Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/ocaml@3.08.3-3
Typedeb
Namespacedebian
Nameocaml
Version3.08.3-3
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.05.0-11
Latest_non_vulnerable_version5.3.0-3
Affected_by_vulnerabilities
0
url VCID-3j7d-uzsc-r7gt
vulnerability_id VCID-3j7d-uzsc-r7gt
summary The caml_ba_deserialize function in byterun/bigarray.c in the standard library in OCaml 4.06.0 has an integer overflow which, in situations where marshalled data is accepted from an untrusted source, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted object.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-9838.json
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-9838.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-9838
reference_id
reference_type
scores
0
value 0.08115
scoring_system epss
scoring_elements 0.92307
published_at 2026-06-04T12:55:00Z
1
value 0.08115
scoring_system epss
scoring_elements 0.92321
published_at 2026-06-05T12:55:00Z
2
value 0.08115
scoring_system epss
scoring_elements 0.92318
published_at 2026-06-06T12:55:00Z
3
value 0.08115
scoring_system epss
scoring_elements 0.92315
published_at 2026-06-07T12:55:00Z
4
value 0.08115
scoring_system epss
scoring_elements 0.92314
published_at 2026-06-08T12:55:00Z
5
value 0.08115
scoring_system epss
scoring_elements 0.92328
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-9838
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9838
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9838
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1565468
reference_id 1565468
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1565468
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895472
reference_id 895472
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895472
6
reference_url https://security.gentoo.org/glsa/202007-48
reference_id GLSA-202007-48
reference_type
scores
url https://security.gentoo.org/glsa/202007-48
7
reference_url https://usn.ubuntu.com/USN-4778-1/
reference_id USN-USN-4778-1
reference_type
scores
url https://usn.ubuntu.com/USN-4778-1/
fixed_packages
0
url pkg:deb/debian/ocaml@4.05.0-11
purl pkg:deb/debian/ocaml@4.05.0-11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ocaml@4.05.0-11
aliases CVE-2018-9838
risk_score 2.5
exploitability 0.5
weighted_severity 5.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3j7d-uzsc-r7gt
1
url VCID-q4cm-bcyj-hket
vulnerability_id VCID-q4cm-bcyj-hket
summary OCaml 3.12.1 and earlier computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0839.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0839.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-0839
reference_id
reference_type
scores
0
value 0.00746
scoring_system epss
scoring_elements 0.73426
published_at 2026-06-04T12:55:00Z
1
value 0.00746
scoring_system epss
scoring_elements 0.73462
published_at 2026-06-05T12:55:00Z
2
value 0.00746
scoring_system epss
scoring_elements 0.73467
published_at 2026-06-06T12:55:00Z
3
value 0.00746
scoring_system epss
scoring_elements 0.73454
published_at 2026-06-07T12:55:00Z
4
value 0.00746
scoring_system epss
scoring_elements 0.73441
published_at 2026-06-08T12:55:00Z
5
value 0.00746
scoring_system epss
scoring_elements 0.73465
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-0839
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0839
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0839
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659149
reference_id 659149
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659149
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=787888
reference_id 787888
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=787888
fixed_packages
0
url pkg:deb/debian/ocaml@4.01.0-5
purl pkg:deb/debian/ocaml@4.01.0-5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3j7d-uzsc-r7gt
1
vulnerability VCID-wh13-7t2a-vqdk
2
vulnerability VCID-xw1s-ceu4-w3hj
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ocaml@4.01.0-5
aliases CVE-2012-0839
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q4cm-bcyj-hket
2
url VCID-wh13-7t2a-vqdk
vulnerability_id VCID-wh13-7t2a-vqdk
summary OCaml compiler allows attackers to have unspecified impact via unknown vectors, a similar issue to CVE-2017-9772 "but with much less impact."
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-9779
reference_id
reference_type
scores
0
value 0.00249
scoring_system epss
scoring_elements 0.48331
published_at 2026-06-04T12:55:00Z
1
value 0.00249
scoring_system epss
scoring_elements 0.48394
published_at 2026-06-05T12:55:00Z
2
value 0.00249
scoring_system epss
scoring_elements 0.48397
published_at 2026-06-06T12:55:00Z
3
value 0.00249
scoring_system epss
scoring_elements 0.48378
published_at 2026-06-07T12:55:00Z
4
value 0.00249
scoring_system epss
scoring_elements 0.48349
published_at 2026-06-08T12:55:00Z
5
value 0.00249
scoring_system epss
scoring_elements 0.48362
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-9779
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9779
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9779
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874700
reference_id 874700
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874700
fixed_packages
0
url pkg:deb/debian/ocaml@4.05.0-11
purl pkg:deb/debian/ocaml@4.05.0-11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ocaml@4.05.0-11
aliases CVE-2017-9779
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wh13-7t2a-vqdk
3
url VCID-xw1s-ceu4-w3hj
vulnerability_id VCID-xw1s-ceu4-w3hj
summary OCaml before 4.03.0 does not properly handle sign extensions, which allows remote attackers to conduct buffer overflow attacks or obtain sensitive information as demonstrated by a long string to the String.copy function.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8869.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8869.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-8869
reference_id
reference_type
scores
0
value 0.03774
scoring_system epss
scoring_elements 0.88277
published_at 2026-06-05T12:55:00Z
1
value 0.03774
scoring_system epss
scoring_elements 0.88258
published_at 2026-06-04T12:55:00Z
2
value 0.03774
scoring_system epss
scoring_elements 0.88279
published_at 2026-06-07T12:55:00Z
3
value 0.03774
scoring_system epss
scoring_elements 0.88295
published_at 2026-06-09T12:55:00Z
4
value 0.03774
scoring_system epss
scoring_elements 0.8828
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-8869
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8869
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8869
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv2
scoring_elements AV:L/AC:H/Au:N/C:P/I:P/A:P
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1332090
reference_id 1332090
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1332090
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=824139
reference_id 824139
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=824139
6
reference_url https://security.archlinux.org/ASA-201610-17
reference_id ASA-201610-17
reference_type
scores
url https://security.archlinux.org/ASA-201610-17
7
reference_url https://security.archlinux.org/AVG-13
reference_id AVG-13
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-13
8
reference_url https://security.gentoo.org/glsa/201702-15
reference_id GLSA-201702-15
reference_type
scores
url https://security.gentoo.org/glsa/201702-15
9
reference_url https://access.redhat.com/errata/RHSA-2016:1296
reference_id RHSA-2016:1296
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:1296
10
reference_url https://access.redhat.com/errata/RHSA-2016:2576
reference_id RHSA-2016:2576
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:2576
11
reference_url https://access.redhat.com/errata/RHSA-2017:0564
reference_id RHSA-2017:0564
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:0564
12
reference_url https://access.redhat.com/errata/RHSA-2017:0565
reference_id RHSA-2017:0565
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:0565
13
reference_url https://usn.ubuntu.com/3437-1/
reference_id USN-3437-1
reference_type
scores
url https://usn.ubuntu.com/3437-1/
14
reference_url https://usn.ubuntu.com/USN-4778-1/
reference_id USN-USN-4778-1
reference_type
scores
url https://usn.ubuntu.com/USN-4778-1/
fixed_packages
0
url pkg:deb/debian/ocaml@4.02.3-9
purl pkg:deb/debian/ocaml@4.02.3-9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3j7d-uzsc-r7gt
1
vulnerability VCID-wh13-7t2a-vqdk
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ocaml@4.02.3-9
aliases CVE-2015-8869
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xw1s-ceu4-w3hj
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/ocaml@3.08.3-3