Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/ckan@2.10.0
Typepypi
Namespace
Nameckan
Version2.10.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.10.1
Latest_non_vulnerable_version2.11.5
Affected_by_vulnerabilities
0
url VCID-6epn-ddfg-8fe9
vulnerability_id VCID-6epn-ddfg-8fe9
summary Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in ckan.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-32321
reference_id
reference_type
scores
0
value 0.02923
scoring_system epss
scoring_elements 0.86649
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-32321
1
reference_url https://github.com/ckan/ckan
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/ckan/ckan
2
reference_url https://github.com/ckan/ckan/blob/2a6080e61d5601fa0e2a0317afd6a8e9b7abf6dd/CHANGELOG.rst
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-14T19:07:01Z/
url https://github.com/ckan/ckan/blob/2a6080e61d5601fa0e2a0317afd6a8e9b7abf6dd/CHANGELOG.rst
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-32321
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-32321
4
reference_url https://github.com/advisories/GHSA-446m-hmmm-hm8m
reference_id GHSA-446m-hmmm-hm8m
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-446m-hmmm-hm8m
5
reference_url https://github.com/ckan/ckan/security/advisories/GHSA-446m-hmmm-hm8m
reference_id GHSA-446m-hmmm-hm8m
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-14T19:07:01Z/
url https://github.com/ckan/ckan/security/advisories/GHSA-446m-hmmm-hm8m
fixed_packages
0
url pkg:pypi/ckan@2.10.1
purl pkg:pypi/ckan@2.10.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ckan@2.10.1
aliases CVE-2023-32321, GHSA-446m-hmmm-hm8m
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6epn-ddfg-8fe9
1
url VCID-am2d-z4n4-93ff
vulnerability_id VCID-am2d-z4n4-93ff
summary 
CKAN vulnerable to fixed session IDs
Session ids could be fixed by an attacker if the site is configured with server-side session storage (CKAN uses cookie-based session storage by default). The attacker would need to either set a cookie on the victim's browser or steal the victim's currently valid session. Session identifiers are now regenerated after each login.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-64100
reference_id
reference_type
scores
0
value 0.00039
scoring_system epss
scoring_elements 0.12108
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-64100
1
reference_url https://github.com/ckan/ckan
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckan/ckan
2
reference_url https://github.com/ckan/ckan/commit/c2fe437f88be850a6edf7a32470772428819fab5
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T19:29:05Z/
url https://github.com/ckan/ckan/commit/c2fe437f88be850a6edf7a32470772428819fab5
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-64100
reference_id CVE-2025-64100
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-64100
4
reference_url https://github.com/advisories/GHSA-2hvh-cw5c-8q8q
reference_id GHSA-2hvh-cw5c-8q8q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2hvh-cw5c-8q8q
5
reference_url https://github.com/ckan/ckan/security/advisories/GHSA-2hvh-cw5c-8q8q
reference_id GHSA-2hvh-cw5c-8q8q
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T19:29:05Z/
url https://github.com/ckan/ckan/security/advisories/GHSA-2hvh-cw5c-8q8q
fixed_packages
0
url pkg:pypi/ckan@2.10.9
purl pkg:pypi/ckan@2.10.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ckan@2.10.9
1
url pkg:pypi/ckan@2.11.4
purl pkg:pypi/ckan@2.11.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8nsf-dyxr-9fdf
1
vulnerability VCID-azkb-63qy-9ubj
2
vulnerability VCID-kapx-7jk6-gkdy
3
vulnerability VCID-uhha-sv43-ryb2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ckan@2.11.4
aliases CVE-2025-64100, GHSA-2hvh-cw5c-8q8q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-am2d-z4n4-93ff
2
url VCID-azkb-63qy-9ubj
vulnerability_id VCID-azkb-63qy-9ubj
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-41255
reference_id
reference_type
scores
0
value 5e-05
scoring_system epss
scoring_elements 0.00228
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-41255
1
reference_url https://docs.ckan.org/en/2.10/changelog.html#v-2-10-10-2026-04-29
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.ckan.org/en/2.10/changelog.html#v-2-10-10-2026-04-29
2
reference_url https://docs.ckan.org/en/2.11/changelog.html#v-2-11-5-2026-04-29
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.ckan.org/en/2.11/changelog.html#v-2-11-5-2026-04-29
3
reference_url https://github.com/ckan/ckan
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckan/ckan
4
reference_url https://github.com/ckan/ckan/security/advisories/GHSA-mcvf-jxcw-vj73
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-14T12:44:10Z/
url https://github.com/ckan/ckan/security/advisories/GHSA-mcvf-jxcw-vj73
5
reference_url https://github.com/Shirshaw64p/security-advisories/tree/main/CVE-2026-41255
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-14T12:44:10Z/
url https://github.com/Shirshaw64p/security-advisories/tree/main/CVE-2026-41255
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-41255
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-41255
7
reference_url https://github.com/advisories/GHSA-mcvf-jxcw-vj73
reference_id GHSA-mcvf-jxcw-vj73
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mcvf-jxcw-vj73
fixed_packages
0
url pkg:pypi/ckan@2.10.10
purl pkg:pypi/ckan@2.10.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ckan@2.10.10
1
url pkg:pypi/ckan@2.11.5
purl pkg:pypi/ckan@2.11.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ckan@2.11.5
aliases CVE-2026-41255, GHSA-mcvf-jxcw-vj73
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-azkb-63qy-9ubj
3
url VCID-bah9-eeve-zybg
vulnerability_id VCID-bah9-eeve-zybg
summary 
Potential log injection in reset user endpoint in CKAN
A user endpoint didn't perform filtering on an incoming parameter, which was added directly to the application log. This could lead to an attacker injecting false log entries or corrupt the log file format.

