Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/oro/platform@4.2.2
Typecomposer
Namespaceoro
Nameplatform
Version4.2.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.1.0-alpha.1
Latest_non_vulnerable_version5.1.4
Affected_by_vulnerabilities
0
url VCID-2ajt-w76a-huht
vulnerability_id VCID-2ajt-w76a-huht
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-32062
reference_id
reference_type
scores
0
value 0.00195
scoring_system epss
scoring_elements 0.41355
published_at 2026-06-11T12:55:00Z
1
value 0.00195
scoring_system epss
scoring_elements 0.41521
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-32062
1
reference_url https://github.com/oroinc/crm
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/oroinc/crm
2
reference_url https://github.com/oroinc/crm/security/advisories/GHSA-x2xm-p6vq-482g
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/oroinc/crm/security/advisories/GHSA-x2xm-p6vq-482g
3
reference_url https://github.com/oroinc/OroCalendarBundle/commit/460a8ffb63b10c76f2fa26d53512164851c4909b
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/oroinc/OroCalendarBundle/commit/460a8ffb63b10c76f2fa26d53512164851c4909b
4
reference_url https://github.com/oroinc/OroCalendarBundle/commit/5f4734aa02088191c1c1d90ac0909f48610fe531
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/oroinc/OroCalendarBundle/commit/5f4734aa02088191c1c1d90ac0909f48610fe531
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-32062
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-32062
6
reference_url https://github.com/advisories/GHSA-x2xm-p6vq-482g
reference_id GHSA-x2xm-p6vq-482g
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x2xm-p6vq-482g
fixed_packages
0
url pkg:composer/oro/platform@4.2.7
purl pkg:composer/oro/platform@4.2.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hnn-fpbj-v3d8
1
vulnerability VCID-bxz5-fhjg-kya9
2
vulnerability VCID-f1vx-z6p8-9ud2
3
vulnerability VCID-j6x6-vkbd-xug4
4
vulnerability VCID-r15z-84fs-jbf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/oro/platform@4.2.7
1
url pkg:composer/oro/platform@5.0.7
purl pkg:composer/oro/platform@5.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bxz5-fhjg-kya9
1
vulnerability VCID-r15z-84fs-jbf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/oro/platform@5.0.7
2
url pkg:composer/oro/platform@5.1.1
purl pkg:composer/oro/platform@5.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bxz5-fhjg-kya9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/oro/platform@5.1.1
aliases CVE-2023-32062, GHSA-x2xm-p6vq-482g
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2ajt-w76a-huht
1
url VCID-2hnn-fpbj-v3d8
vulnerability_id VCID-2hnn-fpbj-v3d8
summary OroPlatform is a PHP Business Application Platform. In affected versions the email template preview is vulnerable to XSS payload added to email template content. An attacker must have permission to create or edit an email template. For successful payload, execution the attacked user must preview a vulnerable email template. There are no workarounds that address this vulnerability. Users are advised to upgrade as soon as is possible.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-41236
reference_id
reference_type
scores
0
value 0.005
scoring_system epss
scoring_elements 0.66491
published_at 2026-06-12T12:55:00Z
1
value 0.005
scoring_system epss
scoring_elements 0.66397
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-41236
1
reference_url https://github.com/oroinc/platform
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/oroinc/platform
2
reference_url https://github.com/oroinc/platform/commit/2a089c971fc70bc63baf8770d29ee515ce5a415a
reference_id 2a089c971fc70bc63baf8770d29ee515ce5a415a
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:12:50Z/
url https://github.com/oroinc/platform/commit/2a089c971fc70bc63baf8770d29ee515ce5a415a
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41236
reference_id CVE-2021-41236
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-41236
4
reference_url https://github.com/advisories/GHSA-qv7g-j98v-8pp7
reference_id GHSA-qv7g-j98v-8pp7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qv7g-j98v-8pp7
5
reference_url https://github.com/oroinc/platform/security/advisories/GHSA-qv7g-j98v-8pp7
reference_id GHSA-qv7g-j98v-8pp7
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:12:50Z/
url https://github.com/oroinc/platform/security/advisories/GHSA-qv7g-j98v-8pp7
fixed_packages
0
url pkg:composer/oro/platform@4.2.8
purl pkg:composer/oro/platform@4.2.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bxz5-fhjg-kya9
1
vulnerability VCID-r15z-84fs-jbf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/oro/platform@4.2.8
aliases CVE-2021-41236, GHSA-qv7g-j98v-8pp7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2hnn-fpbj-v3d8
2
url VCID-bxz5-fhjg-kya9
vulnerability_id VCID-bxz5-fhjg-kya9
summary OroPlatform is a PHP Business Application Platform (BAP). A logged in user can access page state data of pinned pages of other users by pageId hash. This vulnerability is fixed in 5.1.4.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-45824
reference_id
reference_type
scores
0
value 0.0024
scoring_system epss
scoring_elements 0.47714
published_at 2026-06-12T12:55:00Z
1
value 0.0024
scoring_system epss
scoring_elements 0.47574
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-45824
1
reference_url https://github.com/oroinc/platform
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/oroinc/platform
2
reference_url https://github.com/oroinc/platform/commit/cf94df7595afca052796e26b299d2ce031e289cd
reference_id cf94df7595afca052796e26b299d2ce031e289cd
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-22T17:56:46Z/
url https://github.com/oroinc/platform/commit/cf94df7595afca052796e26b299d2ce031e289cd
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-45824
reference_id CVE-2023-45824
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-45824
4
reference_url https://github.com/advisories/GHSA-vxq2-p937-3px3
