Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/datasette@0.49a0

Type pypi

Namespace

Name datasette

Version 0.49a0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 0.65.2

Latest_non_vulnerable_version 1.0a21

Affected_by_vulnerabilities

url VCID-gj9p-gkjg-1khj

vulnerability_id VCID-gj9p-gkjg-1khj

summary Datasette is an open source multi-tool for exploring and publishing data. In versions 0.65.1 and below and 1.0a0 through 1.0a19, deployed instances of Datasette include an open redirect vulnerability. Hits to the path //example.com/foo/bar/ (the trailing slash is required) will redirect the user to https://example.com/foo/bar. This problem has been patched in both Datasette 0.65.2 and 1.0a21. To workaround this issue, if Datasette is running behind a proxy, that proxy could be configured to replace // with / in incoming request URLs.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-64481

reference_id

reference_type

scores

value	0.0002
scoring_system	epss
scoring_elements	0.05721
published_at	2026-06-12T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05697
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-64481

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/datasette/PYSEC-2025-73.yaml

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/datasette/PYSEC-2025-73.yaml

reference_url

https://github.com/simonw/datasette

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/simonw/datasette

reference_url

https://github.com/simonw/datasette/issues/2429

reference_id

2429

reference_type

scores

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-13T14:23:07Z/

url

https://github.com/simonw/datasette/issues/2429

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-64481

reference_id

CVE-2025-64481

reference_type

scores

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-64481

reference_url

https://github.com/simonw/datasette/commit/f257ca6edb64848c3b04b54d41e347c54fe57c05

reference_id

f257ca6edb64848c3b04b54d41e347c54fe57c05

reference_type

scores

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-13T14:23:07Z/

url

https://github.com/simonw/datasette/commit/f257ca6edb64848c3b04b54d41e347c54fe57c05

reference_url

https://github.com/advisories/GHSA-w832-gg5g-x44m

reference_id

GHSA-w832-gg5g-x44m

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-w832-gg5g-x44m

reference_url

https://github.com/simonw/datasette/security/advisories/GHSA-w832-gg5g-x44m

reference_id

GHSA-w832-gg5g-x44m

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-13T14:23:07Z/

url

https://github.com/simonw/datasette/security/advisories/GHSA-w832-gg5g-x44m

fixed_packages

url	pkg:pypi/datasette@0.65.2
purl	pkg:pypi/datasette@0.65.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/datasette@0.65.2

url	pkg:pypi/datasette@1.0a21
purl	pkg:pypi/datasette@1.0a21
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/datasette@1.0a21

url	pkg:pypi/datasette@1.0.0a21
purl	pkg:pypi/datasette@1.0.0a21
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/datasette@1.0.0a21

aliases CVE-2025-64481, GHSA-w832-gg5g-x44m, PYSEC-2025-73

risk_score 1.4

exploitability 0.5

weighted_severity 2.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gj9p-gkjg-1khj

url VCID-hmeq-aurn-9yf9

vulnerability_id VCID-hmeq-aurn-9yf9

summary Datasette is an open source multi-tool for exploring and publishing data. The `?_trace=1` debugging feature in Datasette does not correctly escape generated HTML, resulting in a [reflected cross-site scripting](https://owasp.org/www-community/attacks/xss/#reflected-xss-attacks) vulnerability. This vulnerability is particularly relevant if your Datasette installation includes authenticated features using plugins such as [datasette-auth-passwords](https://datasette.io/plugins/datasette-auth-passwords) as an attacker could use the vulnerability to access protected data. Datasette 0.57 and 0.56.1 both include patches for this issue. If you run Datasette behind a proxy you can workaround this issue by rejecting any incoming requests with `?_trace=` or `&_trace=` in their query string parameters.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-32670

reference_id

reference_type

scores

value	0.00594
scoring_system	epss
scoring_elements	0.69758
published_at	2026-06-11T12:55:00Z

value	0.00594
scoring_system	epss
scoring_elements	0.69849
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-32670

reference_url

https://datasette.io/plugins/datasette-auth-passwords

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://datasette.io/plugins/datasette-auth-passwords

reference_url

https://github.com/advisories/GHSA-gff3-739c-gxfq

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-gff3-739c-gxfq

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/datasette/PYSEC-2021-89.yaml

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/datasette/PYSEC-2021-89.yaml

reference_url

https://github.com/simonw/datasette

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/simonw/datasette

reference_url

https://github.com/simonw/datasette/issues/1360

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/simonw/datasette/issues/1360

reference_url

https://github.com/simonw/datasette/security/advisories/GHSA-xw7c-jx9m-xh5g

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/simonw/datasette/security/advisories/GHSA-xw7c-jx9m-xh5g

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-32670

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-32670

reference_url

https://owasp.org/www-community/attacks/xss/#reflected-xss-attacks

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://owasp.org/www-community/attacks/xss/#reflected-xss-attacks

reference_url

https://pypi.org/project/datasette

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://pypi.org/project/datasette

reference_url	https://pypi.org/project/datasette/
reference_id
reference_type
scores
url	https://pypi.org/project/datasette/

reference_url

https://github.com/advisories/GHSA-xw7c-jx9m-xh5g

reference_id

GHSA-xw7c-jx9m-xh5g

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-xw7c-jx9m-xh5g

fixed_packages

url pkg:pypi/datasette@0.56.1

purl pkg:pypi/datasette@0.56.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gj9p-gkjg-1khj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/datasette@0.56.1

aliases CVE-2021-32670, GHSA-gff3-739c-gxfq, GHSA-xw7c-jx9m-xh5g, PYSEC-2021-89

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hmeq-aurn-9yf9

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/datasette@0.49a0

Package Instance