Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/automattic/jetpack@6.6.3
Typecomposer
Namespaceautomattic
Namejetpack
Version6.6.3
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version12.8-a.3
Latest_non_vulnerable_version12.8-a.3
Affected_by_vulnerabilities
0
url VCID-8m3r-p3ve-w7as
vulnerability_id VCID-8m3r-p3ve-w7as
summary JetPack Exposure of Resource to Wrong Sphere
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-24374
reference_id
reference_type
scores
0
value 0.00789
scoring_system epss
scoring_elements 0.74383
published_at 2026-06-12T12:55:00Z
1
value 0.00789
scoring_system epss
scoring_elements 0.7431
published_at 2026-06-11T12:55:00Z
2
value 0.00789
scoring_system epss
scoring_elements 0.74393
published_at 2026-06-14T12:55:00Z
3
value 0.00789
scoring_system epss
scoring_elements 0.74396
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-24374
1
reference_url https://github.com/Automattic/jetpack-production
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/Automattic/jetpack-production
2
reference_url https://jetpack.com/2021/06/01/jetpack-9-8-engage-your-audience-with-wordpress-stories
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jetpack.com/2021/06/01/jetpack-9-8-engage-your-audience-with-wordpress-stories
3
reference_url https://jetpack.com/2021/06/01/jetpack-9-8-engage-your-audience-with-wordpress-stories/
reference_id
reference_type
scores
url https://jetpack.com/2021/06/01/jetpack-9-8-engage-your-audience-with-wordpress-stories/
4
reference_url https://wpscan.com/vulnerability/08a8a51c-49d3-4bce-b7e0-e365af1d8f33
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://wpscan.com/vulnerability/08a8a51c-49d3-4bce-b7e0-e365af1d8f33
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-24374
reference_id CVE-2021-24374
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-24374
6
reference_url https://github.com/advisories/GHSA-5hr6-r8h6-wh22
reference_id GHSA-5hr6-r8h6-wh22
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5hr6-r8h6-wh22
fixed_packages
0
url pkg:composer/automattic/jetpack@9.8
purl pkg:composer/automattic/jetpack@9.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a7y6-z2r7-gffy
1
vulnerability VCID-ux2m-6d4e-5bav
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/automattic/jetpack@9.8
1
url pkg:composer/automattic/jetpack@9.8.0
purl pkg:composer/automattic/jetpack@9.8.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/automattic/jetpack@9.8.0
aliases CVE-2021-24374, GHSA-5hr6-r8h6-wh22
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8m3r-p3ve-w7as
1
url VCID-a7y6-z2r7-gffy
vulnerability_id VCID-a7y6-z2r7-gffy
summary The Jetpack WordPress plugin before 12.1.1 does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rare cases achieve Remote Code Execution via phar deserialization.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-2996
reference_id
reference_type
scores
0
value 0.03349
scoring_system epss
scoring_elements 0.87594
published_at 2026-06-11T12:55:00Z
1
value 0.03349
scoring_system epss
scoring_elements 0.87636
published_at 2026-06-12T12:55:00Z
2
value 0.03349
scoring_system epss
scoring_elements 0.87642
published_at 2026-06-13T12:55:00Z
3
value 0.03349
scoring_system epss
scoring_elements 0.87639
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-2996
1
reference_url https://wpscan.com/vulnerability/52d221bd-ae42-435d-a90a-60a5ae530663
reference_id 52d221bd-ae42-435d-a90a-60a5ae530663
reference_type
scores
0
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-12-05T16:47:57Z/
url https://wpscan.com/vulnerability/52d221bd-ae42-435d-a90a-60a5ae530663
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-2996
reference_id CVE-2023-2996
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-2996
3
reference_url https://jetpack.com/blog/jetpack-12-1-1-critical-security-update/
reference_id jetpack-12-1-1-critical-security-update
reference_type
scores
0
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-12-05T16:47:57Z/
url https://jetpack.com/blog/jetpack-12-1-1-critical-security-update/
fixed_packages
0
url pkg:composer/automattic/jetpack@12.1.1
purl pkg:composer/automattic/jetpack@12.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ux2m-6d4e-5bav
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/automattic/jetpack@12.1.1
aliases CVE-2023-2996
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a7y6-z2r7-gffy
2
url VCID-ux2m-6d4e-5bav
vulnerability_id VCID-ux2m-6d4e-5bav
summary Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic Jetpack – WP Security, Backup, Speed, & Growth allows Stored XSS.This issue affects Jetpack – WP Security, Backup, Speed, & Growth: from n/a through 12.8-a.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-45050
reference_id
reference_type
scores
0
value 0.00275
scoring_system epss
scoring_elements 0.514
published_at 2026-06-14T12:55:00Z
1
value 0.00275
scoring_system epss
scoring_elements 0.51268
published_at 2026-06-11T12:55:00Z
2
value 0.00275
scoring_system epss
scoring_elements 0.51399
published_at 2026-06-12T12:55:00Z
3
value 0.00275
scoring_system epss
scoring_elements 0.51413
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-45050
1
reference_url https://patchstack.com/articles/authenticated-stored-xss-in-woocommerce-and-jetpack-plugin?_s_id=cve
reference_id authenticated-stored-xss-in-woocommerce-and-jetpack-plugin?_s_id=cve
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:22:32Z/
url https://patchstack.com/articles/authenticated-stored-xss-in-woocommerce-and-jetpack-plugin?_s_id=cve
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-45050
reference_id CVE-2023-45050
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-45050
3
reference_url https://patchstack.com/database/vulnerability/jetpack/wordpress-jetpack-plugin-12-8-a-1-cross-site-scripting-xss-vulnerability?_s_id=cve
reference_id wordpress-jetpack-plugin-12-8-a-1-cross-site-scripting-xss-vulnerability?_s_id=cve
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:22:32Z/
url https://patchstack.com/database/vulnerability/jetpack/wordpress-jetpack-plugin-12-8-a-1-cross-site-scripting-xss-vulnerability?_s_id=cve
fixed_packages
0
url pkg:composer/automattic/jetpack@12.8-a.3
purl pkg:composer/automattic/jetpack@12.8-a.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/automattic/jetpack@12.8-a.3
1
url pkg:composer/automattic/jetpack@12.8.0-a.3
purl pkg:composer/automattic/jetpack@12.8.0-a.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/automattic/jetpack@12.8.0-a.3
aliases CVE-2023-45050
risk_score 1.9
exploitability 0.5
weighted_severity 3.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ux2m-6d4e-5bav
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/automattic/jetpack@6.6.3