Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/heat@1:19.0.0-3?distro=trixie

Type deb

Namespace debian

Name heat

Version 1:19.0.0-3

Qualifiers

distro	trixie

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-bq9j-x8bu-q3bd

vulnerability_id

VCID-bq9j-x8bu-q3bd

summary

An incomplete fix for CVE-2023-1625 was found in openstack-heat. Sensitive information may possibly be disclosed through the OpenStack stack abandon command with the hidden feature set to True and the CVE-2023-1625 fix applied.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7319.json

reference_id

reference_type

scores

value	5.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7319.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-7319

reference_id

reference_type

scores

value	0.00392
scoring_system	epss
scoring_elements	0.60635
published_at	2026-06-11T12:55:00Z

value	0.00392
scoring_system	epss
scoring_elements	0.6074
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-7319

reference_url

https://github.com/openstack/heat

reference_id

reference_type

scores

value	5.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/heat

reference_url

https://storyboard.openstack.org/#!/story/2011007

reference_id

reference_type

scores

value	5.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://storyboard.openstack.org/#!/story/2011007

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082855
reference_id	1082855
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082855

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack:13
reference_id	cpe:/a:redhat:openstack:13
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack:13

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack:16.1
reference_id	cpe:/a:redhat:openstack:16.1
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack:16.1

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack:16.2
reference_id	cpe:/a:redhat:openstack:16.2
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack:16.2

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack:17.0
reference_id	cpe:/a:redhat:openstack:17.0
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack:17.0

reference_url

https://access.redhat.com/security/cve/CVE-2024-7319

reference_id

CVE-2024-7319

reference_type

scores

value	5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

value	5.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-07T20:33:25Z/

url

https://access.redhat.com/security/cve/CVE-2024-7319

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-7319

reference_id

CVE-2024-7319

reference_type

scores

value	5.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-7319

reference_url

https://github.com/advisories/GHSA-2fqr-cx7q-3ph8

reference_id

GHSA-2fqr-cx7q-3ph8

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2fqr-cx7q-3ph8

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2258810

reference_id

show_bug.cgi?id=2258810

reference_type

scores

value	5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

value	5.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-07T20:33:25Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2258810

fixed_packages

aliases

CVE-2024-7319, GHSA-2fqr-cx7q-3ph8

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-bq9j-x8bu-q3bd

Fixing_vulnerabilities

url VCID-11sv-p8en-2bcs

vulnerability_id VCID-11sv-p8en-2bcs

summary The cloudformation-compatible API in OpenStack Orchestration API (Heat) before Havana 2013.2.1 and Icehouse before icehouse-2 does not properly enforce policy rules, which allows local in-instance users to bypass intended access restrictions and (1) create a stack via the CreateStack method or (2) update a stack via the UpdateStack method.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6426.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6426.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-6426

reference_id

reference_type

scores

value	0.0033
scoring_system	epss
scoring_elements	0.56335
published_at	2026-06-11T12:55:00Z

value	0.0033
scoring_system	epss
scoring_elements	0.56454
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-6426

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6426
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6426

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1039141
reference_id	1039141
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1039141

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732033
reference_id	732033
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732033

reference_url	https://access.redhat.com/errata/RHSA-2014:0090
reference_id	RHSA-2014:0090
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0090

fixed_packages

url	pkg:deb/debian/heat@2013.2.1-1?distro=trixie
purl	pkg:deb/debian/heat@2013.2.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/heat@2013.2.1-1%3Fdistro=trixie

url pkg:deb/debian/heat@1:15.0.0-4?distro=trixie

purl pkg:deb/debian/heat@1:15.0.0-4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-m9tj-bwum-4yep

