Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/fava@1.13
Typepypi
Namespace
Namefava
Version1.13
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.22.3
Latest_non_vulnerable_version1.22.3
Affected_by_vulnerabilities
0
url VCID-3bav-gxx4-uyes
vulnerability_id VCID-3bav-gxx4-uyes
summary Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/fava prior to 1.22.2.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2523
reference_id
reference_type
scores
0
value 0.0032
scoring_system epss
scoring_elements 0.556
published_at 2026-06-12T12:55:00Z
1
value 0.0032
scoring_system epss
scoring_elements 0.5548
published_at 2026-06-11T12:55:00Z
2
value 0.0032
scoring_system epss
scoring_elements 0.55602
published_at 2026-06-14T12:55:00Z
3
value 0.0032
scoring_system epss
scoring_elements 0.55615
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2523
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2523
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2523
2
reference_url https://github.com/beancount/fava
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/beancount/fava
3
reference_url https://github.com/beancount/fava/commit/dccfb6a2f4567f35ce2e9a78e24f92ebf946bc9b
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/beancount/fava/commit/dccfb6a2f4567f35ce2e9a78e24f92ebf946bc9b
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/fava/PYSEC-2022-240.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/fava/PYSEC-2022-240.yaml
5
reference_url https://huntr.dev/bounties/2a1802d8-1c2e-4919-96a7-d4dcf7ffcf8f
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/2a1802d8-1c2e-4919-96a7-d4dcf7ffcf8f
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016971
reference_id 1016971
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016971
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-2523
reference_id CVE-2022-2523
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-2523
8
reference_url https://github.com/advisories/GHSA-q8hg-3vqv-f8v3
reference_id GHSA-q8hg-3vqv-f8v3
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-q8hg-3vqv-f8v3
fixed_packages
0
url pkg:pypi/fava@1.22.2
purl pkg:pypi/fava@1.22.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qbg1-taye-bqee
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fava@1.22.2
aliases CVE-2022-2523, GHSA-q8hg-3vqv-f8v3, PYSEC-2022-240
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3bav-gxx4-uyes
1
url VCID-qbg1-taye-bqee
vulnerability_id VCID-qbg1-taye-bqee
summary Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/fava prior to 1.22.3.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2589
reference_id
reference_type
scores
0
value 0.00247
scoring_system epss
scoring_elements 0.48246
published_at 2026-06-11T12:55:00Z
1
value 0.00247
scoring_system epss
scoring_elements 0.48387
published_at 2026-06-14T12:55:00Z
2
value 0.00247
scoring_system epss
scoring_elements 0.48402
published_at 2026-06-13T12:55:00Z
3
value 0.00247
scoring_system epss
scoring_elements 0.48384
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2589
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2589
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2589
2
reference_url https://github.com/beancount/fava
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/beancount/fava
3
reference_url https://github.com/beancount/fava/commit/68bbb6e39319deb35ab9f18d0b6aa9fa70472539
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/beancount/fava/commit/68bbb6e39319deb35ab9f18d0b6aa9fa70472539
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/fava/PYSEC-2022-246.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/fava/PYSEC-2022-246.yaml
5
reference_url https://huntr.dev/bounties/8705800d-cf2f-433d-9c3e-dbef6a3f7e08
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/8705800d-cf2f-433d-9c3e-dbef6a3f7e08
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016971
reference_id 1016971
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016971
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-2589
reference_id CVE-2022-2589
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-2589
8
reference_url https://github.com/advisories/GHSA-6hcj-qrw3-m66q
reference_id GHSA-6hcj-qrw3-m66q
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-6hcj-qrw3-m66q
fixed_packages
0
url pkg:pypi/fava@1.22.3
purl pkg:pypi/fava@1.22.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fava@1.22.3
aliases CVE-2022-2589, GHSA-6hcj-qrw3-m66q, PYSEC-2022-246
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qbg1-taye-bqee
2
url VCID-rzyx-kfhm-ryaz
vulnerability_id VCID-rzyx-kfhm-ryaz
summary The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2514
reference_id
reference_type
scores
0
value 0.0032
scoring_system epss
scoring_elements 0.55602
published_at 2026-06-14T12:55:00Z
1
value 0.0032
scoring_system epss
scoring_elements 0.55615
published_at 2026-06-13T12:55:00Z
2
value 0.0032
scoring_system epss
scoring_elements 0.5548
published_at 2026-06-11T12:55:00Z
3
value 0.0032
scoring_system epss
scoring_elements 0.556
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2514
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2514
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2514
2
reference_url https://github.com/beancount/fava
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/beancount/fava
3
reference_url https://github.com/beancount/fava/commit/ca9e3882c7b5fbf5273ba52340b9fea6a99f3711
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/beancount/fava/commit/ca9e3882c7b5fbf5273ba52340b9fea6a99f3711
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/fava/PYSEC-2022-239.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/fava/PYSEC-2022-239.yaml
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/fava/PYSEC-2022-43182.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/fava/PYSEC-2022-43182.yaml
6
reference_url https://huntr.dev/bounties/dbf77139-4384-4dc5-9994-45a5e0747429
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/dbf77139-4384-4dc5-9994-45a5e0747429
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016971
reference_id 1016971
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016971
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-2514
reference_id CVE-2022-2514
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-2514
9
reference_url https://github.com/advisories/GHSA-xrf4-39fm-j5f2
reference_id GHSA-xrf4-39fm-j5f2
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-xrf4-39fm-j5f2
fixed_packages
0
url pkg:pypi/fava@1.22.0
purl pkg:pypi/fava@1.22.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fava@1.22.0
1
url pkg:pypi/fava@1.22
purl pkg:pypi/fava@1.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3bav-gxx4-uyes
1
vulnerability VCID-qbg1-taye-bqee
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fava@1.22
aliases CVE-2022-2514, GHSA-xrf4-39fm-j5f2, PYSEC-2022-239, PYSEC-2022-43182
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rzyx-kfhm-ryaz
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/fava@1.13