Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/guix@1.2.0-4%2Bdeb11u2?distro=sid
Typedeb
Namespacedebian
Nameguix
Version1.2.0-4+deb11u2
Qualifiers
distro sid
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version1.2.0-4+deb11u3
Latest_non_vulnerable_version1.4.0-9
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-et6c-2v4d-tbe4
vulnerability_id VCID-et6c-2v4d-tbe4
summary A security vulnerability that can lead to local privilege escalation has been found in ’guix-daemon’. It affects multi-user setups in which ’guix-daemon’ runs locally. The attack consists in having an unprivileged user spawn a build process, for instance with `guix build`, that makes its build directory world-writable. The user then creates a hardlink to a root-owned file such as /etc/shadow in that build directory. If the user passed the --keep-failed option and the build eventually fails, the daemon changes ownership of the whole build tree, including the hardlink, to the user. At that point, the user has write access to the target file. Versions after and including v0.11.0-3298-g2608e40988, and versions prior to v1.2.0-75109-g94f0312546 are vulnerable.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-27851
reference_id
reference_type
scores
0
value 0.00041
scoring_system epss
scoring_elements 0.12795
published_at 2026-06-11T12:55:00Z
1
value 0.00041
scoring_system epss
scoring_elements 0.12891
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-27851
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27851
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27851
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985467
reference_id 985467
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985467
fixed_packages
0
url pkg:deb/debian/guix@1.2.0-4?distro=sid
purl pkg:deb/debian/guix@1.2.0-4?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/guix@1.2.0-4%3Fdistro=sid
1
url pkg:deb/debian/guix@1.2.0-4%2Bdeb11u2?distro=sid
purl pkg:deb/debian/guix@1.2.0-4%2Bdeb11u2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/guix@1.2.0-4%252Bdeb11u2%3Fdistro=sid
2
url pkg:deb/debian/guix@1.4.0-9?distro=sid
purl pkg:deb/debian/guix@1.4.0-9?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/guix@1.4.0-9%3Fdistro=sid
aliases CVE-2021-27851
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-et6c-2v4d-tbe4
1
url VCID-r4n6-yauw-sbct
vulnerability_id VCID-r4n6-yauw-sbct
summary GNU Guix 1.0.1 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable, a similar issue to CVE-2019-17365.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-18192
reference_id
reference_type
scores
0
value 0.00105
scoring_system epss
scoring_elements 0.28098
published_at 2026-06-11T12:55:00Z
1
value 0.00105
scoring_system epss
scoring_elements 0.28294
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-18192
fixed_packages
0
url pkg:deb/debian/guix@0?distro=sid
purl pkg:deb/debian/guix@0?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/guix@0%3Fdistro=sid
1
url pkg:deb/debian/guix@1.2.0-4%2Bdeb11u2?distro=sid
purl pkg:deb/debian/guix@1.2.0-4%2Bdeb11u2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/guix@1.2.0-4%252Bdeb11u2%3Fdistro=sid
2
url pkg:deb/debian/guix@1.4.0-9?distro=sid
purl pkg:deb/debian/guix@1.4.0-9?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/guix@1.4.0-9%3Fdistro=sid
aliases CVE-2019-18192
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r4n6-yauw-sbct
2
url VCID-sk65-j4rz-43c5
vulnerability_id VCID-sk65-j4rz-43c5
summary guix-daemon in GNU Guix before 5ab3c4c allows privilege escalation because build outputs are accessible by local users before file metadata concerns (e.g., for setuid and setgid programs) are properly addressed. The vulnerability can be remediated within the product via certain pull, reconfigure, and restart actions. Both 5ab3c4c and 5582241 are needed to resolve the vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-52867
reference_id
reference_type
scores
0
value 0.00037
scoring_system epss
scoring_elements 0.11486
published_at 2026-06-11T12:55:00Z
1
value 0.00037
scoring_system epss
scoring_elements 0.11563
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-52867
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52867
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52867
2
reference_url https://guix.gnu.org/en/blog/2024/build-user-takeover-vulnerability/
reference_id build-user-takeover-vulnerability
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AC:H/AV:L/A:H/C:H/I:H/PR:N/S:C/UI:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-11-19T15:50:36Z/
url https://guix.gnu.org/en/blog/2024/build-user-takeover-vulnerability/
3
reference_url https://git.savannah.gnu.org/cgit/guix.git/commit/?id=558224140dab669cabdaebabff18504a066c48d4
reference_id ?id=558224140dab669cabdaebabff18504a066c48d4
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AC:H/AV:L/A:H/C:H/I:H/PR:N/S:C/UI:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-11-19T15:50:36Z/
url https://git.savannah.gnu.org/cgit/guix.git/commit/?id=558224140dab669cabdaebabff18504a066c48d4
4
reference_url https://git.savannah.gnu.org/cgit/guix.git/commit/?id=5ab3c4c1e43ebb637551223791db0ea3519986e1
reference_id ?id=5ab3c4c1e43ebb637551223791db0ea3519986e1