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/heat@1:15.0.0-4%3Fdistro=trixie

url pkg:deb/debian/heat@1:19.0.0-3?distro=trixie

purl pkg:deb/debian/heat@1:19.0.0-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bq9j-x8bu-q3bd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/heat@1:19.0.0-3%3Fdistro=trixie

url pkg:deb/debian/heat@1:24.0.0-2?distro=trixie

purl pkg:deb/debian/heat@1:24.0.0-2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bq9j-x8bu-q3bd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/heat@1:24.0.0-2%3Fdistro=trixie

url pkg:deb/debian/heat@1:26.0.0-2?distro=trixie

purl pkg:deb/debian/heat@1:26.0.0-2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bq9j-x8bu-q3bd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/heat@1:26.0.0-2%3Fdistro=trixie

aliases CVE-2013-6426

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-11sv-p8en-2bcs

url VCID-8phc-y9aw-q7ej

vulnerability_id VCID-8phc-y9aw-q7ej

summary

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5295.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5295.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-5295

reference_id

reference_type

scores

value	0.01217
scoring_system	epss
scoring_elements	0.79436
published_at	2026-06-11T12:55:00Z

value	0.01217
scoring_system	epss
scoring_elements	0.79503
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-5295

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5295
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5295

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:N/I:N/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1298295
reference_id	1298295
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1298295

reference_url	https://access.redhat.com/errata/RHSA-2016:0266
reference_id	RHSA-2016:0266
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0266

reference_url	https://access.redhat.com/errata/RHSA-2016:0440
reference_id	RHSA-2016:0440
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0440

reference_url	https://access.redhat.com/errata/RHSA-2016:0441
reference_id	RHSA-2016:0441
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0441

reference_url	https://access.redhat.com/errata/RHSA-2016:0442
reference_id	RHSA-2016:0442
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0442

fixed_packages

url	pkg:deb/debian/heat@1:6.0.0~rc3-1?distro=trixie
purl	pkg:deb/debian/heat@1:6.0.0~rc3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/heat@1:6.0.0~rc3-1%3Fdistro=trixie

url pkg:deb/debian/heat@1:15.0.0-4?distro=trixie

purl pkg:deb/debian/heat@1:15.0.0-4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-m9tj-bwum-4yep

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/heat@1:15.0.0-4%3Fdistro=trixie

url pkg:deb/debian/heat@1:19.0.0-3?distro=trixie

purl pkg:deb/debian/heat@1:19.0.0-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bq9j-x8bu-q3bd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/heat@1:19.0.0-3%3Fdistro=trixie

url pkg:deb/debian/heat@1:24.0.0-2?distro=trixie

purl pkg:deb/debian/heat@1:24.0.0-2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bq9j-x8bu-q3bd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/heat@1:24.0.0-2%3Fdistro=trixie

url pkg:deb/debian/heat@1:26.0.0-2?distro=trixie

purl pkg:deb/debian/heat@1:26.0.0-2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bq9j-x8bu-q3bd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/heat@1:26.0.0-2%3Fdistro=trixie

aliases CVE-2015-5295

risk_score 1.0

exploitability 0.5

weighted_severity 2.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8phc-y9aw-q7ej

url VCID-g174-3dtk-fyad

vulnerability_id VCID-g174-3dtk-fyad

summary OpenStack Orchestration API (Heat) 2013.2 through 2013.2.3 and 2014.1, when creating the stack for a template using a provider template, allows remote authenticated users to obtain the provider template URL via the resource-type-list.

references

reference_url

http://rhn.redhat.com/errata/RHSA-2014-1687.html

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2014-1687.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3801.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3801.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-3801

reference_id

reference_type

scores

value	0.00428
scoring_system	epss
scoring_elements	0.62883
published_at	2026-06-11T12:55:00Z

value	0.00428
scoring_system	epss
scoring_elements	0.62985
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-3801

reference_url

https://bugs.launchpad.net/heat/+bug/1311223

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/heat/+bug/1311223

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3801
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3801

reference_url

https://git.openstack.org/cgit/openstack/heat

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://git.openstack.org/cgit/openstack/heat

reference_url

https://git.openstack.org/cgit/openstack/heat/commit/?id=03dd894de4ad905dc170e358fad27d9c8ed62a73

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://git.openstack.org/cgit/openstack/heat/commit/?id=03dd894de4ad905dc170e358fad27d9c8ed62a73

reference_url

https://git.openstack.org/cgit/openstack/heat/commit/?id=7e114a38712da8947ee7ad93eabda34f5e4aa65a

