Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/rpm@4.18.0-r0?arch=loongarch64&distroversion=v3.21&reponame=community
Typeapk
Namespacealpine
Namerpm
Version4.18.0-r0
Qualifiers
arch loongarch64
distroversion v3.21
reponame community
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-et8r-ty1j-subh
vulnerability_id VCID-et8r-ty1j-subh
summary A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-35938.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-35938.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-35938
reference_id
reference_type
scores
0
value 0.00149
scoring_system epss
scoring_elements 0.35102
published_at 2026-06-04T12:55:00Z
1
value 0.00149
scoring_system epss
scoring_elements 0.35197
published_at 2026-06-05T12:55:00Z
2
value 0.00149
scoring_system epss
scoring_elements 0.35213
published_at 2026-06-06T12:55:00Z
3
value 0.00149
scoring_system epss
scoring_elements 0.35175
published_at 2026-06-07T12:55:00Z
4
value 0.00149
scoring_system epss
scoring_elements 0.35141
published_at 2026-06-08T12:55:00Z
5
value 0.00149
scoring_system epss
scoring_elements 0.35162
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-35938
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35938
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35938
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1964114
reference_id 1964114
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1964114
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990543
reference_id 990543
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990543
6
reference_url https://security.gentoo.org/glsa/202210-22
reference_id GLSA-202210-22
reference_type
scores
url https://security.gentoo.org/glsa/202210-22
7
reference_url https://access.redhat.com/errata/RHSA-2024:0424
reference_id RHSA-2024:0424
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0424
8
reference_url https://access.redhat.com/errata/RHSA-2024:0435
reference_id RHSA-2024:0435
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0435
9
reference_url https://access.redhat.com/errata/RHSA-2024:0453
reference_id RHSA-2024:0453
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0453
10
reference_url https://access.redhat.com/errata/RHSA-2024:0463
reference_id RHSA-2024:0463
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0463
11
reference_url https://access.redhat.com/errata/RHSA-2024:0582
reference_id RHSA-2024:0582
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0582
12
reference_url https://access.redhat.com/errata/RHSA-2024:0647
reference_id RHSA-2024:0647
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0647
13
reference_url https://access.redhat.com/errata/RHSA-2024:1383
reference_id RHSA-2024:1383
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1383
14
reference_url https://access.redhat.com/errata/RHSA-2024:1477
reference_id RHSA-2024:1477
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1477
fixed_packages
0
url pkg:apk/alpine/rpm@4.18.0-r0?arch=loongarch64&distroversion=v3.21&reponame=community
purl pkg:apk/alpine/rpm@4.18.0-r0?arch=loongarch64&distroversion=v3.21&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rpm@4.18.0-r0%3Farch=loongarch64&distroversion=v3.21&reponame=community
aliases CVE-2021-35938
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-et8r-ty1j-subh
1
url VCID-s3kg-e8gj-vbbh
vulnerability_id VCID-s3kg-e8gj-vbbh
summary It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-35939.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-35939.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-35939
reference_id
reference_type
scores
0
value 0.00202
scoring_system epss
scoring_elements 0.42164
published_at 2026-06-04T12:55:00Z
1
value 0.00202
scoring_system epss
scoring_elements 0.42239
published_at 2026-06-05T12:55:00Z
2
value 0.00202
scoring_system epss
scoring_elements 0.4225
published_at 2026-06-06T12:55:00Z
3
value 0.00202
scoring_system epss
scoring_elements 0.42222
published_at 2026-06-07T12:55:00Z
4
value 0.00202
scoring_system epss
scoring_elements 0.42187
published_at 2026-06-08T12:55:00Z
5
value 0.00202
scoring_system epss
scoring_elements 0.42196
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-35939
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35939
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35939
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1964129
reference_id 1964129
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1964129
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990543
reference_id 990543
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990543
6
reference_url https://security.gentoo.org/glsa/202210-22
reference_id GLSA-202210-22
reference_type
scores
url https://security.gentoo.org/glsa/202210-22
7
