Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.jena/jena@3.9.0
Typemaven
Namespaceorg.apache.jena
Namejena
Version3.9.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.5.0
Latest_non_vulnerable_version5.5.0
Affected_by_vulnerabilities
0
url VCID-8jmu-6k4t-cugk
vulnerability_id VCID-8jmu-6k4t-cugk
summary 
Apache Jena doesn't validate file access paths in configuration files uploaded by users with administrator access
File access paths in configuration files uploaded by users with administrator access are not validated.

This issue affects Apache Jena version up to 5.4.0.

Users are recommended to upgrade to version 5.5.0, which does not allow arbitrary configuration upload.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-50151.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-50151.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-50151
reference_id
reference_type
scores
0
value 0.00709
scoring_system epss
scoring_elements 0.72617
published_at 2026-06-09T12:55:00Z
1
value 0.00709
scoring_system epss
scoring_elements 0.72592
published_at 2026-06-08T12:55:00Z
2
value 0.00709
scoring_system epss
scoring_elements 0.72606
published_at 2026-06-07T12:55:00Z
3
value 0.00709
scoring_system epss
scoring_elements 0.72625
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-50151
2
reference_url https://github.com/apache/jena
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/jena
3
reference_url https://lists.apache.org/thread/12gks5z40gh9bszn1xk8mz34gz586xss
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-21T14:40:14Z/
url https://lists.apache.org/thread/12gks5z40gh9bszn1xk8mz34gz586xss
4
reference_url http://www.openwall.com/lists/oss-security/2025/07/21/2
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/07/21/2
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109807
reference_id 1109807
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109807
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2382279
reference_id 2382279
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2382279
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-50151
reference_id CVE-2025-50151
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-50151
8
reference_url https://github.com/advisories/GHSA-xg9p-p463-3qjp
reference_id GHSA-xg9p-p463-3qjp
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xg9p-p463-3qjp
fixed_packages
0
url pkg:maven/org.apache.jena/jena@5.5.0
purl pkg:maven/org.apache.jena/jena@5.5.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jena/jena@5.5.0
aliases CVE-2025-50151, GHSA-xg9p-p463-3qjp
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8jmu-6k4t-cugk
1
url VCID-8ppq-28a4-yuhn
vulnerability_id VCID-8ppq-28a4-yuhn
summary 
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-22665
reference_id
reference_type
scores
0
value 0.00828
scoring_system epss
scoring_elements 0.74894
published_at 2026-06-05T12:55:00Z
1
value 0.00828
scoring_system epss
scoring_elements 0.74902
published_at 2026-06-09T12:55:00Z
2
value 0.00828
scoring_system epss
scoring_elements 0.74876
published_at 2026-06-08T12:55:00Z
3
value 0.00828
scoring_system epss
scoring_elements 0.749
published_at 2026-06-06T12:55:00Z
4
value 0.00828
scoring_system epss
scoring_elements 0.74865
published_at 2026-06-04T12:55:00Z
5
value 0.00828
scoring_system epss
scoring_elements 0.74891
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-22665
1
reference_url https://github.com/apache/jena
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/jena
2
reference_url https://lists.apache.org/thread/s0dmpsxcwqs57l4qfs415klkgmhdxq7s
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/s0dmpsxcwqs57l4qfs415klkgmhdxq7s
3
reference_url http://www.openwall.com/lists/oss-security/2023/07/11/11
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2023/07/11/11
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035952
reference_id 1035952
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035952
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-22665
reference_id CVE-2023-22665
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-22665
6
reference_url https://github.com/advisories/GHSA-xgh5-gwq5-rpx8
reference_id GHSA-xgh5-gwq5-rpx8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xgh5-gwq5-rpx8
fixed_packages
0
url pkg:maven/org.apache.jena/jena@4.8.0
purl pkg:maven/org.apache.jena/jena@4.8.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8jmu-6k4t-cugk
1
vulnerability VCID-8ppq-28a4-yuhn
2
vulnerability VCID-tr82-qh78-uyef
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jena/jena@4.8.0
1
url pkg:maven/org.apache.jena/jena@4.9.0
purl pkg:maven/org.apache.jena/jena@4.9.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8jmu-6k4t-cugk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jena/jena@4.9.0
aliases CVE-2023-22665, GHSA-xgh5-gwq5-rpx8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8ppq-28a4-yuhn
2
url VCID-tr82-qh78-uyef
vulnerability_id VCID-tr82-qh78-uyef
summary 
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
There is insufficient restrictions of called script functions in Apache Jena
 versions 4.8.0 and earlier. It allows a 
remote user to execute javascript via a SPARQL query.