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://git.openstack.org/cgit/openstack/heat/commit/?id=7e114a38712da8947ee7ad93eabda34f5e4aa65a

reference_url

https://git.openstack.org/cgit/openstack/heat/commit/?id=a02ff20509171346d2a1d2a9df7c81aada134c52

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://git.openstack.org/cgit/openstack/heat/commit/?id=a02ff20509171346d2a1d2a9df7c81aada134c52

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-3801

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-3801

reference_url

https://web.archive.org/web/20200229061233/https://www.securityfocus.com/bid/67505

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200229061233/https://www.securityfocus.com/bid/67505

reference_url	https://web.archive.org/web/20200229061233/https://www.securityfocus.com/bid/67505/
reference_id
reference_type
scores
url	https://web.archive.org/web/20200229061233/https://www.securityfocus.com/bid/67505/

reference_url

http://www.openwall.com/lists/oss-security/2014/05/20/1

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2014/05/20/1

reference_url

http://www.openwall.com/lists/oss-security/2014/05/20/6

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2014/05/20/6

reference_url

http://www.ubuntu.com/usn/USN-2249-1

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://www.ubuntu.com/usn/USN-2249-1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1099748
reference_id	1099748
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1099748

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=748824
reference_id	748824
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=748824

reference_url

https://github.com/advisories/GHSA-86qj-4h55-fvpw

reference_id

GHSA-86qj-4h55-fvpw

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-86qj-4h55-fvpw

reference_url	https://access.redhat.com/errata/RHSA-2014:1687
reference_id	RHSA-2014:1687
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1687

reference_url	https://usn.ubuntu.com/2249-1/
reference_id	USN-2249-1
reference_type
scores
url	https://usn.ubuntu.com/2249-1/

fixed_packages

url	pkg:deb/debian/heat@2014.1-4?distro=trixie
purl	pkg:deb/debian/heat@2014.1-4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/heat@2014.1-4%3Fdistro=trixie

url pkg:deb/debian/heat@1:15.0.0-4?distro=trixie

purl pkg:deb/debian/heat@1:15.0.0-4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-m9tj-bwum-4yep

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/heat@1:15.0.0-4%3Fdistro=trixie

url pkg:deb/debian/heat@1:19.0.0-3?distro=trixie

purl pkg:deb/debian/heat@1:19.0.0-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bq9j-x8bu-q3bd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/heat@1:19.0.0-3%3Fdistro=trixie

url pkg:deb/debian/heat@1:24.0.0-2?distro=trixie

purl pkg:deb/debian/heat@1:24.0.0-2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bq9j-x8bu-q3bd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/heat@1:24.0.0-2%3Fdistro=trixie

url pkg:deb/debian/heat@1:26.0.0-2?distro=trixie

purl pkg:deb/debian/heat@1:26.0.0-2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bq9j-x8bu-q3bd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/heat@1:26.0.0-2%3Fdistro=trixie

aliases CVE-2014-3801, GHSA-86qj-4h55-fvpw

risk_score 1.4

exploitability 0.5

weighted_severity 2.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g174-3dtk-fyad

url VCID-jm87-bxts-83ct

vulnerability_id VCID-jm87-bxts-83ct

summary The ReST API in OpenStack Orchestration API (Heat) before Havana 2013.2.1 and Icehouse before icehouse-2 allows remote authenticated users to bypass the tenant scoping restrictions via a modified tenant_id in the request path.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6428.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6428.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-6428

reference_id

reference_type

scores

value	0.0017
scoring_system	epss
scoring_elements	0.38022
published_at	2026-06-11T12:55:00Z

value	0.0017
scoring_system	epss
scoring_elements	0.38199
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-6428

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6428
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6428

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1039144
reference_id	1039144
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1039144

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732033
reference_id	732033
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732033

reference_url	https://access.redhat.com/errata/RHSA-2014:0090
reference_id	RHSA-2014:0090
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0090

fixed_packages

url	pkg:deb/debian/heat@2013.2.1-1?distro=trixie
purl	pkg:deb/debian/heat@2013.2.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/heat@2013.2.1-1%3Fdistro=trixie

url pkg:deb/debian/heat@1:15.0.0-4?distro=trixie

purl pkg:deb/debian/heat@1:15.0.0-4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-m9tj-bwum-4yep

