Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/django-tinymce@1.5.1b4
Typepypi
Namespace
Namedjango-tinymce
Version1.5.1b4
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.1.0
Latest_non_vulnerable_version4.1.0
Affected_by_vulnerabilities
0
url VCID-4v71-gmu2-akgq
vulnerability_id VCID-4v71-gmu2-akgq
summary 
Duplicate
This advisory duplicates another.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-38356
reference_id
reference_type
scores
0
value 0.00744
scoring_system epss
scoring_elements 0.73416
published_at 2026-06-07T12:55:00Z
1
value 0.00744
scoring_system epss
scoring_elements 0.7343
published_at 2026-06-06T12:55:00Z
2
value 0.00744
scoring_system epss
scoring_elements 0.73424
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-38356
1
reference_url https://github.com/tinymce/tinymce
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/tinymce/tinymce
2
reference_url https://github.com/tinymce/tinymce/commit/5acb741665a98e83d62b91713c800abbff43b00d
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-20T16:29:07Z/
url https://github.com/tinymce/tinymce/commit/5acb741665a98e83d62b91713c800abbff43b00d
3
reference_url https://github.com/tinymce/tinymce/commit/a9fb858509f86dacfa8b01cfd34653b408983ac0
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/tinymce/tinymce/commit/a9fb858509f86dacfa8b01cfd34653b408983ac0
4
reference_url https://owasp.org/www-community/attacks/xss
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-20T16:29:07Z/
url https://owasp.org/www-community/attacks/xss
5
reference_url https://www.tiny.cloud/docs/tinymce/6/6.8.4-release-notes/#overview
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-20T16:29:07Z/
url https://www.tiny.cloud/docs/tinymce/6/6.8.4-release-notes/#overview
6
reference_url https://www.tiny.cloud/docs/tinymce/7/7.2-release-notes/#overview
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-20T16:29:07Z/
url https://www.tiny.cloud/docs/tinymce/7/7.2-release-notes/#overview
7
reference_url https://www.tiny.cloud/docs/tinymce/latest/7.2-release-notes/#overview
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.tiny.cloud/docs/tinymce/latest/7.2-release-notes/#overview
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-38356
reference_id CVE-2024-38356
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-38356
9
reference_url https://github.com/advisories/GHSA-9hcv-j9pv-qmph
reference_id GHSA-9hcv-j9pv-qmph
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9hcv-j9pv-qmph
10
reference_url https://github.com/tinymce/tinymce/security/advisories/GHSA-9hcv-j9pv-qmph
reference_id GHSA-9hcv-j9pv-qmph
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-20T16:29:07Z/
url https://github.com/tinymce/tinymce/security/advisories/GHSA-9hcv-j9pv-qmph
11
reference_url https://usn.ubuntu.com/8223-1/
reference_id USN-8223-1
reference_type
scores
url https://usn.ubuntu.com/8223-1/
fixed_packages
0
url pkg:pypi/django-tinymce@4.1.0
purl pkg:pypi/django-tinymce@4.1.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django-tinymce@4.1.0
aliases CVE-2024-38356, GHSA-9hcv-j9pv-qmph
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4v71-gmu2-akgq
1
url VCID-nqmt-kv4x-juhy
vulnerability_id VCID-nqmt-kv4x-juhy
summary 
TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements
A [cross-site scripting (XSS)](https://owasp.org/www-community/attacks/xss/) vulnerability was discovered in TinyMCE’s content parsing code. This allowed specially crafted noscript elements containing malicious code to be executed when that content was loaded into the editor.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-38357
reference_id
reference_type
scores
0
value 0.01148
scoring_system epss
scoring_elements 0.78839
published_at 2026-06-07T12:55:00Z
1
value 0.01148
scoring_system epss
scoring_elements 0.78849
published_at 2026-06-06T12:55:00Z
2
value 0.01148
scoring_system epss
scoring_elements 0.78842
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-38357
1
reference_url https://github.com/tinymce/tinymce
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/tinymce/tinymce
2
reference_url https://github.com/tinymce/tinymce/commit/5acb741665a98e83d62b91713c800abbff43b00d
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-20T13:07:53Z/
