Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/exim@4.98.2-r0?arch=s390x&distroversion=v3.23&reponame=community
Typeapk
Namespacealpine
Nameexim
Version4.98.2-r0
Qualifiers
arch s390x
distroversion v3.23
reponame community
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version4.98.4-r0
Latest_non_vulnerable_version4.98.4-r0
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-g7bj-gep1-3bab
vulnerability_id VCID-g7bj-gep1-3bab
summary In Exim before 4.99.2, on systems using musl libc (not glibc), an attacker can crash the connection instance when malformed DNS data is present in PTR records. This is caused by a dn_expand oddity in octal printing.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-40684
reference_id
reference_type
scores
0
value 0.0019
scoring_system epss
scoring_elements 0.40742
published_at 2026-06-05T12:55:00Z
1
value 0.0019
scoring_system epss
scoring_elements 0.40687
published_at 2026-06-08T12:55:00Z
2
value 0.0019
scoring_system epss
scoring_elements 0.40718
published_at 2026-06-07T12:55:00Z
3
value 0.0019
scoring_system epss
scoring_elements 0.40746
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-40684
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40684
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40684
2
reference_url https://www.openwall.com/lists/oss-security/2026/04/30/21
reference_id 21
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T14:25:46Z/
url https://www.openwall.com/lists/oss-security/2026/04/30/21
3
reference_url https://code.exim.org/exim/exim/commit/628bbaca7672748d941a12e7cd5f0122a4e18c81
reference_id 628bbaca7672748d941a12e7cd5f0122a4e18c81
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T14:25:46Z/
url https://code.exim.org/exim/exim/commit/628bbaca7672748d941a12e7cd5f0122a4e18c81
4
reference_url https://exim.org/static/doc/security/cve-2026-04.1/CVE2026-40684.assessment
reference_id CVE2026-40684.assessment
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T14:25:46Z/
url https://exim.org/static/doc/security/cve-2026-04.1/CVE2026-40684.assessment
5
reference_url https://exim.org/static/doc/security/CVE-2026-40684.txt
reference_id CVE-2026-40684.txt
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T14:25:46Z/
url https://exim.org/static/doc/security/CVE-2026-40684.txt
fixed_packages
0
url pkg:apk/alpine/exim@4.98.2-r0?arch=s390x&distroversion=v3.23&reponame=community
purl pkg:apk/alpine/exim@4.98.2-r0?arch=s390x&distroversion=v3.23&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/exim@4.98.2-r0%3Farch=s390x&distroversion=v3.23&reponame=community
aliases CVE-2026-40684
risk_score 2.6
exploitability 0.5
weighted_severity 5.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g7bj-gep1-3bab
1
url VCID-jkeq-nu22-juat
vulnerability_id VCID-jkeq-nu22-juat
summary In Exim before 4.99.2, when utf8 operators are enabled, there is an out-of-bounds read if large UTF-8 trailing characters are present (malformed UTF-8 header data). Information might be divulged within an error message produced during handling of an unrelated e-mail message.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-40686
reference_id
reference_type
scores
0
value 0.00108
scoring_system epss
scoring_elements 0.28647
published_at 2026-06-05T12:55:00Z
1
value 0.00108
scoring_system epss
scoring_elements 0.28536
published_at 2026-06-08T12:55:00Z
2
value 0.00108
scoring_system epss
scoring_elements 0.28569
published_at 2026-06-07T12:55:00Z
3
value 0.00108
scoring_system epss
scoring_elements 0.28606
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-40686
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40686
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40686
2
reference_url https://www.openwall.com/lists/oss-security/2026/04/30/21
reference_id 21
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T14:27:01Z/
url https://www.openwall.com/lists/oss-security/2026/04/30/21
3
reference_url https://exim.org/static/doc/security/cve-2026-04.1/CVE2026-40686.assessment
reference_id CVE2026-40686.assessment
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T14:27:01Z/
