Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/icingadb-web@1.4.0-1?distro=trixie
Typedeb
Namespacedebian
Nameicingadb-web
Version1.4.0-1
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-79e4-cdg3-fbca
vulnerability_id VCID-79e4-cdg3-fbca
summary Icinga DB Web provides a graphical interface for Icinga monitoring. Before 1.1.4 and 1.2.3, an authorized user with access to Icinga DB Web, can use a custom variable in a filter that is either protected by icingadb/protect/variables or hidden by icingadb/denylist/variables, to guess values assigned to it. Versions 1.1.4 and 1.2.3 respond with an error if such a custom variable is used.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-61789
reference_id
reference_type
scores
0
value 0.00035
scoring_system epss
scoring_elements 0.10879
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-61789
1
reference_url https://github.com/Icinga/icingadb-web/commit/5e982dad40ec379075307ab1693580138e675b18
reference_id 5e982dad40ec379075307ab1693580138e675b18
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-16T18:03:04Z/
url https://github.com/Icinga/icingadb-web/commit/5e982dad40ec379075307ab1693580138e675b18
2
reference_url https://github.com/Icinga/icingadb-web/security/advisories/GHSA-w57j-28jc-8429
reference_id GHSA-w57j-28jc-8429
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-16T18:03:04Z/
url https://github.com/Icinga/icingadb-web/security/advisories/GHSA-w57j-28jc-8429
fixed_packages
0
url pkg:deb/debian/icingadb-web@1.2.3-1?distro=trixie
purl pkg:deb/debian/icingadb-web@1.2.3-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/icingadb-web@1.2.3-1%3Fdistro=trixie
1
url pkg:deb/debian/icingadb-web@1.4.0-1?distro=trixie
purl pkg:deb/debian/icingadb-web@1.4.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/icingadb-web@1.4.0-1%3Fdistro=trixie
aliases CVE-2025-61789
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-79e4-cdg3-fbca
1
url VCID-mksq-pc9r-1ke9
vulnerability_id VCID-mksq-pc9r-1ke9
summary Icinga DB Web provides a graphical interface for Icinga monitoring. Starting in version 1.2.0 and prior to version 1.2.2, users with access to Icinga Dependency Views, are allowed to see hosts and services that they weren't meant to on the dependency map. However, the name of an object will not be revealed nor does this grant access to a host's or service's detail view. Please note that this only affects the restrictions `filter/hosts` and `filter/services`. `filter/objects` is not affected by this and restricts objects as it is supposed to. Version 1.2.2 applies these restrictions properly. As a workaround, one may downgrade to version 1.1.3.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-53840
reference_id
reference_type
scores
0
value 0.00239
scoring_system epss
scoring_elements 0.4727
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-53840
1
reference_url https://github.com/Icinga/icingadb-web/security/advisories/GHSA-q2w7-mrx8-5473
reference_id GHSA-q2w7-mrx8-5473
reference_type
scores
0
value 2.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-18T14:55:55Z/
url https://github.com/Icinga/icingadb-web/security/advisories/GHSA-q2w7-mrx8-5473
2
reference_url https://github.com/Icinga/icingadb-web/releases/tag/v1.2.2
reference_id v1.2.2
reference_type
scores
0
value 2.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-18T14:55:55Z/
url https://github.com/Icinga/icingadb-web/releases/tag/v1.2.2
fixed_packages
0
url pkg:deb/debian/icingadb-web@0?distro=trixie
purl pkg:deb/debian/icingadb-web@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/icingadb-web@0%3Fdistro=trixie
1
url pkg:deb/debian/icingadb-web@1.0.2-1?distro=trixie
purl pkg:deb/debian/icingadb-web@1.0.2-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-79e4-cdg3-fbca
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/icingadb-web@1.0.2-1%3Fdistro=trixie
2
url pkg:deb/debian/icingadb-web@1.1.3-1?distro=trixie
purl pkg:deb/debian/icingadb-web@1.1.3-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-79e4-cdg3-fbca
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/icingadb-web@1.1.3-1%3Fdistro=trixie
3
url pkg:deb/debian/icingadb-web@1.4.0-1?distro=trixie
purl pkg:deb/debian/icingadb-web@1.4.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/icingadb-web@1.4.0-1%3Fdistro=trixie
aliases CVE-2025-53840
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mksq-pc9r-1ke9
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/icingadb-web@1.4.0-1%3Fdistro=trixie