url https://github.com/tinymce/tinymce/commit/5acb741665a98e83d62b91713c800abbff43b00d
3
reference_url https://github.com/tinymce/tinymce/commit/a9fb858509f86dacfa8b01cfd34653b408983ac0
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/tinymce/tinymce/commit/a9fb858509f86dacfa8b01cfd34653b408983ac0
4
reference_url https://owasp.org/www-community/attacks/xss
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-20T13:07:53Z/
url https://owasp.org/www-community/attacks/xss
5
reference_url https://www.tiny.cloud/docs/tinymce/6/6.8.4-release-notes/#overview
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-20T13:07:53Z/
url https://www.tiny.cloud/docs/tinymce/6/6.8.4-release-notes/#overview
6
reference_url https://www.tiny.cloud/docs/tinymce/7/7.2-release-notes/#overview
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-20T13:07:53Z/
url https://www.tiny.cloud/docs/tinymce/7/7.2-release-notes/#overview
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-38357
reference_id CVE-2024-38357
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-38357
8
reference_url https://github.com/advisories/GHSA-w9jx-4g6g-rp7x
reference_id GHSA-w9jx-4g6g-rp7x
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w9jx-4g6g-rp7x
9
reference_url https://github.com/tinymce/tinymce/security/advisories/GHSA-w9jx-4g6g-rp7x
reference_id GHSA-w9jx-4g6g-rp7x
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-20T13:07:53Z/
url https://github.com/tinymce/tinymce/security/advisories/GHSA-w9jx-4g6g-rp7x
10
reference_url https://usn.ubuntu.com/8223-1/
reference_id USN-8223-1
reference_type
scores
url https://usn.ubuntu.com/8223-1/
fixed_packages
0
url pkg:pypi/django-tinymce@4.1.0
purl pkg:pypi/django-tinymce@4.1.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django-tinymce@4.1.0
aliases CVE-2024-38357, GHSA-w9jx-4g6g-rp7x
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nqmt-kv4x-juhy
2
url VCID-vyvk-n5gm-1uc8
vulnerability_id VCID-vyvk-n5gm-1uc8
summary Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in TinyMCE.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-21910
reference_id
reference_type
scores
0
value 0.04084
scoring_system epss
scoring_elements 0.88783
published_at 2026-06-06T12:55:00Z
1
value 0.04084
scoring_system epss
scoring_elements 0.88781
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-21910
1
reference_url https://github.com/jazzband/django-tinymce/issues/366
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-09T20:43:59Z/
url https://github.com/jazzband/django-tinymce/issues/366
2
reference_url https://github.com/jazzband/django-tinymce/releases/tag/3.4.0
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-09T20:43:59Z/
url https://github.com/jazzband/django-tinymce/releases/tag/3.4.0
3
reference_url https://github.com/tinymce/tinymce
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/tinymce/tinymce
4
reference_url https://pypi.org/project/django-tinymce/3.4.0
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://pypi.org/project/django-tinymce/3.4.0
5
reference_url https://pypi.org/project/django-tinymce/3.4.0/
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-09T20:43:59Z/
url https://pypi.org/project/django-tinymce/3.4.0/
6
reference_url https://github.com/advisories/GHSA-r8hm-w5f7-wj39
reference_id GHSA-r8hm-w5f7-wj39
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-09T20:43:59Z/
url https://github.com/advisories/GHSA-r8hm-w5f7-wj39
7
reference_url https://github.com/tinymce/tinymce/security/advisories/GHSA-r8hm-w5f7-wj39
reference_id GHSA-r8hm-w5f7-wj39
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-09T20:43:59Z/
url https://github.com/tinymce/tinymce/security/advisories/GHSA-r8hm-w5f7-wj39
fixed_packages
0
url pkg:pypi/django-tinymce@3.4.0
purl pkg:pypi/django-tinymce@3.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4v71-gmu2-akgq
1
vulnerability VCID-nqmt-kv4x-juhy
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django-tinymce@3.4.0
aliases CVE-2024-21910, GHSA-r8hm-w5f7-wj39, GMS-2021-133, GMS-2021-164, GMS-2021-192, GMS-2021-8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vyvk-n5gm-1uc8
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/django-tinymce@1.5.1b4