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/heat@1:15.0.0-4%3Fdistro=trixie

url pkg:deb/debian/heat@1:19.0.0-3?distro=trixie

purl pkg:deb/debian/heat@1:19.0.0-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bq9j-x8bu-q3bd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/heat@1:19.0.0-3%3Fdistro=trixie

url pkg:deb/debian/heat@1:24.0.0-2?distro=trixie

purl pkg:deb/debian/heat@1:24.0.0-2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bq9j-x8bu-q3bd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/heat@1:24.0.0-2%3Fdistro=trixie

url pkg:deb/debian/heat@1:26.0.0-2?distro=trixie

purl pkg:deb/debian/heat@1:26.0.0-2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bq9j-x8bu-q3bd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/heat@1:26.0.0-2%3Fdistro=trixie

aliases CVE-2013-6428

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jm87-bxts-83ct

url VCID-ku3b-kkqp-7kgv

vulnerability_id VCID-ku3b-kkqp-7kgv

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9185.json

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9185.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-9185

reference_id

reference_type

scores

value	0.00527
scoring_system	epss
scoring_elements	0.67556
published_at	2026-06-11T12:55:00Z

value	0.00527
scoring_system	epss
scoring_elements	0.67645
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-9185

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9185
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9185

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:P/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1391895
reference_id	1391895
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1391895

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=843232
reference_id	843232
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=843232

reference_url	https://access.redhat.com/errata/RHSA-2017:1450
reference_id	RHSA-2017:1450
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:1450

reference_url	https://access.redhat.com/errata/RHSA-2017:1456
reference_id	RHSA-2017:1456
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:1456

reference_url	https://access.redhat.com/errata/RHSA-2017:1464
reference_id	RHSA-2017:1464
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:1464

fixed_packages

url	pkg:deb/debian/heat@1:7.0.0-2?distro=trixie
purl	pkg:deb/debian/heat@1:7.0.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/heat@1:7.0.0-2%3Fdistro=trixie

url pkg:deb/debian/heat@1:15.0.0-4?distro=trixie

purl pkg:deb/debian/heat@1:15.0.0-4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-m9tj-bwum-4yep

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/heat@1:15.0.0-4%3Fdistro=trixie

url pkg:deb/debian/heat@1:19.0.0-3?distro=trixie

purl pkg:deb/debian/heat@1:19.0.0-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bq9j-x8bu-q3bd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/heat@1:19.0.0-3%3Fdistro=trixie

url pkg:deb/debian/heat@1:24.0.0-2?distro=trixie

purl pkg:deb/debian/heat@1:24.0.0-2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bq9j-x8bu-q3bd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/heat@1:24.0.0-2%3Fdistro=trixie

url pkg:deb/debian/heat@1:26.0.0-2?distro=trixie

purl pkg:deb/debian/heat@1:26.0.0-2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bq9j-x8bu-q3bd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/heat@1:26.0.0-2%3Fdistro=trixie

aliases CVE-2016-9185

risk_score 1.6

exploitability 0.5

weighted_severity 3.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ku3b-kkqp-7kgv

url VCID-m9tj-bwum-4yep

vulnerability_id VCID-m9tj-bwum-4yep

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1625.json

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1625.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-1625

reference_id

reference_type

scores

value	0.00111
scoring_system	epss
scoring_elements	0.29258
published_at	2026-06-12T12:55:00Z

value	0.00111
scoring_system	epss
scoring_elements	0.29056
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-1625

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1625
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1625

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/openstack/heat

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/heat

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-1625

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-1625

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034186
reference_id	1034186
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034186

reference_url

https://launchpad.net/bugs/1999665

reference_id

1999665

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T14:59:09Z/

url

https://launchpad.net/bugs/1999665

reference_url

https://github.com/openstack/heat/commit/a49526c278e52823080c7f3fcb72785b93fd4dcb

reference_id

a49526c278e52823080c7f3fcb72785b93fd4dcb

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T14:59:09Z/

url

https://github.com/openstack/heat/commit/a49526c278e52823080c7f3fcb72785b93fd4dcb

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack:13
reference_id	cpe:/a:redhat:openstack:13
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack:13