This issue affects Apache Jena: from 3.7.0 through 4.8.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-32200
reference_id
reference_type
scores
0
value 0.00942
scoring_system epss
scoring_elements 0.76661
published_at 2026-06-06T12:55:00Z
1
value 0.00942
scoring_system epss
scoring_elements 0.76662
published_at 2026-06-09T12:55:00Z
2
value 0.00942
scoring_system epss
scoring_elements 0.7664
published_at 2026-06-08T12:55:00Z
3
value 0.00942
scoring_system epss
scoring_elements 0.76655
published_at 2026-06-05T12:55:00Z
4
value 0.00942
scoring_system epss
scoring_elements 0.7665
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-32200
1
reference_url https://github.com/apache/jena
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/jena
2
reference_url https://jena.apache.org/about_jena/security-advisories.html#cve-2023-32200---exposure-of-execution-in-script-engine-expressions
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://jena.apache.org/about_jena/security-advisories.html#cve-2023-32200---exposure-of-execution-in-script-engine-expressions
3
reference_url https://lists.apache.org/thread/7hg0t2kws3fyr75dl7lll8389xzzc46z
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-07T19:41:36Z/
url https://lists.apache.org/thread/7hg0t2kws3fyr75dl7lll8389xzzc46z
4
reference_url https://www.cve.org/CVERecord?id=CVE-2023-22665
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-07T19:41:36Z/
url https://www.cve.org/CVERecord?id=CVE-2023-22665
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041108
reference_id 1041108
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041108
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-32200
reference_id CVE-2023-32200
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-32200
7
reference_url https://github.com/advisories/GHSA-j927-w6g7-7c7w
reference_id GHSA-j927-w6g7-7c7w
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j927-w6g7-7c7w
fixed_packages
0
url pkg:maven/org.apache.jena/jena@4.9.0
purl pkg:maven/org.apache.jena/jena@4.9.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8jmu-6k4t-cugk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jena/jena@4.9.0
aliases CVE-2023-32200, GHSA-j927-w6g7-7c7w
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tr82-qh78-uyef
3
url VCID-u3j5-au1e-8ubc
vulnerability_id VCID-u3j5-au1e-8ubc
summary 
Improper Restriction of XML External Entity Reference
A vulnerability in XML processing in Apache Jena may allow an attacker to execute XML External Entities (XXE), including exposing the contents of local files to a remote server.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39239
reference_id
reference_type
scores
0
value 0.00563
scoring_system epss
scoring_elements 0.68775
published_at 2026-06-09T12:55:00Z
1
value 0.00563
scoring_system epss
scoring_elements 0.68731
published_at 2026-06-04T12:55:00Z
2
value 0.00563
scoring_system epss
scoring_elements 0.68771
published_at 2026-06-07T12:55:00Z
3
value 0.00563
scoring_system epss
scoring_elements 0.68779
published_at 2026-06-06T12:55:00Z
4
value 0.00563
scoring_system epss
scoring_elements 0.68756
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39239
1
reference_url https://gitbox.apache.org/repos/asf?p=jena.git
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://gitbox.apache.org/repos/asf?p=jena.git
2
reference_url https://lists.apache.org/thread.html/r0f03ae7e102c3e8587fdd36531fc167309335738156dfbd7d9c1bf45@%3Cdev.jena.apache.org%3E
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r0f03ae7e102c3e8587fdd36531fc167309335738156dfbd7d9c1bf45@%3Cdev.jena.apache.org%3E
3
reference_url https://lists.apache.org/thread.html/rce5241b228a1f0e5880f6b2bfdb7ae9ee420e94cb692738a0bbfed9d@%3Cdev.jena.apache.org%3E
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rce5241b228a1f0e5880f6b2bfdb7ae9ee420e94cb692738a0bbfed9d@%3Cdev.jena.apache.org%3E
4
reference_url https://lists.apache.org/thread.html/rf44d529c54ef1d0097e813f576a0823a727e1669a9f610d3221d493d@%3Cannounce.apache.org%3E
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rf44d529c54ef1d0097e813f576a0823a727e1669a9f610d3221d493d@%3Cannounce.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/rf44d529c54ef1d0097e813f576a0823a727e1669a9f610d3221d493d%40%3Cusers.jena.apache.org%3E
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rf44d529c54ef1d0097e813f576a0823a727e1669a9f610d3221d493d%40%3Cusers.jena.apache.org%3E
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014982
reference_id 1014982
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014982
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-39239
reference_id CVE-2021-39239
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-39239
8
reference_url https://github.com/advisories/GHSA-7rp6-w7mg-h8rw
reference_id GHSA-7rp6-w7mg-h8rw
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7rp6-w7mg-h8rw
fixed_packages
0
url pkg:maven/org.apache.jena/jena@4.2.0
purl pkg:maven/org.apache.jena/jena@4.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8jmu-6k4t-cugk
1
vulnerability VCID-8ppq-28a4-yuhn
2
vulnerability VCID-tr82-qh78-uyef
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jena/jena@4.2.0
aliases CVE-2021-39239, GHSA-7rp6-w7mg-h8rw
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u3j5-au1e-8ubc
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jena/jena@3.9.0