url https://exim.org/static/doc/security/cve-2026-04.1/CVE2026-40686.assessment
4
reference_url https://exim.org/static/doc/security/CVE-2026-40686.txt
reference_id CVE-2026-40686.txt
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T14:27:01Z/
url https://exim.org/static/doc/security/CVE-2026-40686.txt
5
reference_url https://code.exim.org/exim/exim/commit/f2570bde16fb4d4a1242ff363a4c4eecf6372efc
reference_id f2570bde16fb4d4a1242ff363a4c4eecf6372efc
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T14:27:01Z/
url https://code.exim.org/exim/exim/commit/f2570bde16fb4d4a1242ff363a4c4eecf6372efc
6
reference_url https://usn.ubuntu.com/8228-1/
reference_id USN-8228-1
reference_type
scores
url https://usn.ubuntu.com/8228-1/
7
reference_url https://usn.ubuntu.com/8382-1/
reference_id USN-8382-1
reference_type
scores
url https://usn.ubuntu.com/8382-1/
fixed_packages
0
url pkg:apk/alpine/exim@4.98.2-r0?arch=s390x&distroversion=v3.23&reponame=community
purl pkg:apk/alpine/exim@4.98.2-r0?arch=s390x&distroversion=v3.23&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/exim@4.98.2-r0%3Farch=s390x&distroversion=v3.23&reponame=community
aliases CVE-2026-40686
risk_score 1.6
exploitability 0.5
weighted_severity 3.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jkeq-nu22-juat
2
url VCID-kpfz-ca6u-83f9
vulnerability_id VCID-kpfz-ca6u-83f9
summary In Exim before 4.99.2, when JSON lookup is enabled, an out-of-bounds heap write can occur when a JSON operator encounters malformed JSON in an untrusted header, because of an incorrect implementation of \ skipping.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-40685
reference_id
reference_type
scores
0
value 0.00127
scoring_system epss
scoring_elements 0.31625
published_at 2026-06-05T12:55:00Z
1
value 0.00127
scoring_system epss
scoring_elements 0.3152
published_at 2026-06-08T12:55:00Z
2
value 0.00127
scoring_system epss
scoring_elements 0.31553
published_at 2026-06-07T12:55:00Z
3
value 0.00127
scoring_system epss
scoring_elements 0.3159
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-40685
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40685
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40685
2
reference_url https://www.openwall.com/lists/oss-security/2026/04/30/21
reference_id 21
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T14:26:30Z/
url https://www.openwall.com/lists/oss-security/2026/04/30/21
3
reference_url https://code.exim.org/exim/exim/commit/9fdc057e71b87c87a0d3d2288b2810a0efaaba57
reference_id 9fdc057e71b87c87a0d3d2288b2810a0efaaba57
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T14:26:30Z/
url https://code.exim.org/exim/exim/commit/9fdc057e71b87c87a0d3d2288b2810a0efaaba57
4
reference_url https://exim.org/static/doc/security/cve-2026-04.1/CVE2026-40685.assessment
reference_id CVE2026-40685.assessment
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T14:26:30Z/
url https://exim.org/static/doc/security/cve-2026-04.1/CVE2026-40685.assessment
5
reference_url https://exim.org/static/doc/security/CVE-2026-40685.txt
reference_id CVE-2026-40685.txt
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T14:26:30Z/
url https://exim.org/static/doc/security/CVE-2026-40685.txt
6
reference_url https://usn.ubuntu.com/8228-1/
reference_id USN-8228-1
reference_type
scores
url https://usn.ubuntu.com/8228-1/
7
reference_url https://usn.ubuntu.com/8382-1/
reference_id USN-8382-1
reference_type
scores
url https://usn.ubuntu.com/8382-1/
fixed_packages
0
url pkg:apk/alpine/exim@4.98.2-r0?arch=s390x&distroversion=v3.23&reponame=community
purl pkg:apk/alpine/exim@4.98.2-r0?arch=s390x&distroversion=v3.23&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/exim@4.98.2-r0%3Farch=s390x&distroversion=v3.23&reponame=community
aliases CVE-2026-40685
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kpfz-ca6u-83f9
3
url VCID-rj7r-9bnb-8kh4
vulnerability_id VCID-rj7r-9bnb-8kh4
summary privilege escalation
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-30232
reference_id
reference_type
scores
0
value 0.00083
scoring_system epss
scoring_elements 0.24283
published_at 2026-06-08T12:55:00Z