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack:16.1
reference_id	cpe:/a:redhat:openstack:16.1
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack:16.1

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack:16.2
reference_id	cpe:/a:redhat:openstack:16.2
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack:16.2

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack:17.0
reference_id	cpe:/a:redhat:openstack:17.0
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack:17.0

reference_url

https://access.redhat.com/security/cve/CVE-2023-1625

reference_id

CVE-2023-1625

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T14:59:09Z/

url

https://access.redhat.com/security/cve/CVE-2023-1625

reference_url

https://github.com/advisories/GHSA-5836-grcc-8j89

reference_id

GHSA-5836-grcc-8j89

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-5836-grcc-8j89

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2181621

reference_id

show_bug.cgi?id=2181621

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T14:59:09Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2181621

reference_url	https://usn.ubuntu.com/6066-1/
reference_id	USN-6066-1
reference_type
scores
url	https://usn.ubuntu.com/6066-1/

reference_url	https://usn.ubuntu.com/6293-1/
reference_id	USN-6293-1
reference_type
scores
url	https://usn.ubuntu.com/6293-1/

fixed_packages

url	pkg:deb/debian/heat@1:19.0.0-2?distro=trixie
purl	pkg:deb/debian/heat@1:19.0.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/heat@1:19.0.0-2%3Fdistro=trixie

url pkg:deb/debian/heat@1:19.0.0-3?distro=trixie

purl pkg:deb/debian/heat@1:19.0.0-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bq9j-x8bu-q3bd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/heat@1:19.0.0-3%3Fdistro=trixie

url pkg:deb/debian/heat@1:24.0.0-2?distro=trixie

purl pkg:deb/debian/heat@1:24.0.0-2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bq9j-x8bu-q3bd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/heat@1:24.0.0-2%3Fdistro=trixie

url pkg:deb/debian/heat@1:26.0.0-2?distro=trixie

purl pkg:deb/debian/heat@1:26.0.0-2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bq9j-x8bu-q3bd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/heat@1:26.0.0-2%3Fdistro=trixie

aliases CVE-2023-1625, GHSA-5836-grcc-8j89

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m9tj-bwum-4yep

url VCID-sfuu-62vj-zfgc

vulnerability_id VCID-sfuu-62vj-zfgc

summary An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2621.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2621.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-2621

reference_id

reference_type

scores

value	0.00072
scoring_system	epss
scoring_elements	0.22053
published_at	2026-06-11T12:55:00Z

value	0.00072
scoring_system	epss
scoring_elements	0.22244
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-2621

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1420990
reference_id	1420990
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1420990

reference_url	https://access.redhat.com/errata/RHSA-2017:1243
reference_id	RHSA-2017:1243
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:1243

reference_url	https://access.redhat.com/errata/RHSA-2017:1464
reference_id	RHSA-2017:1464
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:1464

fixed_packages

url	pkg:deb/debian/heat@0?distro=trixie
purl	pkg:deb/debian/heat@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/heat@0%3Fdistro=trixie

url pkg:deb/debian/heat@1:15.0.0-4?distro=trixie

purl pkg:deb/debian/heat@1:15.0.0-4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-m9tj-bwum-4yep

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/heat@1:15.0.0-4%3Fdistro=trixie

url pkg:deb/debian/heat@1:19.0.0-3?distro=trixie

purl pkg:deb/debian/heat@1:19.0.0-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bq9j-x8bu-q3bd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/heat@1:19.0.0-3%3Fdistro=trixie

url pkg:deb/debian/heat@1:24.0.0-2?distro=trixie

purl pkg:deb/debian/heat@1:24.0.0-2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bq9j-x8bu-q3bd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/heat@1:24.0.0-2%3Fdistro=trixie

url pkg:deb/debian/heat@1:26.0.0-2?distro=trixie

purl pkg:deb/debian/heat@1:26.0.0-2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bq9j-x8bu-q3bd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/heat@1:26.0.0-2%3Fdistro=trixie

aliases CVE-2017-2621

risk_score 2.6

exploitability 0.5

weighted_severity 5.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sfuu-62vj-zfgc

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/heat@1:19.0.0-3%3Fdistro=trixie

Package Instance