Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/golang-github-jackc-pgx@4.18.1-2?distro=trixie
Typedeb
Namespacedebian
Namegolang-github-jackc-pgx
Version4.18.1-2
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version4.18.3-2
Latest_non_vulnerable_version4.18.3-2
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-m3wd-qzq7-z3a1
vulnerability_id VCID-m3wd-qzq7-z3a1
summary pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker's control. The problem is resolved in v4.18.2 and v5.5.4. As a workaround, reject user input large enough to cause a single query or bind message to exceed 4 GB in size.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27304.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27304.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-27304
reference_id
reference_type
scores
0
value 0.01875
scoring_system epss
scoring_elements 0.83536
published_at 2026-06-11T12:55:00Z
1
value 0.01875
scoring_system epss
scoring_elements 0.83605
published_at 2026-06-13T12:55:00Z
2
value 0.01875
scoring_system epss
scoring_elements 0.83595
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-27304
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27304
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27304
3
reference_url https://github.com/jackc/pgx
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jackc/pgx
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-27304
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-27304
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065687
reference_id 1065687
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065687
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131154
reference_id 1131154
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131154
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2268269
reference_id 2268269
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2268269
8
reference_url https://github.com/jackc/pgproto3/commit/945c2126f6db8f3bea7eeebe307c01fe92bca007
reference_id 945c2126f6db8f3bea7eeebe307c01fe92bca007
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-06T20:31:57Z/
url https://github.com/jackc/pgproto3/commit/945c2126f6db8f3bea7eeebe307c01fe92bca007
9
reference_url https://github.com/jackc/pgx/commit/adbb38f298c76e283ffc7c7a3f571036fea47fd4
reference_id adbb38f298c76e283ffc7c7a3f571036fea47fd4
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-06T20:31:57Z/
url https://github.com/jackc/pgx/commit/adbb38f298c76e283ffc7c7a3f571036fea47fd4
10
reference_url https://github.com/jackc/pgx/commit/c543134753a0c5d22881c12404025724cb05ffd8
reference_id c543134753a0c5d22881c12404025724cb05ffd8
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-06T20:31:57Z/
url https://github.com/jackc/pgx/commit/c543134753a0c5d22881c12404025724cb05ffd8
11
reference_url https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df
reference_id f94eb0e2f96782042c96801b5ac448f44f0a81df
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-06T20:31:57Z/
url https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df
12
reference_url https://github.com/jackc/pgproto3/security/advisories/GHSA-7jwh-3vrq-q3m8
reference_id GHSA-7jwh-3vrq-q3m8
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-06T20:31:57Z/
url https://github.com/jackc/pgproto3/security/advisories/GHSA-7jwh-3vrq-q3m8
13
reference_url https://github.com/jackc/pgx/security/advisories/GHSA-mrww-27vc-gghv
reference_id GHSA-mrww-27vc-gghv
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-06T20:31:57Z/
url https://github.com/jackc/pgx/security/advisories/GHSA-mrww-27vc-gghv
14
reference_url https://access.redhat.com/errata/RHSA-2024:1321
reference_id RHSA-2024:1321
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1321
15
reference_url https://www.youtube.com/watch?v=Tfg1B8u1yvE
reference_id watch?v=Tfg1B8u1yvE
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-06T20:31:57Z/
url https://www.youtube.com/watch?v=Tfg1B8u1yvE
fixed_packages
0
url pkg:deb/debian/golang-github-jackc-pgx@4.18.1-2?distro=trixie
purl pkg:deb/debian/golang-github-jackc-pgx@4.18.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-jackc-pgx@4.18.1-2%3Fdistro=trixie
1
url pkg:deb/debian/golang-github-jackc-pgx@4.18.3-2?distro=trixie
purl pkg:deb/debian/golang-github-jackc-pgx@4.18.3-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-jackc-pgx@4.18.3-2%3Fdistro=trixie
aliases CVE-2024-27304, GHSA-mrww-27vc-gghv
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m3wd-qzq7-z3a1
1
url VCID-z8ak-6s1q-abh4
vulnerability_id VCID-z8ak-6s1q-abh4
summary pgx is a PostgreSQL driver and toolkit for Go. Prior to version 4.18.2, SQL injection can occur when all of the following conditions are met: the non-default simple protocol is used; a placeholder for a numeric value must be immediately preceded by a minus; there must be a second placeholder for a string value after the first placeholder; both must be on the same line; and both parameter values must be user-controlled. The problem is resolved in v4.18.2. As a workaround, do not use the simple protocol or do not place a minus directly before a placeholder.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27289.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27289.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-27289
reference_id
reference_type
scores
0
value 0.00591
scoring_system epss
scoring_elements 0.69684
published_at 2026-06-11T12:55:00Z
1
value 0.00591
scoring_system epss
scoring_elements 0.69789
published_at 2026-06-13T12:55:00Z
2
value 0.00591
scoring_system epss
scoring_elements 0.69775
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-27289
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27289
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27289
3
reference_url https://github.com/jackc/pgx
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jackc/pgx
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-27289
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-27289
5
reference_url https://www.sonarsource.com/blog/double-dash-double-trouble-a-subtle-sql-injection-flaw
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.sonarsource.com/blog/double-dash-double-trouble-a-subtle-sql-injection-flaw
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065686
reference_id 1065686
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065686
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2268465
reference_id 2268465
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2268465
8
reference_url https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df
reference_id f94eb0e2f96782042c96801b5ac448f44f0a81df
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-07-24T14:13:55Z/
url https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df
9
reference_url https://github.com/jackc/pgx/security/advisories/GHSA-m7wr-2xf7-cm9p
reference_id GHSA-m7wr-2xf7-cm9p
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-07-24T14:13:55Z/
url https://github.com/jackc/pgx/security/advisories/GHSA-m7wr-2xf7-cm9p
10
reference_url https://access.redhat.com/errata/RHSA-2024:1321
reference_id RHSA-2024:1321
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1321
11
reference_url https://access.redhat.com/errata/RHSA-2024:7922
reference_id RHSA-2024:7922
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:7922
12
reference_url https://access.redhat.com/errata/RHSA-2024:7944
reference_id RHSA-2024:7944
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:7944
fixed_packages
0
url pkg:deb/debian/golang-github-jackc-pgx@4.18.1-2?distro=trixie
purl pkg:deb/debian/golang-github-jackc-pgx@4.18.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-jackc-pgx@4.18.1-2%3Fdistro=trixie
1
url pkg:deb/debian/golang-github-jackc-pgx@4.18.3-2?distro=trixie
purl pkg:deb/debian/golang-github-jackc-pgx@4.18.3-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-jackc-pgx@4.18.3-2%3Fdistro=trixie
aliases CVE-2024-27289, GHSA-m7wr-2xf7-cm9p
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z8ak-6s1q-abh4
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-jackc-pgx@4.18.1-2%3Fdistro=trixie