Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/sulu/sulu@1.0.2

Type composer

Namespace sulu

Name sulu

Version 1.0.2

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.6.23

Latest_non_vulnerable_version 3.0.6

Affected_by_vulnerabilities

url VCID-4atd-dbgs-ubbt

vulnerability_id VCID-4atd-dbgs-ubbt

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-32737

reference_id

reference_type

scores

value	0.0036
scoring_system	epss
scoring_elements	0.58534
published_at	2026-06-11T12:55:00Z

value	0.0036
scoring_system	epss
scoring_elements	0.58645
published_at	2026-06-12T12:55:00Z

value	0.0036
scoring_system	epss
scoring_elements	0.58661
published_at	2026-06-13T12:55:00Z

value	0.0036
scoring_system	epss
scoring_elements	0.5865
published_at	2026-06-14T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-32737

reference_url

https://github.com/sulu/sulu/releases/tag/1.6.41

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/sulu/sulu/releases/tag/1.6.41

reference_url

https://github.com/sulu/sulu/security/advisories/GHSA-gm2x-6475-g9r8

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/sulu/sulu/security/advisories/GHSA-gm2x-6475-g9r8

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-32737

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-32737

reference_url

https://github.com/advisories/GHSA-gm2x-6475-g9r8

reference_id

GHSA-gm2x-6475-g9r8

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-gm2x-6475-g9r8

fixed_packages

url pkg:composer/sulu/sulu@1.6.41

purl pkg:composer/sulu/sulu@1.6.41

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cmaq-vz7x-n7gc

vulnerability	VCID-kxc9-hgfy-37av

vulnerability	VCID-mtc1-2z56-afcx

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sulu/sulu@1.6.41

url pkg:composer/sulu/sulu@2.0.0-RC1

purl pkg:composer/sulu/sulu@2.0.0-RC1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-mtc1-2z56-afcx

vulnerability	VCID-uugh-qjgv-zuc4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sulu/sulu@2.0.0-RC1

aliases CVE-2021-32737, GHSA-gm2x-6475-g9r8

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4atd-dbgs-ubbt

url VCID-cmaq-vz7x-n7gc

vulnerability_id VCID-cmaq-vz7x-n7gc

summary PHP file inclusion in the Sulu admin panel

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-43836

reference_id

reference_type

scores

value	0.04292
scoring_system	epss
scoring_elements	0.8915
published_at	2026-06-14T12:55:00Z

value	0.04292
scoring_system	epss
scoring_elements	0.89106
published_at	2026-06-11T12:55:00Z

value	0.04292
scoring_system	epss
scoring_elements	0.89151
published_at	2026-06-13T12:55:00Z

value	0.04292
scoring_system	epss
scoring_elements	0.89143
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-43836

reference_url

https://github.com/sulu/sulu

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sulu/sulu

reference_url

https://github.com/sulu/sulu/commit/9c948f9ce350c68b53af8c3910e2cefc7f722b54

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sulu/sulu/commit/9c948f9ce350c68b53af8c3910e2cefc7f722b54

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-43836

reference_id

CVE-2021-43836

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-43836

reference_url

https://github.com/advisories/GHSA-vx6j-pjrh-vgjh

reference_id

GHSA-vx6j-pjrh-vgjh

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-vx6j-pjrh-vgjh

reference_url

https://github.com/sulu/sulu/security/advisories/GHSA-vx6j-pjrh-vgjh

reference_id

GHSA-vx6j-pjrh-vgjh

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sulu/sulu/security/advisories/GHSA-vx6j-pjrh-vgjh

fixed_packages

url pkg:composer/sulu/sulu@1.6.44

purl pkg:composer/sulu/sulu@1.6.44

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-mtc1-2z56-afcx

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sulu/sulu@1.6.44

url pkg:composer/sulu/sulu@2.2.18

purl pkg:composer/sulu/sulu@2.2.18

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ga1b-8tzr-17gr

vulnerability	VCID-mtc1-2z56-afcx

vulnerability	VCID-pme7-145c-ukem

vulnerability	VCID-ucnf-fauc-tud6

vulnerability	VCID-uugh-qjgv-zuc4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sulu/sulu@2.2.18