reference_id GHSA-vxq2-p937-3px3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vxq2-p937-3px3
5
reference_url https://github.com/oroinc/platform/security/advisories/GHSA-vxq2-p937-3px3
reference_id GHSA-vxq2-p937-3px3
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-22T17:56:46Z/
url https://github.com/oroinc/platform/security/advisories/GHSA-vxq2-p937-3px3
fixed_packages
0
url pkg:composer/oro/platform@5.0.0-alpha.1
purl pkg:composer/oro/platform@5.0.0-alpha.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-r15z-84fs-jbf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/oro/platform@5.0.0-alpha.1
1
url pkg:composer/oro/platform@5.1.0-alpha.1
purl pkg:composer/oro/platform@5.1.0-alpha.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/oro/platform@5.1.0-alpha.1
2
url pkg:composer/oro/platform@5.1.4
purl pkg:composer/oro/platform@5.1.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/oro/platform@5.1.4
aliases CVE-2023-45824, GHSA-vxq2-p937-3px3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bxz5-fhjg-kya9
3
url VCID-f1vx-z6p8-9ud2
vulnerability_id VCID-f1vx-z6p8-9ud2
summary XSS vulnerability in translations
references
0
reference_url https://github.com/advisories/GHSA-rrgw-3hg3-9x8c
reference_id GHSA-rrgw-3hg3-9x8c
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rrgw-3hg3-9x8c
1
reference_url https://github.com/oroinc/platform-er/security/advisories/GHSA-rrgw-3hg3-9x8c
reference_id GHSA-rrgw-3hg3-9x8c
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/oroinc/platform-er/security/advisories/GHSA-rrgw-3hg3-9x8c
fixed_packages
0
url pkg:composer/oro/platform@4.2.8
purl pkg:composer/oro/platform@4.2.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bxz5-fhjg-kya9
1
vulnerability VCID-r15z-84fs-jbf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/oro/platform@4.2.8
aliases GHSA-rrgw-3hg3-9x8c, GMS-2022-24
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f1vx-z6p8-9ud2
4
url VCID-j6x6-vkbd-xug4
vulnerability_id VCID-j6x6-vkbd-xug4
summary OroPlatform is a PHP Business Application Platform. In affected versions by sending a specially crafted request, an attacker could inject properties into existing JavaScript language construct prototypes, such as objects. Later this injection may lead to JS code execution by libraries that are vulnerable to Prototype Pollution. This issue has been patched in version 4.2.8. Users unable to upgrade may configure a firewall to drop requests containing next strings: `__proto__` , `constructor[prototype]`, and `constructor.prototype` to mitigate this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-43852
reference_id
reference_type
scores
0
value 0.00626
scoring_system epss
scoring_elements 0.70789
published_at 2026-06-12T12:55:00Z
1
value 0.00626
scoring_system epss
scoring_elements 0.70699
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-43852
1
reference_url https://github.com/oroinc/platform
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/oroinc/platform
2
reference_url https://github.com/oroinc/platform/commit/62c26936b3adee9c20255dcd9f8ee5c299b464a9
reference_id 62c26936b3adee9c20255dcd9f8ee5c299b464a9
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:12:47Z/
url https://github.com/oroinc/platform/commit/62c26936b3adee9c20255dcd9f8ee5c299b464a9
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-43852
reference_id CVE-2021-43852
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-43852
4
reference_url https://github.com/advisories/GHSA-jx5q-g37m-h5hj
reference_id GHSA-jx5q-g37m-h5hj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jx5q-g37m-h5hj
5
reference_url https://github.com/oroinc/platform/security/advisories/GHSA-jx5q-g37m-h5hj
reference_id GHSA-jx5q-g37m-h5hj
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:H
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:12:47Z/
url https://github.com/oroinc/platform/security/advisories/GHSA-jx5q-g37m-h5hj
fixed_packages
0
url pkg:composer/oro/platform@4.2.8
purl pkg:composer/oro/platform@4.2.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bxz5-fhjg-kya9
1
vulnerability VCID-r15z-84fs-jbf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/oro/platform@4.2.8
aliases CVE-2021-43852, GHSA-jx5q-g37m-h5hj
risk_score 4.0
exploitability 0.5
weighted_severity 7.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j6x6-vkbd-xug4
5
url VCID-r15z-84fs-jbf2
vulnerability_id VCID-r15z-84fs-jbf2
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-41951
reference_id
reference_type
scores
0
value 0.00414
scoring_system epss
scoring_elements 0.62063
published_at 2026-06-11T12:55:00Z
1
value 0.00414
scoring_system epss
scoring_elements 0.62164
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-41951
1
reference_url https://github.com/oroinc/platform
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/oroinc/platform
2
reference_url https://github.com/oroinc/platform/security/advisories/GHSA-9v3j-4j64-p937
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/oroinc/platform/security/advisories/GHSA-9v3j-4j64-p937
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-41951
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-41951
4
reference_url https://github.com/advisories/GHSA-9v3j-4j64-p937
reference_id GHSA-9v3j-4j64-p937
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9v3j-4j64-p937
fixed_packages
0
url pkg:composer/oro/platform@5.0.8
purl pkg:composer/oro/platform@5.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bxz5-fhjg-kya9
1
vulnerability VCID-r15z-84fs-jbf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/oro/platform@5.0.8
1
url pkg:composer/oro/platform@5.0.9
purl pkg:composer/oro/platform@5.0.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bxz5-fhjg-kya9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/oro/platform@5.0.9
aliases CVE-2022-41951, GHSA-9v3j-4j64-p937
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r15z-84fs-jbf2
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/oro/platform@4.2.2