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AC:H/AV:L/A:H/C:H/I:H/PR:N/S:C/UI:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-11-19T15:50:36Z/
url https://git.savannah.gnu.org/cgit/guix.git/commit/?id=5ab3c4c1e43ebb637551223791db0ea3519986e1
fixed_packages
0
url pkg:deb/debian/guix@1.2.0-4%2Bdeb11u2?distro=sid
purl pkg:deb/debian/guix@1.2.0-4%2Bdeb11u2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/guix@1.2.0-4%252Bdeb11u2%3Fdistro=sid
1
url pkg:deb/debian/guix@1.2.0-4%2Bdeb11u3?distro=sid
purl pkg:deb/debian/guix@1.2.0-4%2Bdeb11u3?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/guix@1.2.0-4%252Bdeb11u3%3Fdistro=sid
2
url pkg:deb/debian/guix@1.4.0-8?distro=sid
purl pkg:deb/debian/guix@1.4.0-8?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/guix@1.4.0-8%3Fdistro=sid
3
url pkg:deb/debian/guix@1.4.0-9?distro=sid
purl pkg:deb/debian/guix@1.4.0-9?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/guix@1.4.0-9%3Fdistro=sid
aliases CVE-2024-52867
risk_score 2.0
exploitability 0.5
weighted_severity 4.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sk65-j4rz-43c5
3
url VCID-sufh-ewmf-13et
vulnerability_id VCID-sufh-ewmf-13et
summary GuixSD prior to Git commit 5e66574a128937e7f2fcf146d146225703ccfd5d used POSIX hard links incorrectly, leading the creation of setuid executables in "the store", violating a fundamental security assumption of GNU Guix.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-1000455
reference_id
reference_type
scores
0
value 0.00022
scoring_system epss
scoring_elements 0.06371
published_at 2026-06-11T12:55:00Z
1
value 0.00022
scoring_system epss
scoring_elements 0.06392
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-1000455
fixed_packages
0
url pkg:deb/debian/guix@0?distro=sid
purl pkg:deb/debian/guix@0?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/guix@0%3Fdistro=sid
1
url pkg:deb/debian/guix@1.2.0-4%2Bdeb11u2?distro=sid
purl pkg:deb/debian/guix@1.2.0-4%2Bdeb11u2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/guix@1.2.0-4%252Bdeb11u2%3Fdistro=sid
2
url pkg:deb/debian/guix@1.4.0-9?distro=sid
purl pkg:deb/debian/guix@1.4.0-9?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/guix@1.4.0-9%3Fdistro=sid
aliases CVE-2017-1000455
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sufh-ewmf-13et
4
url VCID-u8ay-fyb5-tbcp
vulnerability_id VCID-u8ay-fyb5-tbcp
summary Nix is a package manager for Linux and other Unix systems. A fixed-output derivations on Linux can send file descriptors to files in the Nix store to another program running on the host (or another fixed-output derivation) via Unix domain sockets in the abstract namespace. This allows to modify the output of the derivation, after Nix has registered the path as "valid" and immutable in the Nix database. In particular, this allows the output of fixed-output derivations to be modified from their expected content. This issue has been addressed in versions 2.3.18 2.18.2 2.19.4 and 2.20.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-27297
reference_id
reference_type
scores
0
value 0.00062
scoring_system epss
scoring_elements 0.1967
published_at 2026-06-11T12:55:00Z
1
value 0.00062
scoring_system epss
scoring_elements 0.19845
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-27297
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27297
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27297
2
reference_url https://hackmd.io/03UGerewRcy3db44JQoWvw
reference_id 03UGerewRcy3db44JQoWvw
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-12T18:38:57Z/
url https://hackmd.io/03UGerewRcy3db44JQoWvw
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066113
reference_id 1066113
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066113
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066812
reference_id 1066812
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066812
5
reference_url https://github.com/NixOS/nix/commit/f8170ce9f119e5e6724eb81ff1b5a2d4c0024000
reference_id f8170ce9f119e5e6724eb81ff1b5a2d4c0024000
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-12T18:38:57Z/
url https://github.com/NixOS/nix/commit/f8170ce9f119e5e6724eb81ff1b5a2d4c0024000
6
reference_url https://github.com/NixOS/nix/security/advisories/GHSA-2ffj-w4mj-pg37
reference_id GHSA-2ffj-w4mj-pg37
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-12T18:38:57Z/
url https://github.com/NixOS/nix/security/advisories/GHSA-2ffj-w4mj-pg37
7
reference_url https://usn.ubuntu.com/7633-1/
reference_id USN-7633-1
reference_type
scores
url https://usn.ubuntu.com/7633-1/
fixed_packages
0
url pkg:deb/debian/guix@1.2.0-4%2Bdeb11u2?distro=sid
purl pkg:deb/debian/guix@1.2.0-4%2Bdeb11u2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/guix@1.2.0-4%252Bdeb11u2%3Fdistro=sid
1
url pkg:deb/debian/guix@1.4.0-6?distro=sid
purl pkg:deb/debian/guix@1.4.0-6?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/guix@1.4.0-6%3Fdistro=sid
2
url pkg:deb/debian/guix@1.4.0-9?distro=sid
purl pkg:deb/debian/guix@1.4.0-9?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/guix@1.4.0-9%3Fdistro=sid
aliases CVE-2024-27297
risk_score 2.9
exploitability 0.5
weighted_severity 5.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u8ay-fyb5-tbcp
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/guix@1.2.0-4%252Bdeb11u2%3Fdistro=sid