Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/view_component@2.17.0
Typegem
Namespace
Nameview_component
Version2.17.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-3c4m-sbhc-4yb3
vulnerability_id VCID-3c4m-sbhc-4yb3
summary view_component is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the preview route derives an example name from the URL and calls it with public_send. The code does not verify that the requested method is one of the preview examples explicitly defined by the preview class. As a result, inherited public methods on ViewComponent::Preview are route-reachable. The most important one is render_with_template, which accepts template: and locals:. Those values can come from request params and are later passed to Rails as render template:. If previews are exposed, an attacker can render internal Rails templates that are not otherwise routable. This vulnerability is fixed in 4.9.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44836
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.02011
published_at 2026-06-12T12:55:00Z
1
value 0.00013
scoring_system epss
scoring_elements 0.02008
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44836
1
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/view_component/CVE-2026-44836.yml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/view_component/CVE-2026-44836.yml
2
reference_url https://github.com/ViewComponent/view_component
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ViewComponent/view_component
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44836
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44836
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1138259
reference_id 1138259
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1138259
5
reference_url https://github.com/advisories/GHSA-7f3r-gwc9-2995
reference_id GHSA-7f3r-gwc9-2995
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7f3r-gwc9-2995
6
reference_url https://github.com/ViewComponent/view_component/security/advisories/GHSA-7f3r-gwc9-2995
reference_id GHSA-7f3r-gwc9-2995
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-27T13:21:32Z/
url https://github.com/ViewComponent/view_component/security/advisories/GHSA-7f3r-gwc9-2995
fixed_packages
0
url pkg:gem/view_component@4.0.0.alpha1
purl pkg:gem/view_component@4.0.0.alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3c4m-sbhc-4yb3
1
vulnerability VCID-bjbs-7tvw-augp
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/view_component@4.0.0.alpha1
1
url pkg:gem/view_component@4.9.0
purl pkg:gem/view_component@4.9.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3c4m-sbhc-4yb3
1
vulnerability VCID-bjbs-7tvw-augp
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/view_component@4.9.0
aliases CVE-2026-44836, GHSA-7f3r-gwc9-2995
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3c4m-sbhc-4yb3
1
url VCID-bjbs-7tvw-augp
vulnerability_id VCID-bjbs-7tvw-augp
summary view_component is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whether the resolved path starts with the temp directory path. This is not a safe containment check because sibling directories can share the same string prefix. This vulnerability is fixed in 4.9.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44837
reference_id
reference_type
scores
0
value 0.00015
scoring_system epss
scoring_elements 0.03404
published_at 2026-06-12T12:55:00Z
1
value 0.00015
scoring_system epss
scoring_elements 0.0339
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44837
1
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/view_component/CVE-2026-44837.yml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/view_component/CVE-2026-44837.yml
2
reference_url https://github.com/ViewComponent/view_component
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ViewComponent/view_component
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44837
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44837
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1138259
reference_id 1138259
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1138259
5
reference_url https://github.com/advisories/GHSA-hg3h-g7xc-f7vp
reference_id GHSA-hg3h-g7xc-f7vp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hg3h-g7xc-f7vp
6
reference_url https://github.com/ViewComponent/view_component/security/advisories/GHSA-hg3h-g7xc-f7vp
reference_id GHSA-hg3h-g7xc-f7vp
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements
1
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T14:03:17Z/
url https://github.com/ViewComponent/view_component/security/advisories/GHSA-hg3h-g7xc-f7vp
fixed_packages
0
url pkg:gem/view_component@4.0.0.alpha1
purl pkg:gem/view_component@4.0.0.alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3c4m-sbhc-4yb3
1
vulnerability VCID-bjbs-7tvw-augp
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/view_component@4.0.0.alpha1
1
url pkg:gem/view_component@4.9.0
purl pkg:gem/view_component@4.9.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3c4m-sbhc-4yb3
1
vulnerability VCID-bjbs-7tvw-augp
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/view_component@4.9.0
aliases CVE-2026-44837, GHSA-hg3h-g7xc-f7vp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bjbs-7tvw-augp
2
url VCID-q6rr-gydj-vqgm
vulnerability_id VCID-q6rr-gydj-vqgm
summary view_component is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. Versions prior to 3.9.0 and 2.83.0 have a cross-site scripting vulnerability that has the potential to impact anyone rendering a component directly from a controller with the view_component gem. Note that only components that define a `#call` method (i.e. instead of using a sidecar template) are affected. The return value of the `#call` method is not sanitized and can include user-defined content. In addition, the return value of the `#output_postamble` methodis not sanitized, which can also lead to cross-site scripting issues. Versions 3.9.0 and 2.83.0 have been released and fully mitigate both the `#call` and the `#output_postamble` vulnerabilities. As a workaround, sanitize the return value of `#call`.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-21636
reference_id
reference_type
scores
0
value 0.00501
scoring_system epss
scoring_elements 0.66451