reference_url https://access.redhat.com/errata/RHSA-2024:0424
reference_id RHSA-2024:0424
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0424
8
reference_url https://access.redhat.com/errata/RHSA-2024:0435
reference_id RHSA-2024:0435
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0435
9
reference_url https://access.redhat.com/errata/RHSA-2024:0453
reference_id RHSA-2024:0453
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0453
10
reference_url https://access.redhat.com/errata/RHSA-2024:0463
reference_id RHSA-2024:0463
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0463
11
reference_url https://access.redhat.com/errata/RHSA-2024:0582
reference_id RHSA-2024:0582
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0582
12
reference_url https://access.redhat.com/errata/RHSA-2024:0647
reference_id RHSA-2024:0647
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0647
13
reference_url https://access.redhat.com/errata/RHSA-2024:1383
reference_id RHSA-2024:1383
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1383
14
reference_url https://access.redhat.com/errata/RHSA-2024:1477
reference_id RHSA-2024:1477
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1477
fixed_packages
0
url pkg:apk/alpine/rpm@4.18.0-r0?arch=loongarch64&distroversion=v3.21&reponame=community
purl pkg:apk/alpine/rpm@4.18.0-r0?arch=loongarch64&distroversion=v3.21&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rpm@4.18.0-r0%3Farch=loongarch64&distroversion=v3.21&reponame=community
aliases CVE-2021-35939
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s3kg-e8gj-vbbh
2
url VCID-wsm9-mrj2-jbf9
vulnerability_id VCID-wsm9-mrj2-jbf9
summary A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-35937.json
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-35937.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-35937
reference_id
reference_type
scores
0
value 0.00014
scoring_system epss
scoring_elements 0.02619
published_at 2026-06-04T12:55:00Z
1
value 0.00014
scoring_system epss
scoring_elements 0.02629
published_at 2026-06-05T12:55:00Z
2
value 0.00014
scoring_system epss
scoring_elements 0.02632
published_at 2026-06-06T12:55:00Z
3
value 0.00014
scoring_system epss
scoring_elements 0.02577
published_at 2026-06-07T12:55:00Z
4
value 0.00014
scoring_system epss
scoring_elements 0.02561
published_at 2026-06-08T12:55:00Z
5
value 0.00014
scoring_system epss
scoring_elements 0.02525
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-35937
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35937
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35937
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1964125
reference_id 1964125
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1964125
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990543
reference_id 990543
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990543
6
reference_url https://security.gentoo.org/glsa/202210-22
reference_id GLSA-202210-22
reference_type
scores
url https://security.gentoo.org/glsa/202210-22
7
reference_url https://access.redhat.com/errata/RHSA-2024:0424
reference_id RHSA-2024:0424
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0424
8
reference_url https://access.redhat.com/errata/RHSA-2024:0435
reference_id RHSA-2024:0435
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0435
9
reference_url https://access.redhat.com/errata/RHSA-2024:0453
reference_id RHSA-2024:0453
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0453
10
reference_url https://access.redhat.com/errata/RHSA-2024:0463
reference_id RHSA-2024:0463
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0463
11
reference_url https://access.redhat.com/errata/RHSA-2024:0582
reference_id RHSA-2024:0582
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0582
12
reference_url https://access.redhat.com/errata/RHSA-2024:0647
reference_id RHSA-2024:0647
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0647
13
reference_url https://access.redhat.com/errata/RHSA-2024:1383
reference_id RHSA-2024:1383
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1383
14
reference_url https://access.redhat.com/errata/RHSA-2024:1477
reference_id RHSA-2024:1477
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1477
fixed_packages
0
url pkg:apk/alpine/rpm@4.18.0-r0?arch=loongarch64&distroversion=v3.21&reponame=community
purl pkg:apk/alpine/rpm@4.18.0-r0?arch=loongarch64&distroversion=v3.21&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rpm@4.18.0-r0%3Farch=loongarch64&distroversion=v3.21&reponame=community
aliases CVE-2021-35937
risk_score 2.9
exploitability 0.5
weighted_severity 5.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wsm9-mrj2-jbf9
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/rpm@4.18.0-r0%3Farch=loongarch64&distroversion=v3.21&reponame=community