Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.tomcat/tomcat@9.0.92

Type maven

Namespace org.apache.tomcat

Name tomcat

Version 9.0.92

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 9.0.118

Latest_non_vulnerable_version 11.0.22

Affected_by_vulnerabilities

url VCID-c8kj-pgqh-3fhx

vulnerability_id VCID-c8kj-pgqh-3fhx

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52317.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52317.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-52317

reference_id

reference_type

scores

value	0.21066
scoring_system	epss
scoring_elements	0.9578
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-52317

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/apache/tomcat

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat

reference_url

https://github.com/apache/tomcat/commit/146f94f87ea398fb592c7a20a5ccbef95e9dd72b

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/146f94f87ea398fb592c7a20a5ccbef95e9dd72b

reference_url

https://github.com/apache/tomcat/commit/47307ee27abcdea2ee40e33897aca760083de46a

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/47307ee27abcdea2ee40e33897aca760083de46a

reference_url

https://github.com/apache/tomcat/commit/9e840ccacb40881c03a03b1e0746bfba7369b3bd

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/9e840ccacb40881c03a03b1e0746bfba7369b3bd

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-52317

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-52317

reference_url

https://security.netapp.com/advisory/ntap-20250124-0004

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20250124-0004

reference_url

http://www.openwall.com/lists/oss-security/2024/11/18/3

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2024/11/18/3

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2326973
reference_id	2326973
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2326973

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52317

reference_id

CVE-2024-52317

reference_type

scores

value	Important
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52317

reference_url	https://github.com/advisories/GHSA-qvf5-hvjx-wm27
reference_id	GHSA-qvf5-hvjx-wm27
reference_type
scores
url	https://github.com/advisories/GHSA-qvf5-hvjx-wm27

reference_url

https://lists.apache.org/thread/ty376mrxy1mmxtw3ogo53nc9l3co3dfs

reference_id

ty376mrxy1mmxtw3ogo53nc9l3co3dfs

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-18T14:44:38Z/

url

https://lists.apache.org/thread/ty376mrxy1mmxtw3ogo53nc9l3co3dfs

reference_url	https://usn.ubuntu.com/7705-1/
reference_id	USN-7705-1
reference_type
scores
url	https://usn.ubuntu.com/7705-1/

fixed_packages

url pkg:maven/org.apache.tomcat/tomcat@9.0.96

purl pkg:maven/org.apache.tomcat/tomcat@9.0.96

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2n2k-sh22-fkfw

vulnerability	VCID-63vc-sc11-8kf1

vulnerability	VCID-697g-gcg9-zyaa

vulnerability	VCID-6wqu-jupw-tyhu

vulnerability	VCID-7wr9-uez1-8bdg

vulnerability	VCID-97et-ubnp-wqcy

vulnerability	VCID-9xyf-k9wq-g7b9

vulnerability	VCID-bwh8-tmf1-8uac

vulnerability	VCID-dhxd-kknv-9qb7

vulnerability	VCID-dj7q-4map-ebg4

vulnerability	VCID-hv33-kv9q-gugf

vulnerability	VCID-hvgr-azs4-qqac

vulnerability	VCID-keh1-ycs9-ybdd

vulnerability	VCID-n4qq-m1x3-qkbz

vulnerability	VCID-nctp-shgj-sfgh

vulnerability	VCID-ngy5-k9cv-rkbn

vulnerability	VCID-pdy9-n8t9-hygd

vulnerability	VCID-s2kf-jwgc-pfas

vulnerability	VCID-t8tc-zb3w-57gv

vulnerability	VCID-vnfg-9em7-u7ee

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.96

url pkg:maven/org.apache.tomcat/tomcat@10.1.31

purl pkg:maven/org.apache.tomcat/tomcat@10.1.31

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2n2k-sh22-fkfw

vulnerability	VCID-63vc-sc11-8kf1

vulnerability	VCID-697g-gcg9-zyaa

vulnerability	VCID-6wqu-jupw-tyhu

vulnerability	VCID-7wr9-uez1-8bdg

vulnerability	VCID-97et-ubnp-wqcy

vulnerability	VCID-9xyf-k9wq-g7b9

vulnerability	VCID-bwh8-tmf1-8uac

vulnerability	VCID-dj7q-4map-ebg4

vulnerability	VCID-hv33-kv9q-gugf

vulnerability	VCID-hvgr-azs4-qqac

vulnerability	VCID-keh1-ycs9-ybdd

vulnerability	VCID-n4qq-m1x3-qkbz

vulnerability	VCID-nctp-shgj-sfgh

vulnerability	VCID-ngy5-k9cv-rkbn

vulnerability	VCID-pdy9-n8t9-hygd

vulnerability	VCID-s2kf-jwgc-pfas

vulnerability	VCID-t8tc-zb3w-57gv

vulnerability	VCID-vnfg-9em7-u7ee

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.31

url pkg:maven/org.apache.tomcat/tomcat@11.0.0

purl pkg:maven/org.apache.tomcat/tomcat@11.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2n2k-sh22-fkfw