### Patches
This has been fixed in the CKAN 2.9.11 and 2.10.4 versions

### Workarounds
Override the `/user/reset` endpoint to filter the `id` parameter in order to exclude newlines
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-27097
reference_id
reference_type
scores
0
value 0.00446
scoring_system epss
scoring_elements 0.63769
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-27097
1
reference_url https://docs.ckan.org/en/2.10/changelog.html#v-2-10-4-2024-03-13
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.ckan.org/en/2.10/changelog.html#v-2-10-4-2024-03-13
2
reference_url https://github.com/ckan/ckan
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckan/ckan
3
reference_url https://github.com/ckan/ckan/commit/5fa133e7e9019573066455b5d442e93c62b3fc93
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckan/ckan/commit/5fa133e7e9019573066455b5d442e93c62b3fc93
4
reference_url https://github.com/ckan/ckan/commit/81b56c55e5e3651d7fcf9642cd5a489a9b62212c
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:05:35Z/
url https://github.com/ckan/ckan/commit/81b56c55e5e3651d7fcf9642cd5a489a9b62212c
5
reference_url https://github.com/ckan/ckan/commit/d81f411bff2da7347c343a83e17f5814475b5b64
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckan/ckan/commit/d81f411bff2da7347c343a83e17f5814475b5b64
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-27097
reference_id CVE-2024-27097
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-27097
7
reference_url https://github.com/advisories/GHSA-8g38-3m6v-232j
reference_id GHSA-8g38-3m6v-232j
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8g38-3m6v-232j
8
reference_url https://github.com/ckan/ckan/security/advisories/GHSA-8g38-3m6v-232j
reference_id GHSA-8g38-3m6v-232j
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:05:35Z/
url https://github.com/ckan/ckan/security/advisories/GHSA-8g38-3m6v-232j
fixed_packages
0
url pkg:pypi/ckan@2.10.4
purl pkg:pypi/ckan@2.10.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ckan@2.10.4
aliases CVE-2024-27097, GHSA-8g38-3m6v-232j
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bah9-eeve-zybg
4
url VCID-mfpa-jdxh-vfd3
vulnerability_id VCID-mfpa-jdxh-vfd3
summary 
Improper Privilege Management
CKAN is an open-source data management system for powering data hubs and data portals. Prior to versions 2.9.9 and 2.10.1, the `ckan` user (equivalent to www-data) owned code and configuration files in the docker container and the `ckan` user had the permissions to use sudo. These issues allowed for code execution or privilege escalation if an arbitrary file write bug was available. Versions 2.9.9, 2.9.9-dev, 2.10.1, and 2.10.1-dev contain a patch.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-32696
reference_id
reference_type
scores
0
value 0.00294
scoring_system epss
scoring_elements 0.52926
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-32696
1
reference_url https://github.com/ckan/ckan-docker-base/commit/5483c46ce9b518a4e1b626ef7032cce2c1d75c7d
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-09T21:20:12Z/
url https://github.com/ckan/ckan-docker-base/commit/5483c46ce9b518a4e1b626ef7032cce2c1d75c7d
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-32696
reference_id CVE-2023-32696
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-32696
3
reference_url https://github.com/ckan/ckan-docker-base/security/advisories/GHSA-c74x-xfvr-x5wg
reference_id GHSA-c74x-xfvr-x5wg
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-09T21:20:12Z/
url https://github.com/ckan/ckan-docker-base/security/advisories/GHSA-c74x-xfvr-x5wg
fixed_packages
0
url pkg:pypi/ckan@2.10.1
purl pkg:pypi/ckan@2.10.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ckan@2.10.1
aliases CVE-2023-32696, GHSA-c74x-xfvr-x5wg
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mfpa-jdxh-vfd3
5
url VCID-t3gx-x14x-2bf9
vulnerability_id VCID-t3gx-x14x-2bf9
summary 
Improper Handling of Length Parameter Inconsistency
