Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:apk/alpine/firefox-esr@68.8.0-r0?arch=x86&distroversion=v3.23&reponame=community

Type apk

Namespace alpine

Name firefox-esr

Version 68.8.0-r0

Qualifiers

arch	x86
distroversion	v3.23
reponame	community

Subpath

Is_vulnerable false

Next_non_vulnerable_version 68.9.0-r0

Latest_non_vulnerable_version 115.6.0-r0

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-58am-dpx9-3udz

vulnerability_id VCID-58am-dpx9-3udz

summary The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape.*Note: this issue only affects Firefox on Windows operating systems.*

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12389.json

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12389.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-12389

reference_id

reference_type

scores

value	0.00669
scoring_system	epss
scoring_elements	0.71708
published_at	2026-06-04T12:55:00Z

value	0.00669
scoring_system	epss
scoring_elements	0.71749
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-12389

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1831945
reference_id	1831945
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1831945

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2020-16

reference_id

mfsa2020-16

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2020-16

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2020-17

reference_id

mfsa2020-17

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2020-17

fixed_packages

url	pkg:apk/alpine/firefox-esr@68.8.0-r0?arch=x86&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/firefox-esr@68.8.0-r0?arch=x86&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox-esr@68.8.0-r0%3Farch=x86&distroversion=v3.23&reponame=community

aliases CVE-2020-12389

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-58am-dpx9-3udz

url VCID-dw1s-5ws6-1bec

vulnerability_id VCID-dw1s-5ws6-1bec

summary The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution.*Note: this issue only affects Firefox on Windows operating systems.*

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12393.json

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12393.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-12393

reference_id

reference_type

scores

value	0.00467
scoring_system	epss
scoring_elements	0.64784
published_at	2026-06-04T12:55:00Z

value	0.00467
scoring_system	epss
scoring_elements	0.64827
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-12393

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1831946
reference_id	1831946
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1831946

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2020-16

reference_id

mfsa2020-16

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2020-16

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2020-17

reference_id

mfsa2020-17

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2020-17

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2020-18

reference_id

mfsa2020-18

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2020-18

fixed_packages

url	pkg:apk/alpine/firefox-esr@68.8.0-r0?arch=x86&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/firefox-esr@68.8.0-r0?arch=x86&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox-esr@68.8.0-r0%3Farch=x86&distroversion=v3.23&reponame=community

aliases CVE-2020-12393

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dw1s-5ws6-1bec

url VCID-nzqk-7c5d-8ye8

vulnerability_id VCID-nzqk-7c5d-8ye8

summary Mozilla developers and community members Alexandru Michis, Jason Kratzer, philipp, Ted Campbell, Bas Schouten, André Bargull, and Karl Tomlinson reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12395.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12395.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-12395

reference_id

reference_type

scores

value	0.01268
scoring_system	epss
scoring_elements	0.79834
published_at	2026-06-05T12:55:00Z

value	0.01268
scoring_system	epss
scoring_elements	0.79809
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-12395

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12387
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12387

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12392
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12392

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12395
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12395

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12397
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12397

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6831
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6831

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1831765
reference_id	1831765
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1831765

reference_url	https://security.archlinux.org/ASA-202005-3
reference_id	ASA-202005-3
reference_type
scores
url	https://security.archlinux.org/ASA-202005-3

reference_url	https://security.archlinux.org/ASA-202005-7
reference_id	ASA-202005-7
reference_type
scores
url	https://security.archlinux.org/ASA-202005-7

reference_url

https://security.archlinux.org/AVG-1148

reference_id

AVG-1148

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1148

reference_url

https://security.archlinux.org/AVG-1155

reference_id

AVG-1155

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1155

reference_url	https://security.gentoo.org/glsa/202005-03
reference_id	GLSA-202005-03
reference_type
scores
url	https://security.gentoo.org/glsa/202005-03

reference_url	https://security.gentoo.org/glsa/202005-04
reference_id	GLSA-202005-04
reference_type
scores
url	https://security.gentoo.org/glsa/202005-04

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2020-16

reference_id

mfsa2020-16

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2020-16

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2020-17

reference_id

mfsa2020-17

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2020-17

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2020-18

reference_id

mfsa2020-18

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2020-18

reference_url	https://access.redhat.com/errata/RHSA-2020:2031
reference_id	RHSA-2020:2031
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2031

reference_url	https://access.redhat.com/errata/RHSA-2020:2032
reference_id	RHSA-2020:2032
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2032

reference_url	https://access.redhat.com/errata/RHSA-2020:2033
reference_id	RHSA-2020:2033
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2033

reference_url	https://access.redhat.com/errata/RHSA-2020:2036
reference_id	RHSA-2020:2036
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2036

reference_url	https://access.redhat.com/errata/RHSA-2020:2037
reference_id	RHSA-2020:2037
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2037

reference_url	https://access.redhat.com/errata/RHSA-2020:2046
reference_id	RHSA-2020:2046
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2046

reference_url	https://access.redhat.com/errata/RHSA-2020:2047
reference_id	RHSA-2020:2047
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2047

reference_url	https://access.redhat.com/errata/RHSA-2020:2048
reference_id	RHSA-2020:2048
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2048

reference_url	https://access.redhat.com/errata/RHSA-2020:2049
reference_id	RHSA-2020:2049
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2049

reference_url	https://access.redhat.com/errata/RHSA-2020:2050
reference_id	RHSA-2020:2050
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2050

reference_url	https://usn.ubuntu.com/4353-1/
reference_id	USN-4353-1
reference_type
scores
url	https://usn.ubuntu.com/4353-1/

reference_url	https://usn.ubuntu.com/4373-1/
reference_id	USN-4373-1
reference_type
scores
url	https://usn.ubuntu.com/4373-1/

fixed_packages

url	pkg:apk/alpine/firefox-esr@68.8.0-r0?arch=x86&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/firefox-esr@68.8.0-r0?arch=x86&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox-esr@68.8.0-r0%3Farch=x86&distroversion=v3.23&reponame=community

aliases CVE-2020-12395

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nzqk-7c5d-8ye8

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox-esr@68.8.0-r0%3Farch=x86&distroversion=v3.23&reponame=community

Package Instance