vulnerability	VCID-2vs3-8cxe-fyeb

vulnerability	VCID-63vc-sc11-8kf1

vulnerability	VCID-697g-gcg9-zyaa

vulnerability	VCID-6wqu-jupw-tyhu

vulnerability	VCID-7wr9-uez1-8bdg

vulnerability	VCID-97et-ubnp-wqcy

vulnerability	VCID-9xyf-k9wq-g7b9

vulnerability	VCID-bwh8-tmf1-8uac

vulnerability	VCID-dhxd-kknv-9qb7

vulnerability	VCID-dj7q-4map-ebg4

vulnerability	VCID-f7fd-42vx-cydr

vulnerability	VCID-hv33-kv9q-gugf

vulnerability	VCID-hvgr-azs4-qqac

vulnerability	VCID-keh1-ycs9-ybdd

vulnerability	VCID-n4qq-m1x3-qkbz

vulnerability	VCID-nctp-shgj-sfgh

vulnerability	VCID-ngy5-k9cv-rkbn

vulnerability	VCID-pdy9-n8t9-hygd

vulnerability	VCID-s2kf-jwgc-pfas

vulnerability	VCID-t8tc-zb3w-57gv

vulnerability	VCID-v5zf-qfdq-kbbp

vulnerability	VCID-vnfg-9em7-u7ee

vulnerability	VCID-vx7c-77p2-v3bk

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.0

aliases CVE-2024-52317, GHSA-qvf5-hvjx-wm27

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c8kj-pgqh-3fhx

url VCID-nctp-shgj-sfgh

vulnerability_id VCID-nctp-shgj-sfgh

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34500.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34500.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-34500

reference_id

reference_type

scores

value	0.00149
scoring_system	epss
scoring_elements	0.352
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-34500

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/apache/tomcat

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat

reference_url

https://github.com/apache/tomcat/commit/29b56a56ce9e7d044b6162a99af0f38529b3a208

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/29b56a56ce9e7d044b6162a99af0f38529b3a208

reference_url

https://github.com/apache/tomcat/commit/c13e60e732ea6d07087293a41ad1866c20848271

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/c13e60e732ea6d07087293a41ad1866c20848271

reference_url

https://github.com/apache/tomcat/commit/ff589ab26e8250a2ca4286d986305318c033ff9f

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/ff589ab26e8250a2ca4286d986305318c033ff9f

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-34500

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-34500

reference_url

https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.54

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.54

reference_url

https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.21

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.21

reference_url

https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.117

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.117

reference_url

http://www.openwall.com/lists/oss-security/2026/04/09/29

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2026/04/09/29

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356
reference_id	1133356
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357
reference_id	1133357
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2457043
reference_id	2457043
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2457043

reference_url

https://lists.apache.org/thread/7rcl4zdxryc8hy3htyfyxkbqpxjtfdl2

reference_id

7rcl4zdxryc8hy3htyfyxkbqpxjtfdl2

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T14:21:50Z/

url

https://lists.apache.org/thread/7rcl4zdxryc8hy3htyfyxkbqpxjtfdl2

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34500

reference_id

CVE-2026-34500

reference_type

scores

value	Moderate
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34500

reference_url	https://github.com/advisories/GHSA-24j9-x2wg-9qv6
reference_id	GHSA-24j9-x2wg-9qv6
reference_type
scores
url	https://github.com/advisories/GHSA-24j9-x2wg-9qv6

reference_url	https://access.redhat.com/errata/RHSA-2026:20405
reference_id	RHSA-2026:20405
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:20405

reference_url	https://access.redhat.com/errata/RHSA-2026:20406
reference_id	RHSA-2026:20406
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:20406

fixed_packages

url pkg:maven/org.apache.tomcat/tomcat@9.0.117

purl pkg:maven/org.apache.tomcat/tomcat@9.0.117

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2n2k-sh22-fkfw

vulnerability	VCID-697g-gcg9-zyaa

vulnerability	VCID-97et-ubnp-wqcy

vulnerability	VCID-9xyf-k9wq-g7b9

vulnerability	VCID-dj7q-4map-ebg4

vulnerability	VCID-hv33-kv9q-gugf

vulnerability	VCID-s2kf-jwgc-pfas

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.117

url pkg:maven/org.apache.tomcat/tomcat@10.1.54

purl pkg:maven/org.apache.tomcat/tomcat@10.1.54

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2n2k-sh22-fkfw

vulnerability	VCID-697g-gcg9-zyaa

vulnerability	VCID-97et-ubnp-wqcy

vulnerability	VCID-9xyf-k9wq-g7b9

vulnerability	VCID-dj7q-4map-ebg4

vulnerability	VCID-hv33-kv9q-gugf

vulnerability	VCID-s2kf-jwgc-pfas

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.54

url pkg:maven/org.apache.tomcat/tomcat@11.0.21

purl pkg:maven/org.apache.tomcat/tomcat@11.0.21

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2n2k-sh22-fkfw

vulnerability	VCID-697g-gcg9-zyaa

vulnerability	VCID-97et-ubnp-wqcy

vulnerability	VCID-9xyf-k9wq-g7b9

vulnerability	VCID-dj7q-4map-ebg4

vulnerability	VCID-hv33-kv9q-gugf

vulnerability	VCID-s2kf-jwgc-pfas

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.21

aliases CVE-2026-34500, GHSA-24j9-x2wg-9qv6

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nctp-shgj-sfgh

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.92

Package Instance