Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/xen@4.20.1-r1?arch=aarch64&distroversion=edge&reponame=main
Typeapk
Namespacealpine
Namexen
Version4.20.1-r1
Qualifiers
arch aarch64
distroversion edge
reponame main
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version4.20.1-r2
Latest_non_vulnerable_version4.21.1-r6
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-339r-nmjn-gfa2
vulnerability_id VCID-339r-nmjn-gfa2
summary [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are two issues related to the mapping of pages belonging to other domains: For one, an assertion is wrong there, where the case actually needs handling. A NULL pointer de-reference could result on a release build. This is CVE-2025-58144. And then the P2M lock isn't held until a page reference was actually obtained (or the attempt to do so has failed). Otherwise the page can not only change type, but even ownership in between, thus allowing domain boundaries to be violated. This is CVE-2025-58145.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-58144
reference_id
reference_type
scores
0
value 0.00087
scoring_system epss
scoring_elements 0.25034
published_at 2026-06-06T12:55:00Z
1
value 0.00087
scoring_system epss
scoring_elements 0.25046
published_at 2026-06-05T12:55:00Z
2
value 0.00097
scoring_system epss
scoring_elements 0.26638
published_at 2026-06-09T12:55:00Z
3
value 0.00097
scoring_system epss
scoring_elements 0.26684
published_at 2026-06-07T12:55:00Z
4
value 0.00097
scoring_system epss
scoring_elements 0.2663
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-58144
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58144
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58144
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120075
reference_id 1120075
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120075
3
reference_url https://xenbits.xenproject.org/xsa/advisory-473.html
reference_id advisory-473.html
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-11T14:18:50Z/
url https://xenbits.xenproject.org/xsa/advisory-473.html
4
reference_url https://xenbits.xen.org/xsa/advisory-473.html
reference_id XSA-473
reference_type
scores
url https://xenbits.xen.org/xsa/advisory-473.html
fixed_packages
0
url pkg:apk/alpine/xen@4.20.1-r1?arch=aarch64&distroversion=edge&reponame=main
purl pkg:apk/alpine/xen@4.20.1-r1?arch=aarch64&distroversion=edge&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.20.1-r1%3Farch=aarch64&distroversion=edge&reponame=main
aliases CVE-2025-58144, XSA-473
risk_score 1.9
exploitability 0.5
weighted_severity 3.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-339r-nmjn-gfa2
1
url VCID-3nb3-3wud-jfhv
vulnerability_id VCID-3nb3-3wud-jfhv
summary [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are multiple issues related to the handling and accessing of guest memory pages in the viridian code: 1. A NULL pointer dereference in the updating of the reference TSC area. This is CVE-2025-27466. 2. A NULL pointer dereference by assuming the SIM page is mapped when a synthetic timer message has to be delivered. This is CVE-2025-58142. 3. A race in the mapping of the reference TSC page, where a guest can get Xen to free a page while still present in the guest physical to machine (p2m) page tables. This is CVE-2025-58143.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-58142
reference_id
reference_type
scores
0
value 0.0004
scoring_system epss
scoring_elements 0.12578
published_at 2026-06-05T12:55:00Z
1
value 0.0004
scoring_system epss
scoring_elements 0.12581
published_at 2026-06-06T12:55:00Z
2
value 0.00045
scoring_system epss
scoring_elements 0.14122
published_at 2026-06-09T12:55:00Z
3
value 0.00045
scoring_system epss
scoring_elements 0.14182
published_at 2026-06-07T12:55:00Z
4
value 0.00045
scoring_system epss
scoring_elements 0.14099
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-58142
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58142
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58142
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120075
reference_id 1120075
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120075
4
reference_url https://xenbits.xenproject.org/xsa/advisory-472.html
reference_id advisory-472.html
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-09-11T14:24:28Z/
url https://xenbits.xenproject.org/xsa/advisory-472.html
5
reference_url https://xenbits.xen.org/xsa/advisory-472.html
reference_id XSA-472
reference_type
scores
url https://xenbits.xen.org/xsa/advisory-472.html
fixed_packages
0
url pkg:apk/alpine/xen@4.20.1-r1?arch=aarch64&distroversion=edge&reponame=main
purl pkg:apk/alpine/xen@4.20.1-r1?arch=aarch64&distroversion=edge&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.20.1-r1%3Farch=aarch64&distroversion=edge&reponame=main
aliases CVE-2025-58142, XSA-472
risk_score 2.5
exploitability 0.5
weighted_severity 4.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3nb3-3wud-jfhv
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.20.1-r1%3Farch=aarch64&distroversion=edge&reponame=main