Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/librsvg@2.44.10-2.1%2Bdeb10u3

Type deb

Namespace debian

Name librsvg

Version 2.44.10-2.1+deb10u3

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.50.3+dfsg-1+deb11u1

Latest_non_vulnerable_version 2.50.3+dfsg-1+deb11u1

Affected_by_vulnerabilities

url VCID-h9d3-z4h6-7fh8

vulnerability_id VCID-h9d3-z4h6-7fh8

summary A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38633.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38633.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-38633

reference_id

reference_type

scores

value	0.43614
scoring_system	epss
scoring_elements	0.97591
published_at	2026-06-05T12:55:00Z

value	0.43614
scoring_system	epss
scoring_elements	0.97593
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-38633

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38633
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38633

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041810
reference_id	1041810
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041810

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2224945
reference_id	2224945
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2224945

reference_url	https://security.gentoo.org/glsa/202408-14
reference_id	GLSA-202408-14
reference_type
scores
url	https://security.gentoo.org/glsa/202408-14

reference_url	https://access.redhat.com/errata/RHSA-2023:4809
reference_id	RHSA-2023:4809
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4809

reference_url	https://access.redhat.com/errata/RHSA-2023:5081
reference_id	RHSA-2023:5081
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5081

reference_url	https://usn.ubuntu.com/6266-1/
reference_id	USN-6266-1
reference_type
scores
url	https://usn.ubuntu.com/6266-1/

fixed_packages

url	pkg:deb/debian/librsvg@2.50.3%2Bdfsg-1%2Bdeb11u1
purl	pkg:deb/debian/librsvg@2.50.3%2Bdfsg-1%2Bdeb11u1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/librsvg@2.50.3%252Bdfsg-1%252Bdeb11u1

aliases CVE-2023-38633

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h9d3-z4h6-7fh8

url VCID-n5w7-52b2-zffj

vulnerability_id VCID-n5w7-52b2-zffj

summary In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20446.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20446.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-20446

reference_id

reference_type

scores

value	0.0133
scoring_system	epss
scoring_elements	0.80282
published_at	2026-06-04T12:55:00Z

value	0.0133
scoring_system	epss
scoring_elements	0.80307
published_at	2026-06-05T12:55:00Z

value	0.0133
scoring_system	epss
scoring_elements	0.8031
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-20446

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20446
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20446

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1797608
reference_id	1797608
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1797608

reference_url	https://access.redhat.com/errata/RHSA-2020:4709
reference_id	RHSA-2020:4709
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4709

reference_url	https://usn.ubuntu.com/4436-1/
reference_id	USN-4436-1
reference_type
scores
url	https://usn.ubuntu.com/4436-1/

fixed_packages

url	pkg:deb/debian/librsvg@2.50.3%2Bdfsg-1%2Bdeb11u1
purl	pkg:deb/debian/librsvg@2.50.3%2Bdfsg-1%2Bdeb11u1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/librsvg@2.50.3%252Bdfsg-1%252Bdeb11u1

aliases CVE-2019-20446

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n5w7-52b2-zffj

Fixing_vulnerabilities

Risk_score 3.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/librsvg@2.44.10-2.1%252Bdeb10u3

Package Instance