Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:apk/alpine/libgit2@0.27.3-r0?arch=armv7&distroversion=edge&reponame=community

Type apk

Namespace alpine

Name libgit2

Version 0.27.3-r0

Qualifiers

arch	armv7
distroversion	edge
reponame	community

Subpath

Is_vulnerable false

Next_non_vulnerable_version 0.27.4-r0

Latest_non_vulnerable_version 1.7.2-r0

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-gyz7-2m83-p7bs

vulnerability_id VCID-gyz7-2m83-p7bs

summary

Out-of-bounds Read
A flaw was found in libgit2 which is wrapped by the rugged gem. A missing check
in git_delta_apply function in `delta.c` file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-10888

reference_id

reference_type

scores

value	0.0062
scoring_system	epss
scoring_elements	0.70423
published_at	2026-06-04T12:55:00Z

value	0.0062
scoring_system	epss
scoring_elements	0.70464
published_at	2026-06-05T12:55:00Z

value	0.0062
scoring_system	epss
scoring_elements	0.70473
published_at	2026-06-06T12:55:00Z

value	0.0062
scoring_system	epss
scoring_elements	0.70455
published_at	2026-06-07T12:55:00Z

value	0.0062
scoring_system	epss
scoring_elements	0.70444
published_at	2026-06-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-10888

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1598024
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1598024

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10888
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10888

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903508
reference_id	903508
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903508

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2018-10888
reference_id	CVE-2018-10888
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2018-10888

fixed_packages

url	pkg:apk/alpine/libgit2@0.27.3-r0?arch=armv7&distroversion=edge&reponame=community
purl	pkg:apk/alpine/libgit2@0.27.3-r0?arch=armv7&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/libgit2@0.27.3-r0%3Farch=armv7&distroversion=edge&reponame=community

aliases CVE-2018-10888

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gyz7-2m83-p7bs

url VCID-zafd-vs5g-jqag

vulnerability_id VCID-zafd-vs5g-jqag

summary

Out-of-bounds Read
The libgit2 library, which is used by pygit2, is vulnerable to an integer overflow which leads to an out-of-bound read. An attacker may use this flaw to leak memory addresses or cause a Denial of Service.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-10887

reference_id

reference_type

scores

value	0.00392
scoring_system	epss
scoring_elements	0.60533
published_at	2026-06-04T12:55:00Z

value	0.00392
scoring_system	epss
scoring_elements	0.60581
published_at	2026-06-05T12:55:00Z

value	0.00392
scoring_system	epss
scoring_elements	0.60587
published_at	2026-06-06T12:55:00Z

value	0.00392
scoring_system	epss
scoring_elements	0.60576
published_at	2026-06-07T12:55:00Z

value	0.00392
scoring_system	epss
scoring_elements	0.60559
published_at	2026-06-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-10887

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1598021
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1598021

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10887
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10887

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903509
reference_id	903509
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903509

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2018-10887
reference_id	CVE-2018-10887
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2018-10887

fixed_packages

url	pkg:apk/alpine/libgit2@0.27.3-r0?arch=armv7&distroversion=edge&reponame=community
purl	pkg:apk/alpine/libgit2@0.27.3-r0?arch=armv7&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/libgit2@0.27.3-r0%3Farch=armv7&distroversion=edge&reponame=community

aliases CVE-2018-10887

risk_score 1.6

exploitability 0.5

weighted_severity 3.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zafd-vs5g-jqag

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/libgit2@0.27.3-r0%3Farch=armv7&distroversion=edge&reponame=community

Package Instance