Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/contao/contao@4.13.7
Typecomposer
Namespacecontao
Namecontao
Version4.13.7
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.13.56
Latest_non_vulnerable_version5.6.1
Affected_by_vulnerabilities
0
url VCID-9fgc-p6aq-vygh
vulnerability_id VCID-9fgc-p6aq-vygh
summary Contao is an Open Source CMS. In versions starting from 4.9.14 and prior to 4.13.56, 5.3.38, and 5.6.1, protected content elements that are rendered as fragments are indexed and become publicly available in the front end search. This issue has been patched in versions 4.13.56, 5.3.38, and 5.6.1. A workaround involves disabling the front end search.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-57756
reference_id
reference_type
scores
0
value 0.00066
scoring_system epss
scoring_elements 0.20744
published_at 2026-06-11T12:55:00Z
1
value 0.00066
scoring_system epss
scoring_elements 0.2092
published_at 2026-06-12T12:55:00Z
2
value 0.00066
scoring_system epss
scoring_elements 0.2094
published_at 2026-06-13T12:55:00Z
3
value 0.00072
scoring_system epss
scoring_elements 0.22213
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-57756
1
reference_url https://github.com/contao/contao
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-57756
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-57756
3
reference_url https://github.com/contao/contao/commit/a03976c459b6f3985a28f6488b82a76ffb6c0514
reference_id a03976c459b6f3985a28f6488b82a76ffb6c0514
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-28T17:49:20Z/
url https://github.com/contao/contao/commit/a03976c459b6f3985a28f6488b82a76ffb6c0514
4
reference_url https://github.com/advisories/GHSA-2xmj-8wmq-7475
reference_id GHSA-2xmj-8wmq-7475
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2xmj-8wmq-7475
5
reference_url https://github.com/contao/contao/security/advisories/GHSA-2xmj-8wmq-7475
reference_id GHSA-2xmj-8wmq-7475
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-28T17:49:20Z/
url https://github.com/contao/contao/security/advisories/GHSA-2xmj-8wmq-7475
6
reference_url https://contao.org/en/security-advisories/information-disclosure-in-the-front-end-search-index
reference_id information-disclosure-in-the-front-end-search-index
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-28T17:49:20Z/
url https://contao.org/en/security-advisories/information-disclosure-in-the-front-end-search-index
fixed_packages
0
url pkg:composer/contao/contao@4.13.56
purl pkg:composer/contao/contao@4.13.56
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/contao@4.13.56
1
url pkg:composer/contao/contao@5.3.38
purl pkg:composer/contao/contao@5.3.38
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/contao@5.3.38
2
url pkg:composer/contao/contao@5.6.1
purl pkg:composer/contao/contao@5.6.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/contao@5.6.1
aliases CVE-2025-57756, GHSA-2xmj-8wmq-7475
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9fgc-p6aq-vygh
1
url VCID-arpe-7th1-kuep
vulnerability_id VCID-arpe-7th1-kuep
summary Contao before 5.5.6 allows XSS via an SVG document. This affects (in contao/core-bundle in Composer) 4.x before 4.13.54, 5.0.x through 5.3.x before 5.3.30, and 5.4.x and 5.5..x before 5.5.6.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-45965
reference_id
reference_type
scores
0
value 0.00343
scoring_system epss
scoring_elements 0.57432
published_at 2026-06-14T12:55:00Z
1
value 0.00343
scoring_system epss
scoring_elements 0.5744
published_at 2026-06-13T12:55:00Z
2
value 0.00343
scoring_system epss
scoring_elements 0.57425
published_at 2026-06-12T12:55:00Z
3
value 0.00343
scoring_system epss
scoring_elements 0.57307
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-45965
1
reference_url https://github.com/contao/contao
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value 1.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao
2
reference_url https://grimthereaperteam.medium.com/contao-5-4-1-malicious-file-upload-xss-in-svg-30edb8820ecb
reference_id contao-5-4-1-malicious-file-upload-xss-in-svg-30edb8820ecb
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
2
value 1.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P
3
value LOW
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T20:29:10Z/
url https://grimthereaperteam.medium.com/contao-5-4-1-malicious-file-upload-xss-in-svg-30edb8820ecb
3
reference_url https://contao.org/en/security-advisories/cross-site-scripting-through-svg-uploads