published_at 2026-06-11T12:55:00Z
1
value 0.00501
scoring_system epss
scoring_elements 0.66544
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-21636
1
reference_url https://github.com/ViewComponent/view_component
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ViewComponent/view_component
2
reference_url https://github.com/ViewComponent/view_component/commit/0d26944a8d2730ea40e60eae23d70684483e5017
reference_id 0d26944a8d2730ea40e60eae23d70684483e5017
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-09T21:13:15Z/
url https://github.com/ViewComponent/view_component/commit/0d26944a8d2730ea40e60eae23d70684483e5017
3
reference_url https://github.com/ViewComponent/view_component/pull/1950
reference_id 1950
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-09T21:13:15Z/
url https://github.com/ViewComponent/view_component/pull/1950
4
reference_url https://github.com/ViewComponent/view_component/pull/1962
reference_id 1962
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-09T21:13:15Z/
url https://github.com/ViewComponent/view_component/pull/1962
5
reference_url https://github.com/ViewComponent/view_component/commit/c43d8bafa7117cbce479669a423ab266de150697
reference_id c43d8bafa7117cbce479669a423ab266de150697
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-09T21:13:15Z/
url https://github.com/ViewComponent/view_component/commit/c43d8bafa7117cbce479669a423ab266de150697
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-21636
reference_id CVE-2024-21636
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-21636
7
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/view_component/CVE-2024-21636.yml
reference_id CVE-2024-21636.YML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/view_component/CVE-2024-21636.yml
8
reference_url https://github.com/advisories/GHSA-wf2x-8w6j-qw37
reference_id GHSA-wf2x-8w6j-qw37
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wf2x-8w6j-qw37
9
reference_url https://github.com/ViewComponent/view_component/security/advisories/GHSA-wf2x-8w6j-qw37
reference_id GHSA-wf2x-8w6j-qw37
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-09T21:13:15Z/
url https://github.com/ViewComponent/view_component/security/advisories/GHSA-wf2x-8w6j-qw37
fixed_packages
0
url pkg:gem/view_component@2.83.0
purl pkg:gem/view_component@2.83.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3c4m-sbhc-4yb3
1
vulnerability VCID-bjbs-7tvw-augp
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/view_component@2.83.0
1
url pkg:gem/view_component@3.9.0
purl pkg:gem/view_component@3.9.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3c4m-sbhc-4yb3
1
vulnerability VCID-bjbs-7tvw-augp
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/view_component@3.9.0
aliases CVE-2024-21636, GHSA-wf2x-8w6j-qw37
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q6rr-gydj-vqgm
3
url VCID-yqwe-bqsh-yyhg
vulnerability_id VCID-yqwe-bqsh-yyhg
summary VIewComponent is a framework for building view components in Ruby on Rails. Versions prior to 2.31.2 and 2.49.1 contain a cross-site scripting vulnerability that has the potential to impact anyone using translations with the view_component gem. Data received via user input and passed as an interpolation argument to the `translate` method is not properly sanitized before display. Versions 2.31.2 and 2.49.1 have been released and fully mitigate the vulnerability. As a workaround, avoid passing user input to the `translate` function, or sanitize the inputs before passing them.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24722
reference_id
reference_type
scores
0
value 0.00735
scoring_system epss
scoring_elements 0.73337
published_at 2026-06-12T12:55:00Z
1
value 0.00735
scoring_system epss
scoring_elements 0.7326
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24722
1
reference_url https://github.com/github/view_component
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/github/view_component
2
reference_url https://github.com/github/view_component/commit/3f82a6e62578ff6f361aba24a1feb2caccf83ff9
reference_id 3f82a6e62578ff6f361aba24a1feb2caccf83ff9
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:32Z/
url https://github.com/github/view_component/commit/3f82a6e62578ff6f361aba24a1feb2caccf83ff9
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24722
reference_id CVE-2022-24722
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-24722
4
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/view_component/CVE-2022-24722.yml
reference_id CVE-2022-24722.YML
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/view_component/CVE-2022-24722.yml
5
reference_url https://github.com/advisories/GHSA-cm9w-c4rj-r2cf
reference_id GHSA-cm9w-c4rj-r2cf
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cm9w-c4rj-r2cf
6
reference_url https://github.com/github/view_component/security/advisories/GHSA-cm9w-c4rj-r2cf
reference_id GHSA-cm9w-c4rj-r2cf
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:32Z/
url https://github.com/github/view_component/security/advisories/GHSA-cm9w-c4rj-r2cf
7
reference_url https://github.com/github/view_component/releases/tag/v2.31.2
reference_id v2.31.2
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:32Z/
url https://github.com/github/view_component/releases/tag/v2.31.2
8
reference_url https://github.com/github/view_component/releases/tag/v2.49.1
reference_id v2.49.1
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:32Z/
url https://github.com/github/view_component/releases/tag/v2.49.1
fixed_packages
0
url pkg:gem/view_component@2.31.2
purl pkg:gem/view_component@2.31.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3c4m-sbhc-4yb3
1
vulnerability VCID-bjbs-7tvw-augp
2
vulnerability VCID-q6rr-gydj-vqgm
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/view_component@2.31.2
1
url pkg:gem/view_component@2.49.1
purl pkg:gem/view_component@2.49.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3c4m-sbhc-4yb3
1
vulnerability VCID-bjbs-7tvw-augp
2
vulnerability VCID-q6rr-gydj-vqgm
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/view_component@2.49.1
aliases CVE-2022-24722, GHSA-cm9w-c4rj-r2cf
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yqwe-bqsh-yyhg
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/view_component@2.17.0