1
value 0.001
scoring_system epss
scoring_elements 0.2733
published_at 2026-06-05T12:55:00Z
2
value 0.001
scoring_system epss
scoring_elements 0.2728
published_at 2026-06-06T12:55:00Z
3
value 0.001
scoring_system epss
scoring_elements 0.27239
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-30232
1
reference_url https://security.archlinux.org/ASA-202503-1
reference_id ASA-202503-1
reference_type
scores
url https://security.archlinux.org/ASA-202503-1
2
reference_url https://security.archlinux.org/AVG-2859
reference_id AVG-2859
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2859
3
reference_url https://www.exim.org/static/doc/security/CVE-2025-30232.txt
reference_id CVE-2025-30232.txt
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-28T14:37:01Z/
url https://www.exim.org/static/doc/security/CVE-2025-30232.txt
4
reference_url https://usn.ubuntu.com/7373-1/
reference_id USN-7373-1
reference_type
scores
url https://usn.ubuntu.com/7373-1/
fixed_packages
0
url pkg:apk/alpine/exim@4.98.2-r0?arch=s390x&distroversion=v3.23&reponame=community
purl pkg:apk/alpine/exim@4.98.2-r0?arch=s390x&distroversion=v3.23&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/exim@4.98.2-r0%3Farch=s390x&distroversion=v3.23&reponame=community
aliases CVE-2025-30232
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rj7r-9bnb-8kh4
4
url VCID-xw6r-cvyn-ckfj
vulnerability_id VCID-xw6r-cvyn-ckfj
summary In Exim before 4.99.2, when the SPA authentication driver is used with an adversarial SPA resource, there can be an out-of-bounds write that crashes the connection instance, or erroneous data processing that divulges data from uninitialized heap memory.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-40687
reference_id
reference_type
scores
0
value 0.00182
scoring_system epss
scoring_elements 0.39824
published_at 2026-06-05T12:55:00Z
1
value 0.00182
scoring_system epss
scoring_elements 0.39774
published_at 2026-06-08T12:55:00Z
2
value 0.00182
scoring_system epss
scoring_elements 0.39801
published_at 2026-06-07T12:55:00Z
3
value 0.00182
scoring_system epss
scoring_elements 0.39827
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-40687
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40687
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40687
2
reference_url https://www.openwall.com/lists/oss-security/2026/04/30/21
reference_id 21
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T14:25:03Z/
url https://www.openwall.com/lists/oss-security/2026/04/30/21
3
reference_url https://code.exim.org/exim/exim/commit/68b963b9f75ca27b38e1c0f8c87037990199f505
reference_id 68b963b9f75ca27b38e1c0f8c87037990199f505
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T14:25:03Z/
url https://code.exim.org/exim/exim/commit/68b963b9f75ca27b38e1c0f8c87037990199f505
4
reference_url https://exim.org/static/doc/security/cve-2026-04.1/CVE2026-40687.assessment
reference_id CVE2026-40687.assessment
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T14:25:03Z/
url https://exim.org/static/doc/security/cve-2026-04.1/CVE2026-40687.assessment
5
reference_url https://exim.org/static/doc/security/CVE-2026-40687.txt
reference_id CVE-2026-40687.txt
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T14:25:03Z/
url https://exim.org/static/doc/security/CVE-2026-40687.txt
6
reference_url https://usn.ubuntu.com/8228-1/
reference_id USN-8228-1
reference_type
scores
url https://usn.ubuntu.com/8228-1/
7
reference_url https://usn.ubuntu.com/8382-1/
reference_id USN-8382-1
reference_type
scores
url https://usn.ubuntu.com/8382-1/
fixed_packages
0
url pkg:apk/alpine/exim@4.98.2-r0?arch=s390x&distroversion=v3.23&reponame=community
purl pkg:apk/alpine/exim@4.98.2-r0?arch=s390x&distroversion=v3.23&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/exim@4.98.2-r0%3Farch=s390x&distroversion=v3.23&reponame=community
aliases CVE-2026-40687
risk_score 2.1
exploitability 0.5
weighted_severity 4.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xw6r-cvyn-ckfj
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/exim@4.98.2-r0%3Farch=s390x&distroversion=v3.23&reponame=community