url pkg:composer/sulu/sulu@2.3.0-RC1

purl pkg:composer/sulu/sulu@2.3.0-RC1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ga1b-8tzr-17gr

vulnerability	VCID-mtc1-2z56-afcx

vulnerability	VCID-pme7-145c-ukem

vulnerability	VCID-ucnf-fauc-tud6

vulnerability	VCID-uugh-qjgv-zuc4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sulu/sulu@2.3.0-RC1

url pkg:composer/sulu/sulu@2.3.8

purl pkg:composer/sulu/sulu@2.3.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ga1b-8tzr-17gr

vulnerability	VCID-mtc1-2z56-afcx

vulnerability	VCID-pme7-145c-ukem

vulnerability	VCID-ucnf-fauc-tud6

vulnerability	VCID-uugh-qjgv-zuc4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sulu/sulu@2.3.8

url pkg:composer/sulu/sulu@2.4.0

purl pkg:composer/sulu/sulu@2.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ga1b-8tzr-17gr

vulnerability	VCID-mtc1-2z56-afcx

vulnerability	VCID-pme7-145c-ukem

vulnerability	VCID-ucnf-fauc-tud6

vulnerability	VCID-uugh-qjgv-zuc4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sulu/sulu@2.4.0

aliases CVE-2021-43836, GHSA-vx6j-pjrh-vgjh

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cmaq-vz7x-n7gc

url VCID-kxc9-hgfy-37av

vulnerability_id VCID-kxc9-hgfy-37av

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-41169

reference_id

reference_type

scores

value	0.00286
scoring_system	epss
scoring_elements	0.52423
published_at	2026-06-11T12:55:00Z

value	0.00286
scoring_system	epss
scoring_elements	0.52551
published_at	2026-06-12T12:55:00Z

value	0.00286
scoring_system	epss
scoring_elements	0.52564
published_at	2026-06-13T12:55:00Z

value	0.00286
scoring_system	epss
scoring_elements	0.52546
published_at	2026-06-14T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-41169

reference_url

https://github.com/sulu/sulu

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/sulu/sulu

reference_url

https://github.com/sulu/sulu/commit/20007ac70a3af3c9e53a6acb0ef8794b65642445

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/sulu/sulu/commit/20007ac70a3af3c9e53a6acb0ef8794b65642445

reference_url

https://github.com/sulu/sulu/security/advisories/GHSA-h58v-g3q6-q9fx

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/sulu/sulu/security/advisories/GHSA-h58v-g3q6-q9fx

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-41169

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-41169

reference_url

https://github.com/advisories/GHSA-h58v-g3q6-q9fx

reference_id

GHSA-h58v-g3q6-q9fx

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-h58v-g3q6-q9fx

fixed_packages

url pkg:composer/sulu/sulu@1.6.43

purl pkg:composer/sulu/sulu@1.6.43

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cmaq-vz7x-n7gc

vulnerability	VCID-mtc1-2z56-afcx

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sulu/sulu@1.6.43

aliases CVE-2021-41169, GHSA-h58v-g3q6-q9fx

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kxc9-hgfy-37av

url VCID-mtc1-2z56-afcx

vulnerability_id VCID-mtc1-2z56-afcx

summary Sulu is an open-source PHP content management system based on the Symfony framework. From versions 1.0.0 to before 2.6.22, and 3.0.0 to before 3.0.5, a user which has permission for the Sulu Admin via at least one role could have access to the sub-entities of contacts via the admin API without even have permission for contacts. This issue has been patched in versions 2.6.22 and 3.0.5.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-34372

reference_id

reference_type

scores

value	0.00021
scoring_system	epss
scoring_elements	0.06003
published_at	2026-06-11T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.06013
published_at	2026-06-14T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.06027
published_at	2026-06-12T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.06019
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-34372

