Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/%40plone/volto@14.0.0-alpha.38
Typenpm
Namespace@plone
Namevolto
Version14.0.0-alpha.38
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version16.34.1
Latest_non_vulnerable_version19.0.0-alpha.6
Affected_by_vulnerabilities
0
url VCID-c5gw-edy1-1key
vulnerability_id VCID-c5gw-edy1-1key
summary 
@plone/volto vulnerable to potential DoS by invoking specific URL by anonymous user
When visiting a specific URL, an anonymous user could cause the NodeJS server part of Volto to quit with an error.
references
0
reference_url http://github.com/plone/volto/releases/tag/18.27.2
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-03T13:37:13Z/
url http://github.com/plone/volto/releases/tag/18.27.2
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-61668
reference_id
reference_type
scores
0
value 0.00105
scoring_system epss
scoring_elements 0.2815
published_at 2026-06-06T12:55:00Z
1
value 0.00105
scoring_system epss
scoring_elements 0.282
published_at 2026-06-05T12:55:00Z
2
value 0.00114
scoring_system epss
scoring_elements 0.29696
published_at 2026-06-07T12:55:00Z
3
value 0.00114
scoring_system epss
scoring_elements 0.29664
published_at 2026-06-08T12:55:00Z
4
value 0.00114
scoring_system epss
scoring_elements 0.29677
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-61668
2
reference_url https://github.com/plone/volto
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/plone/volto
3
reference_url https://github.com/plone/volto/commit/58d9f82d2d50ca9a87edbe16fed91762e57c109c
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-03T13:37:13Z/
url https://github.com/plone/volto/commit/58d9f82d2d50ca9a87edbe16fed91762e57c109c
4
reference_url https://github.com/plone/volto/pull/7412
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-03T13:37:13Z/
url https://github.com/plone/volto/pull/7412
5
reference_url https://github.com/plone/volto/pull/7413
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-03T13:37:13Z/
url https://github.com/plone/volto/pull/7413
6
reference_url https://github.com/plone/volto/releases/tag/16.34.1
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-03T13:37:13Z/
url https://github.com/plone/volto/releases/tag/16.34.1
7
reference_url https://github.com/plone/volto/releases/tag/17.22.2
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-03T13:37:13Z/
url https://github.com/plone/volto/releases/tag/17.22.2
8
reference_url https://github.com/plone/volto/releases/tag/19.0.0-alpha.6
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-03T13:37:13Z/
url https://github.com/plone/volto/releases/tag/19.0.0-alpha.6
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-61668
reference_id CVE-2025-61668
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-61668
10
reference_url https://github.com/advisories/GHSA-m8rj-ppph-mj33
reference_id GHSA-m8rj-ppph-mj33
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m8rj-ppph-mj33
11
reference_url https://github.com/plone/volto/security/advisories/GHSA-m8rj-ppph-mj33
reference_id GHSA-m8rj-ppph-mj33
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-03T13:37:13Z/
url https://github.com/plone/volto/security/advisories/GHSA-m8rj-ppph-mj33
fixed_packages
0
url pkg:npm/%40plone/volto@16.34.1
purl pkg:npm/%40plone/volto@16.34.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540plone/volto@16.34.1
1
url pkg:npm/%40plone/volto@17.22.2
purl pkg:npm/%40plone/volto@17.22.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540plone/volto@17.22.2
2
url pkg:npm/%40plone/volto@18.27.2
purl pkg:npm/%40plone/volto@18.27.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540plone/volto@18.27.2
3
url pkg:npm/%40plone/volto@19.0.0-alpha.6
purl pkg:npm/%40plone/volto@19.0.0-alpha.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540plone/volto@19.0.0-alpha.6
aliases CVE-2025-61668, GHSA-m8rj-ppph-mj33
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c5gw-edy1-1key
1
url VCID-cga8-1pr4-byf9
vulnerability_id VCID-cga8-1pr4-byf9
summary 
Improper Authentication
Volto is a ReactJS-based frontend for the Plone Content Management System. Between versions 14.0.0-alpha.5 and 15.0.0-alpha.0, a user could have their authentication cookie replaced with an authentication cookie from another user, effectively giving them control of the other user's account and privileges. This occurs when using an outdated version of the `react-cookie` library and a server is under high load. A proof of concept does not currently exist, but it is possible for this issue to occur in the wild. The patch and fix is present in Volto 15.0.0-alpha.0. As a workaround, one may manually upgrade the `react-cookie` package to 4.1.1 and then override all Volto components that use this library.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24740
reference_id
reference_type
scores
0
value 0.00258
scoring_system epss
scoring_elements 0.49432
published_at 2026-06-04T12:55:00Z
1
value 0.00258
scoring_system epss
scoring_elements 0.49472
published_at 2026-06-09T12:55:00Z
2
value 0.00258
scoring_system epss
scoring_elements 0.4946
published_at 2026-06-08T12:55:00Z
3
value 0.00258
scoring_system epss
scoring_elements 0.49489
published_at 2026-06-07T12:55:00Z
4
value 0.00258
