reference_url

https://rubygems.org/gems/rexml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://rubygems.org/gems/rexml

reference_url

https://security.netapp.com/advisory/ntap-20210528-0003

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210528-0003

reference_url	https://security.netapp.com/advisory/ntap-20210528-0003/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20210528-0003/

reference_url

https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965

reference_url

https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

url

https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1947526
reference_id	1947526
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1947526

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986807
reference_id	986807
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986807

reference_url	https://security.archlinux.org/ASA-202104-1
reference_id	ASA-202104-1
reference_type
scores
url	https://security.archlinux.org/ASA-202104-1

reference_url

https://security.archlinux.org/AVG-1788

reference_id

AVG-1788

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1788

reference_url

https://security.archlinux.org/AVG-1789

reference_id

AVG-1789

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1789

reference_url

https://security.archlinux.org/AVG-1822

reference_id

AVG-1822

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1822

reference_url

https://github.com/advisories/GHSA-8cr8-4vfw-mr7h

reference_id

GHSA-8cr8-4vfw-mr7h

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8cr8-4vfw-mr7h

reference_url	https://access.redhat.com/errata/RHSA-2021:2104
reference_id	RHSA-2021:2104
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2104

reference_url	https://access.redhat.com/errata/RHSA-2021:2229
reference_id	RHSA-2021:2229
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2229

reference_url	https://access.redhat.com/errata/RHSA-2021:2230
reference_id	RHSA-2021:2230
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2230

reference_url	https://access.redhat.com/errata/RHSA-2021:2584
reference_id	RHSA-2021:2584
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2584

reference_url	https://access.redhat.com/errata/RHSA-2021:2587
reference_id	RHSA-2021:2587
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2587

reference_url	https://access.redhat.com/errata/RHSA-2021:2588
reference_id	RHSA-2021:2588
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2588

reference_url	https://access.redhat.com/errata/RHSA-2022:0581
reference_id	RHSA-2022:0581
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0581

reference_url	https://access.redhat.com/errata/RHSA-2022:0582
reference_id	RHSA-2022:0582
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0582

reference_url	https://access.redhat.com/errata/RHSA-2026:7305
reference_id	RHSA-2026:7305
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7305

reference_url	https://access.redhat.com/errata/RHSA-2026:7307
reference_id	RHSA-2026:7307
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7307

reference_url	https://access.redhat.com/errata/RHSA-2026:8838
reference_id	RHSA-2026:8838
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8838

reference_url	https://usn.ubuntu.com/4922-1/
reference_id	USN-4922-1
reference_type
scores
url	https://usn.ubuntu.com/4922-1/

reference_url	https://usn.ubuntu.com/4922-2/
reference_id	USN-4922-2
reference_type
scores
url	https://usn.ubuntu.com/4922-2/

fixed_packages

url	pkg:apk/alpine/ruby@2.7.3-r0?arch=armv7&distroversion=v3.12&reponame=main
purl	pkg:apk/alpine/ruby@2.7.3-r0?arch=armv7&distroversion=v3.12&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@2.7.3-r0%3Farch=armv7&distroversion=v3.12&reponame=main

aliases CVE-2021-28965, GHSA-8cr8-4vfw-mr7h

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w7kr-jh2c-6kda

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@2.7.3-r0%3Farch=armv7&distroversion=v3.12&reponame=main

Package Instance