reference_url

https://github.com/sulu/sulu

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/sulu/sulu

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-34372

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-34372

reference_url

https://github.com/sulu/sulu/releases/tag/2.6.22

reference_id

2.6.22

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T20:29:06Z/

url

https://github.com/sulu/sulu/releases/tag/2.6.22

reference_url

https://github.com/sulu/sulu/releases/tag/3.0.5

reference_id

3.0.5

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T20:29:06Z/

url

https://github.com/sulu/sulu/releases/tag/3.0.5

reference_url

https://github.com/advisories/GHSA-6h7h-m7p5-hjqp

reference_id

GHSA-6h7h-m7p5-hjqp

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-6h7h-m7p5-hjqp

reference_url

https://github.com/sulu/sulu/security/advisories/GHSA-6h7h-m7p5-hjqp

reference_id

GHSA-6h7h-m7p5-hjqp

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T20:29:06Z/

url

https://github.com/sulu/sulu/security/advisories/GHSA-6h7h-m7p5-hjqp

fixed_packages

url pkg:composer/sulu/sulu@2.6.22

purl pkg:composer/sulu/sulu@2.6.22

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-71da-g5d9-1qde

vulnerability	VCID-r6j3-4fpa-8fcn

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sulu/sulu@2.6.22

url pkg:composer/sulu/sulu@3.0.5

purl pkg:composer/sulu/sulu@3.0.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-71da-g5d9-1qde

vulnerability	VCID-r6j3-4fpa-8fcn

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sulu/sulu@3.0.5

aliases CVE-2026-34372, GHSA-6h7h-m7p5-hjqp

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mtc1-2z56-afcx

url VCID-n4hq-j48g-kkda

vulnerability_id VCID-n4hq-j48g-kkda

summary Reset Password / Login vulnerability in Sulu

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-15132

reference_id

reference_type

scores

value	0.00276
scoring_system	epss
scoring_elements	0.51503
published_at	2026-06-13T12:55:00Z

value	0.00276
scoring_system	epss
scoring_elements	0.51358
published_at	2026-06-11T12:55:00Z

value	0.00276
scoring_system	epss
scoring_elements	0.51489
published_at	2026-06-12T12:55:00Z

value	0.00276
scoring_system	epss
scoring_elements	0.5149
published_at	2026-06-14T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-15132

reference_url

https://github.com/sulu/sulu/commit/0fbb6009eb6a8efe63b7e3f3b4b886dc54bb2326

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/sulu/sulu/commit/0fbb6009eb6a8efe63b7e3f3b4b886dc54bb2326

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-15132

reference_id

CVE-2020-15132

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-15132

reference_url

https://github.com/advisories/GHSA-wfm4-pq59-wg6r

reference_id

GHSA-wfm4-pq59-wg6r

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-wfm4-pq59-wg6r

reference_url

https://github.com/sulu/sulu/security/advisories/GHSA-wfm4-pq59-wg6r

reference_id

GHSA-wfm4-pq59-wg6r

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/sulu/sulu/security/advisories/GHSA-wfm4-pq59-wg6r

fixed_packages

url pkg:composer/sulu/sulu@1.6.34

purl pkg:composer/sulu/sulu@1.6.34

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4atd-dbgs-ubbt

vulnerability	VCID-cmaq-vz7x-n7gc

vulnerability	VCID-kxc9-hgfy-37av

vulnerability	VCID-mtc1-2z56-afcx

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sulu/sulu@1.6.34

url pkg:composer/sulu/sulu@2.0.10

purl pkg:composer/sulu/sulu@2.0.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cmaq-vz7x-n7gc

vulnerability	VCID-ga1b-8tzr-17gr

vulnerability	VCID-mtc1-2z56-afcx

vulnerability	VCID-pme7-145c-ukem

vulnerability	VCID-uugh-qjgv-zuc4

vulnerability	VCID-vkqp-q7wf-eqhr

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sulu/sulu@2.0.10

url pkg:composer/sulu/sulu@2.1.1

purl pkg:composer/sulu/sulu@2.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cmaq-vz7x-n7gc

vulnerability	VCID-ga1b-8tzr-17gr

vulnerability	VCID-mtc1-2z56-afcx

vulnerability	VCID-pme7-145c-ukem

vulnerability	VCID-uugh-qjgv-zuc4

vulnerability	VCID-vkqp-q7wf-eqhr

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sulu/sulu@2.1.1

aliases CVE-2020-15132, GHSA-wfm4-pq59-wg6r

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n4hq-j48g-kkda

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sulu/sulu@1.0.2

Package Instance