scoring_system epss
scoring_elements 0.49494
published_at 2026-06-05T12:55:00Z
5
value 0.00258
scoring_system epss
scoring_elements 0.49505
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24740
1
reference_url https://github.com/plone/volto
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/volto
2
reference_url https://github.com/plone/volto/pull/3051
reference_id
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:09:02Z/
url https://github.com/plone/volto/pull/3051
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24740
reference_id CVE-2022-24740
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-24740
4
reference_url https://github.com/advisories/GHSA-cfhh-xgwq-5r67
reference_id GHSA-cfhh-xgwq-5r67
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cfhh-xgwq-5r67
5
reference_url https://github.com/plone/volto/security/advisories/GHSA-cfhh-xgwq-5r67
reference_id GHSA-cfhh-xgwq-5r67
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:09:02Z/
url https://github.com/plone/volto/security/advisories/GHSA-cfhh-xgwq-5r67
fixed_packages
0
url pkg:npm/%40plone/volto@15.0.0-alpha.0
purl pkg:npm/%40plone/volto@15.0.0-alpha.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-c5gw-edy1-1key
1
vulnerability VCID-rm23-3ch5-q3ge
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540plone/volto@15.0.0-alpha.0
aliases CVE-2022-24740, GHSA-cfhh-xgwq-5r67
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cga8-1pr4-byf9
2
url VCID-rm23-3ch5-q3ge
vulnerability_id VCID-rm23-3ch5-q3ge
summary 
Volto affected by possible DoS by invoking specific URL by anonymous user
When visiting a specific URL, an anonymous user could cause the NodeJS server part of Volto to quit with an error.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-58047
reference_id
reference_type
scores
0
value 0.00171
scoring_system epss
scoring_elements 0.38131
published_at 2026-06-08T12:55:00Z
1
value 0.00171
scoring_system epss
scoring_elements 0.38142
published_at 2026-06-09T12:55:00Z
2
value 0.00171
scoring_system epss
scoring_elements 0.3819
published_at 2026-06-06T12:55:00Z
3
value 0.00171
scoring_system epss
scoring_elements 0.38186
published_at 2026-06-05T12:55:00Z
4
value 0.00171
scoring_system epss
scoring_elements 0.38162
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-58047
1
reference_url https://github.com/plone/volto
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/plone/volto
2
reference_url https://github.com/plone/volto/commit/2789a287ac45ad9039fb9161d465ba13241fff0a
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-28T18:35:47Z/
url https://github.com/plone/volto/commit/2789a287ac45ad9039fb9161d465ba13241fff0a
3
reference_url https://github.com/plone/volto/releases/tag/16.34.0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-28T18:35:47Z/
url https://github.com/plone/volto/releases/tag/16.34.0
4
reference_url https://github.com/plone/volto/releases/tag/17.22.1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-28T18:35:47Z/
url https://github.com/plone/volto/releases/tag/17.22.1
5
reference_url https://github.com/plone/volto/releases/tag/18.24.0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-28T18:35:47Z/
url https://github.com/plone/volto/releases/tag/18.24.0
6
reference_url https://github.com/plone/volto/releases/tag/19.0.0-alpha.4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-28T18:35:47Z/
url https://github.com/plone/volto/releases/tag/19.0.0-alpha.4
7
reference_url http://www.openwall.com/lists/oss-security/2025/08/28/3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/08/28/3
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-58047
reference_id CVE-2025-58047
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-58047
9
reference_url https://github.com/advisories/GHSA-xjhf-7833-3pm5
reference_id GHSA-xjhf-7833-3pm5
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xjhf-7833-3pm5
10
reference_url https://github.com/plone/volto/security/advisories/GHSA-xjhf-7833-3pm5
reference_id GHSA-xjhf-7833-3pm5
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-28T18:35:47Z/
url https://github.com/plone/volto/security/advisories/GHSA-xjhf-7833-3pm5
fixed_packages
0
url pkg:npm/%40plone/volto@16.34.0
purl pkg:npm/%40plone/volto@16.34.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-c5gw-edy1-1key
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540plone/volto@16.34.0
1
url pkg:npm/%40plone/volto@17.22.1
purl pkg:npm/%40plone/volto@17.22.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-c5gw-edy1-1key
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540plone/volto@17.22.1
2
url pkg:npm/%40plone/volto@18.24.0
purl pkg:npm/%40plone/volto@18.24.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-c5gw-edy1-1key
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540plone/volto@18.24.0
3
url pkg:npm/%40plone/volto@19.0.0-alpha.4
purl pkg:npm/%40plone/volto@19.0.0-alpha.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-c5gw-edy1-1key
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540plone/volto@19.0.0-alpha.4
aliases CVE-2025-58047, GHSA-xjhf-7833-3pm5
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rm23-3ch5-q3ge
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/%2540plone/volto@14.0.0-alpha.38