reference_id cross-site-scripting-through-svg-uploads
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
2
value 1.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P
3
value LOW
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T20:29:10Z/
url https://contao.org/en/security-advisories/cross-site-scripting-through-svg-uploads
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-45965
reference_id CVE-2024-45965
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value 1.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-45965
5
reference_url https://github.com/advisories/GHSA-mrw8-5368-phm3
reference_id GHSA-mrw8-5368-phm3
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mrw8-5368-phm3
fixed_packages
0
url pkg:composer/contao/contao@5.4.2
purl pkg:composer/contao/contao@5.4.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4s26-ndpg-jkcy
1
vulnerability VCID-9fgc-p6aq-vygh
2
vulnerability VCID-bmg9-saw6-efhd
3
vulnerability VCID-w65y-66s4-qbgy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/contao@5.4.2
aliases CVE-2024-45965, GHSA-mrw8-5368-phm3
risk_score 2.1
exploitability 0.5
weighted_severity 4.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-arpe-7th1-kuep
2
url VCID-bzd7-n1ak-mug7
vulnerability_id VCID-bzd7-n1ak-mug7
summary Contao is an open source content management system. Prior to versions 4.9.40, 4.13.21, and 5.1.4, logged in users can list arbitrary system files in the file manager by manipulating the Ajax request. However, it is not possible to read the contents of these files. Users should update to Contao 4.9.40, 4.13.21 or 5.1.4 to receive a patch. There are no known workarounds.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-29200
reference_id
reference_type
scores
0
value 0.00578
scoring_system epss
scoring_elements 0.69331
published_at 2026-06-11T12:55:00Z
1
value 0.00578
scoring_system epss
scoring_elements 0.69433
published_at 2026-06-14T12:55:00Z
2
value 0.00578
scoring_system epss
scoring_elements 0.69435
published_at 2026-06-13T12:55:00Z
3
value 0.00578
scoring_system epss
scoring_elements 0.69422
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-29200
1
reference_url https://contao.org/en/security-advisories/directory-traversal-in-the-file-manager.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://contao.org/en/security-advisories/directory-traversal-in-the-file-manager.html
2
reference_url https://github.com/contao/contao
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2023-29200.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2023-29200.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-29200
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-29200
5
reference_url https://github.com/contao/contao/commit/6f3e705f4ff23f4419563d09d8485793569f31df
reference_id 6f3e705f4ff23f4419563d09d8485793569f31df
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-03T19:37:07Z/
url https://github.com/contao/contao/commit/6f3e705f4ff23f4419563d09d8485793569f31df
6
reference_url https://contao.org/en/security-advisories/directory-traversal-in-the-file-manager
reference_id directory-traversal-in-the-file-manager
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-03T19:37:07Z/
url https://contao.org/en/security-advisories/directory-traversal-in-the-file-manager
7
reference_url https://github.com/advisories/GHSA-fp7q-xhhw-6rj3
reference_id GHSA-fp7q-xhhw-6rj3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fp7q-xhhw-6rj3
8
reference_url https://github.com/contao/contao/security/advisories/GHSA-fp7q-xhhw-6rj3
reference_id GHSA-fp7q-xhhw-6rj3
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-03T19:37:07Z/
url https://github.com/contao/contao/security/advisories/GHSA-fp7q-xhhw-6rj3
fixed_packages
0
url pkg:composer/contao/contao@4.13.21
purl pkg:composer/contao/contao@4.13.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9fgc-p6aq-vygh
1
vulnerability VCID-arpe-7th1-kuep
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/contao@4.13.21
1
url pkg:composer/contao/contao@5.1.4
purl pkg:composer/contao/contao@5.1.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9fgc-p6aq-vygh
1
vulnerability VCID-arpe-7th1-kuep
2
vulnerability VCID-bmg9-saw6-efhd
3
vulnerability VCID-w65y-66s4-qbgy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/contao@5.1.4
aliases CVE-2023-29200, GHSA-fp7q-xhhw-6rj3
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bzd7-n1ak-mug7
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/contao/contao@4.13.7