Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/appwrite/server-ce@0.4.0
Typecomposer
Namespaceappwrite
Nameserver-ce
Version0.4.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-4ptx-3zht-g7b8
vulnerability_id VCID-4ptx-3zht-g7b8
summary 
Appwrite Vulnerable to Cross-site Scripting
Appwrite is vulnerable to stored cross-site scripting in usernames, function names, storage bucket names, and database collection names.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2925
reference_id
reference_type
scores
0
value 0.00348
scoring_system epss
scoring_elements 0.57599
published_at 2026-06-04T12:55:00Z
1
value 0.00348
scoring_system epss
scoring_elements 0.57655
published_at 2026-06-09T12:55:00Z
2
value 0.00348
scoring_system epss
scoring_elements 0.57651
published_at 2026-06-07T12:55:00Z
3
value 0.00348
scoring_system epss
scoring_elements 0.57638
published_at 2026-06-08T12:55:00Z
4
value 0.00348
scoring_system epss
scoring_elements 0.5766
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2925
1
reference_url https://drive.google.com/file/d/1JoMQy1KTodVtIVOzH3vKcC3AwZz0PrFb/view?usp=sharing
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://drive.google.com/file/d/1JoMQy1KTodVtIVOzH3vKcC3AwZz0PrFb/view?usp=sharing
2
reference_url https://github.com/appwrite/appwrite
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/appwrite/appwrite
3
reference_url https://github.com/appwrite/appwrite/commit/b5b4d92623c13fa8e5c71736db461e81fb7a7ade
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/appwrite/appwrite/commit/b5b4d92623c13fa8e5c71736db461e81fb7a7ade
4
reference_url https://huntr.dev/bounties/a3b4148f-165f-4583-abed-5568696d99dc
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/a3b4148f-165f-4583-abed-5568696d99dc
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-2925
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-2925
6
reference_url https://github.com/advisories/GHSA-5ffj-mph5-c5hv
reference_id GHSA-5ffj-mph5-c5hv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5ffj-mph5-c5hv
fixed_packages
0
url pkg:composer/appwrite/server-ce@1.0.0-RC1
purl pkg:composer/appwrite/server-ce@1.0.0-RC1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dtju-jew3-3qgz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/appwrite/server-ce@1.0.0-RC1
1
url pkg:composer/appwrite/server-ce@1.0.0
purl pkg:composer/appwrite/server-ce@1.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dtju-jew3-3qgz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/appwrite/server-ce@1.0.0
aliases CVE-2022-2925, GHSA-5ffj-mph5-c5hv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4ptx-3zht-g7b8
1
url VCID-dtju-jew3-3qgz
vulnerability_id VCID-dtju-jew3-3qgz
summary Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /v1/avatars/favicon. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request.
references
0
reference_url http://appwrite.com
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-18T15:08:46Z/
url http://appwrite.com
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-27159
reference_id
reference_type
scores
0
value 0.76972
scoring_system epss
scoring_elements 0.98981
published_at 2026-06-07T12:55:00Z
1
value 0.76972
scoring_system epss
scoring_elements 0.9898
published_at 2026-06-09T12:55:00Z
2
value 0.76972
scoring_system epss
scoring_elements 0.98983
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-27159
2
reference_url https://gist.github.com/b33t1e/43b26c31e895baf7e7aea2dbf9743a9a
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-18T15:08:46Z/
url https://gist.github.com/b33t1e/43b26c31e895baf7e7aea2dbf9743a9a
3
reference_url https://gist.github.com/b33t1e/e9e8192317c111e7897e04d2f9bf5fdb
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-18T15:08:46Z/
url https://gist.github.com/b33t1e/e9e8192317c111e7897e04d2f9bf5fdb
4
reference_url https://github.com/appwrite/appwrite
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-18T15:08:46Z/
url https://github.com/appwrite/appwrite
5
reference_url https://notes.sjtu.edu.cn/gMNlpByZSDiwrl9uZyHTKA
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-18T15:08:46Z/
url https://notes.sjtu.edu.cn/gMNlpByZSDiwrl9uZyHTKA
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-27159
reference_id CVE-2023-27159
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-27159
7
reference_url https://github.com/advisories/GHSA-hxgx-584x-vwm8
reference_id GHSA-hxgx-584x-vwm8
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hxgx-584x-vwm8
fixed_packages
aliases CVE-2023-27159, GHSA-hxgx-584x-vwm8
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dtju-jew3-3qgz
2
url VCID-x7wu-vcge-33g6
vulnerability_id VCID-x7wu-vcge-33g6
summary 
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
This affects the package litespeed.js before 0.3.12; the package appwrite/server-ce from 0.12.0 and before 0.12.2, before 0.11.1. When parsing the query string in the getJsonFromUrl function, the key that is set in the result object is not properly sanitized leading to a Prototype Pollution vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-23682
reference_id
reference_type
scores
0
value 0.05384
scoring_system epss
scoring_elements 0.90289
published_at 2026-06-08T12:55:00Z
1
value 0.05384
scoring_system epss
scoring_elements 0.90304
published_at 2026-06-09T12:55:00Z
2
value 0.05384
scoring_system epss
scoring_elements 0.90277
published_at 2026-06-04T12:55:00Z
3
value 0.05384
scoring_system epss
scoring_elements 0.90292
published_at 2026-06-06T12:55:00Z
4
value 0.05384
scoring_system epss
scoring_elements 0.9029
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-23682
1
reference_url https://github.com/appwrite/appwrite/pull/2778
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/appwrite/appwrite/pull/2778
2
reference_url https://github.com/appwrite/appwrite/releases/tag/0.11.1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/appwrite/appwrite/releases/tag/0.11.1
3
reference_url https://github.com/appwrite/appwrite/releases/tag/0.12.2
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/appwrite/appwrite/releases/tag/0.12.2
4
reference_url https://github.com/litespeed-js/litespeed.js/pull/18
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/litespeed-js/litespeed.js/pull/18
5
reference_url https://snyk.io/vuln/SNYK-JS-LITESPEEDJS-2359250
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JS-LITESPEEDJS-2359250
6
reference_url https://snyk.io/vuln/SNYK-PHP-APPWRITESERVERCE-2401820
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-PHP-APPWRITESERVERCE-2401820
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-23682
reference_id CVE-2021-23682
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-23682
8
reference_url https://github.com/advisories/GHSA-v9p9-535w-4285
reference_id GHSA-v9p9-535w-4285
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v9p9-535w-4285
fixed_packages
0
url pkg:composer/appwrite/server-ce@0.11.1
purl pkg:composer/appwrite/server-ce@0.11.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4ptx-3zht-g7b8
1
vulnerability VCID-dtju-jew3-3qgz
2
vulnerability VCID-qx2s-2peg-2fa6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/appwrite/server-ce@0.11.1
1
url pkg:composer/appwrite/server-ce@0.12.2
purl pkg:composer/appwrite/server-ce@0.12.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4ptx-3zht-g7b8
1
vulnerability VCID-dtju-jew3-3qgz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/appwrite/server-ce@0.12.2
aliases CVE-2021-23682, GHSA-v9p9-535w-4285
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x7wu-vcge-33g6
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/appwrite/server-ce@0.4.0