Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/golang-github-microcosm-cc-bluemonday@1.0.27-1?distro=trixie

Type deb

Namespace debian

Name golang-github-microcosm-cc-bluemonday

Version 1.0.27-1

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-6whd-ug7c-8ucp

vulnerability_id VCID-6whd-ug7c-8ucp

summary The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python (in pybluemonday), does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-42576

reference_id

reference_type

scores

value	0.00321
scoring_system	epss
scoring_elements	0.55535
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-42576

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42576
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42576

reference_url

https://docs.google.com/document/d/11SoX296sMS0XoQiQbpxc5pNxSdbJKDJkm5BDv0zrX50

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://docs.google.com/document/d/11SoX296sMS0XoQiQbpxc5pNxSdbJKDJkm5BDv0zrX50

reference_url	https://docs.google.com/document/d/11SoX296sMS0XoQiQbpxc5pNxSdbJKDJkm5BDv0zrX50/
reference_id
reference_type
scores
url	https://docs.google.com/document/d/11SoX296sMS0XoQiQbpxc5pNxSdbJKDJkm5BDv0zrX50/

reference_url

https://github.com/advisories/GHSA-x95h-979x-cf3j

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	8.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-x95h-979x-cf3j

reference_url

https://github.com/microcosm-cc/bluemonday

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/microcosm-cc/bluemonday

reference_url

https://github.com/microcosm-cc/bluemonday/commit/c788a2a4d42e081ad54a31368478820bb4a42fb4

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/microcosm-cc/bluemonday/commit/c788a2a4d42e081ad54a31368478820bb4a42fb4

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/pybluemonday/PYSEC-2021-849.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/pybluemonday/PYSEC-2021-849.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-42576

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-42576

reference_url

https://pkg.go.dev/vuln/GO-2022-0588

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://pkg.go.dev/vuln/GO-2022-0588

reference_url

https://pypi.org/project/pybluemonday

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://pypi.org/project/pybluemonday

fixed_packages

url	pkg:deb/debian/golang-github-microcosm-cc-bluemonday@1.0.16-1?distro=trixie
purl	pkg:deb/debian/golang-github-microcosm-cc-bluemonday@1.0.16-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-microcosm-cc-bluemonday@1.0.16-1%3Fdistro=trixie

url	pkg:deb/debian/golang-github-microcosm-cc-bluemonday@1.0.20-1?distro=trixie
purl	pkg:deb/debian/golang-github-microcosm-cc-bluemonday@1.0.20-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-microcosm-cc-bluemonday@1.0.20-1%3Fdistro=trixie

url	pkg:deb/debian/golang-github-microcosm-cc-bluemonday@1.0.26-1?distro=trixie
purl	pkg:deb/debian/golang-github-microcosm-cc-bluemonday@1.0.26-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-microcosm-cc-bluemonday@1.0.26-1%3Fdistro=trixie

url	pkg:deb/debian/golang-github-microcosm-cc-bluemonday@1.0.27-1?distro=trixie
purl	pkg:deb/debian/golang-github-microcosm-cc-bluemonday@1.0.27-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-microcosm-cc-bluemonday@1.0.27-1%3Fdistro=trixie

aliases CVE-2021-42576, GHSA-x95h-979x-cf3j, GO-2022-0588, PYSEC-2021-849

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6whd-ug7c-8ucp

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-microcosm-cc-bluemonday@1.0.27-1%3Fdistro=trixie

Package Instance