Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/gd@2.3.0-r0?arch=armv7&distroversion=v3.14&reponame=main
Typeapk
Namespacealpine
Namegd
Version2.3.0-r0
Qualifiers
arch armv7
distroversion v3.14
reponame main
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version2.3.0-r1
Latest_non_vulnerable_version2.3.0-r1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-2dp1-1n8v-fye9
vulnerability_id VCID-2dp1-1n8v-fye9
summary When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11038.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11038.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-11038
reference_id
reference_type
scores
0
value 0.1054
scoring_system epss
scoring_elements 0.93397
published_at 2026-06-04T12:55:00Z
1
value 0.1054
scoring_system epss
scoring_elements 0.93408
published_at 2026-06-05T12:55:00Z
2
value 0.1054
scoring_system epss
scoring_elements 0.93409
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-11038
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11034
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11034
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11035
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11035
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11036
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11036
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11038
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11038
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11039
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11039
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11040
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11040
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11041
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11041
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11042
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11042
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13224
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13224
11
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1724149
reference_id 1724149
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1724149
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929821
reference_id 929821
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929821
14
reference_url https://access.redhat.com/errata/RHSA-2019:2519
reference_id RHSA-2019:2519
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:2519
15
reference_url https://access.redhat.com/errata/RHSA-2019:3299
reference_id RHSA-2019:3299
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3299
16
reference_url https://usn.ubuntu.com/4316-1/
reference_id USN-4316-1
reference_type
scores
url https://usn.ubuntu.com/4316-1/
17
reference_url https://usn.ubuntu.com/4316-2/
reference_id USN-4316-2
reference_type
scores
url https://usn.ubuntu.com/4316-2/
fixed_packages
0
url pkg:apk/alpine/gd@2.3.0-r0?arch=armv7&distroversion=v3.14&reponame=main
purl pkg:apk/alpine/gd@2.3.0-r0?arch=armv7&distroversion=v3.14&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/gd@2.3.0-r0%3Farch=armv7&distroversion=v3.14&reponame=main
aliases CVE-2019-11038
risk_score 1.5
exploitability 0.5
weighted_severity 3.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2dp1-1n8v-fye9
1
url VCID-sxpu-ax7r-v3d3
vulnerability_id VCID-sxpu-ax7r-v3d3
summary gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14553.json
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14553.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-14553
reference_id
reference_type
scores
0
value 0.00979
scoring_system epss
scoring_elements 0.77103
published_at 2026-06-04T12:55:00Z
1
value 0.00979
scoring_system epss
scoring_elements 0.77134
published_at 2026-06-05T12:55:00Z
2
value 0.00979
scoring_system epss
scoring_elements 0.77123
published_at 2026-06-08T12:55:00Z
3
value 0.00979
scoring_system epss
scoring_elements 0.77144
published_at 2026-06-06T12:55:00Z
4
value 0.00979
scoring_system epss
scoring_elements 0.77133
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-14553
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14553
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14553
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1600727
reference_id 1600727
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1600727
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951287
reference_id 951287
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951287
6
reference_url https://access.redhat.com/errata/RHSA-2020:4659
reference_id RHSA-2020:4659
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4659
7
reference_url https://usn.ubuntu.com/4316-1/
reference_id USN-4316-1
reference_type
scores
url https://usn.ubuntu.com/4316-1/
8
reference_url https://usn.ubuntu.com/4316-2/
reference_id USN-4316-2
reference_type
scores
url https://usn.ubuntu.com/4316-2/
fixed_packages
0
url pkg:apk/alpine/gd@2.3.0-r0?arch=armv7&distroversion=v3.14&reponame=main
purl pkg:apk/alpine/gd@2.3.0-r0?arch=armv7&distroversion=v3.14&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/gd@2.3.0-r0%3Farch=armv7&distroversion=v3.14&reponame=main
aliases CVE-2018-14553
risk_score 3.4
exploitability 0.5
weighted_severity 6.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sxpu-ax7r-v3d3
2
url VCID-tw3k-f4zp-pff5
vulnerability_id VCID-tw3k-f4zp-pff5
summary In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap-based buffer over-read in tiffWriter in gd_tiff.c. NOTE: the vendor says "In my opinion this issue should not have a CVE, since the GD and GD2 formats are documented to be 'obsolete, and should only be used for development and testing purposes.'
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-6363
reference_id
reference_type
scores
0
value 0.00422
scoring_system epss
scoring_elements 0.62398
published_at 2026-06-04T12:55:00Z
1
value 0.00422
scoring_system epss
scoring_elements 0.62444
published_at 2026-06-05T12:55:00Z
2
value 0.00422
scoring_system epss
scoring_elements 0.62453
published_at 2026-06-06T12:55:00Z
3
value 0.00422
scoring_system epss
scoring_elements 0.62443
published_at 2026-06-07T12:55:00Z
4
value 0.00422
scoring_system epss
scoring_elements 0.62428
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-6363
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6363
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6363
2
reference_url https://usn.ubuntu.com/5068-1/
reference_id USN-5068-1
reference_type
scores
url https://usn.ubuntu.com/5068-1/
fixed_packages
0
url pkg:apk/alpine/gd@2.3.0-r0?arch=armv7&distroversion=v3.14&reponame=main
purl pkg:apk/alpine/gd@2.3.0-r0?arch=armv7&distroversion=v3.14&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/gd@2.3.0-r0%3Farch=armv7&distroversion=v3.14&reponame=main
aliases CVE-2017-6363
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tw3k-f4zp-pff5
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/gd@2.3.0-r0%3Farch=armv7&distroversion=v3.14&reponame=main