CKAN is an open-source data management system for powering data hubs and data portals. Starting in version 2.0.0 and prior to versions 2.9.10 and 2.10.3, when submitting a POST request to the `/dataset/new` endpoint (including either the auth cookie or the `Authorization` header) with a specially-crafted field, an attacker can create an out-of-memory error in the hosting server. To trigger this error, the attacker need to have permissions to create or edit datasets. This vulnerability has been patched in CKAN 2.10.3 and 2.9.10.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-50248
reference_id
reference_type
scores
0
value 0.00181
scoring_system epss
scoring_elements 0.39592
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-50248
1
reference_url https://github.com/ckan/ckan
reference_id
reference_type
scores
0
value 4.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckan/ckan
2
reference_url https://github.com/ckan/ckan/commit/bd02018b65c5b81d7ede195d00d0fcbac3aa33be
reference_id
reference_type
scores
0
value 4.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckan/ckan/commit/bd02018b65c5b81d7ede195d00d0fcbac3aa33be
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-50248
reference_id CVE-2023-50248
reference_type
scores
0
value 4.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-50248
4
reference_url https://github.com/advisories/GHSA-7fgc-89cx-w8j5
reference_id GHSA-7fgc-89cx-w8j5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7fgc-89cx-w8j5
5
reference_url https://github.com/ckan/ckan/security/advisories/GHSA-7fgc-89cx-w8j5
reference_id GHSA-7fgc-89cx-w8j5
reference_type
scores
0
value 4.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckan/ckan/security/advisories/GHSA-7fgc-89cx-w8j5
fixed_packages
0
url pkg:pypi/ckan@2.10.3
purl pkg:pypi/ckan@2.10.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ckan@2.10.3
aliases CVE-2023-50248, GHSA-7fgc-89cx-w8j5
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t3gx-x14x-2bf9
Fixing_vulnerabilities
0
url VCID-fy4c-77tm-9kam
vulnerability_id VCID-fy4c-77tm-9kam
summary In CKAN, versions 2.9.0 to 2.9.3 are affected by a stored XSS vulnerability via SVG file upload of users’ profile picture. This allows low privileged application users to store malicious scripts in their profile picture. These scripts are executed in a victim’s browser when they open the malicious profile picture
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-25967
reference_id
reference_type
scores
0
value 0.00206
scoring_system epss
scoring_elements 0.42778
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-25967
1
reference_url https://github.com/advisories/GHSA-6w9p-88qg-p3g3
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-6w9p-88qg-p3g3
2
reference_url https://github.com/ckan/ckan
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckan/ckan
3
reference_url https://github.com/ckan/ckan/commit/5a46989c0a4f2c2873ca182c196da83b82babd25
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckan/ckan/commit/5a46989c0a4f2c2873ca182c196da83b82babd25
4
reference_url https://github.com/ckan/ckan/pull/6477
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckan/ckan/pull/6477
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/ckan/PYSEC-2021-841.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/ckan/PYSEC-2021-841.yaml
6
reference_url https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25967
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:27:35Z/
url https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25967
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-25967
reference_id CVE-2021-25967
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-25967
fixed_packages
0
url pkg:pypi/ckan@2.9.4
purl pkg:pypi/ckan@2.9.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-w6cg-ubux-qbfg
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ckan@2.9.4
1
url pkg:pypi/ckan@2.10.0
purl pkg:pypi/ckan@2.10.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6epn-ddfg-8fe9
1
vulnerability VCID-am2d-z4n4-93ff
2
vulnerability VCID-azkb-63qy-9ubj
3
vulnerability VCID-bah9-eeve-zybg
4
vulnerability VCID-mfpa-jdxh-vfd3
5
vulnerability VCID-t3gx-x14x-2bf9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ckan@2.10.0
aliases CVE-2021-25967, GHSA-6w9p-88qg-p3g3, PYSEC-2021-841
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fy4c-77tm-9kam
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/ckan@2.10.0