Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/contao/contao@5.0.5
Typecomposer
Namespacecontao
Namecontao
Version5.0.5
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.3.38
Latest_non_vulnerable_version5.6.1
Affected_by_vulnerabilities
0
url VCID-9fgc-p6aq-vygh
vulnerability_id VCID-9fgc-p6aq-vygh
summary Contao is an Open Source CMS. In versions starting from 4.9.14 and prior to 4.13.56, 5.3.38, and 5.6.1, protected content elements that are rendered as fragments are indexed and become publicly available in the front end search. This issue has been patched in versions 4.13.56, 5.3.38, and 5.6.1. A workaround involves disabling the front end search.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-57756
reference_id
reference_type
scores
0
value 0.00066
scoring_system epss
scoring_elements 0.20744
published_at 2026-06-11T12:55:00Z
1
value 0.00066
scoring_system epss
scoring_elements 0.2092
published_at 2026-06-12T12:55:00Z
2
value 0.00066
scoring_system epss
scoring_elements 0.2094
published_at 2026-06-13T12:55:00Z
3
value 0.00072
scoring_system epss
scoring_elements 0.22213
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-57756
1
reference_url https://github.com/contao/contao
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-57756
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-57756
3
reference_url https://github.com/contao/contao/commit/a03976c459b6f3985a28f6488b82a76ffb6c0514
reference_id a03976c459b6f3985a28f6488b82a76ffb6c0514
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-28T17:49:20Z/
url https://github.com/contao/contao/commit/a03976c459b6f3985a28f6488b82a76ffb6c0514
4
reference_url https://github.com/advisories/GHSA-2xmj-8wmq-7475
reference_id GHSA-2xmj-8wmq-7475
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2xmj-8wmq-7475
5
reference_url https://github.com/contao/contao/security/advisories/GHSA-2xmj-8wmq-7475
reference_id GHSA-2xmj-8wmq-7475
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-28T17:49:20Z/
url https://github.com/contao/contao/security/advisories/GHSA-2xmj-8wmq-7475
6
reference_url https://contao.org/en/security-advisories/information-disclosure-in-the-front-end-search-index
reference_id information-disclosure-in-the-front-end-search-index
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-28T17:49:20Z/
url https://contao.org/en/security-advisories/information-disclosure-in-the-front-end-search-index
fixed_packages
0
url pkg:composer/contao/contao@5.3.38
purl pkg:composer/contao/contao@5.3.38
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/contao@5.3.38
1
url pkg:composer/contao/contao@5.6.1
purl pkg:composer/contao/contao@5.6.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/contao@5.6.1
aliases CVE-2025-57756, GHSA-2xmj-8wmq-7475
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9fgc-p6aq-vygh
1
url VCID-arpe-7th1-kuep
vulnerability_id VCID-arpe-7th1-kuep
summary Contao before 5.5.6 allows XSS via an SVG document. This affects (in contao/core-bundle in Composer) 4.x before 4.13.54, 5.0.x through 5.3.x before 5.3.30, and 5.4.x and 5.5..x before 5.5.6.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-45965
reference_id
reference_type
scores
0
value 0.00343
scoring_system epss
scoring_elements 0.57432
published_at 2026-06-14T12:55:00Z
1
value 0.00343
scoring_system epss
scoring_elements 0.5744
published_at 2026-06-13T12:55:00Z
2
value 0.00343
scoring_system epss
scoring_elements 0.57425
published_at 2026-06-12T12:55:00Z
3
value 0.00343
scoring_system epss
scoring_elements 0.57307
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-45965
1
reference_url https://github.com/contao/contao
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value 1.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao
2
reference_url https://grimthereaperteam.medium.com/contao-5-4-1-malicious-file-upload-xss-in-svg-30edb8820ecb
reference_id contao-5-4-1-malicious-file-upload-xss-in-svg-30edb8820ecb
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
2
value 1.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P
3
value LOW
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T20:29:10Z/
url https://grimthereaperteam.medium.com/contao-5-4-1-malicious-file-upload-xss-in-svg-30edb8820ecb
3
reference_url https://contao.org/en/security-advisories/cross-site-scripting-through-svg-uploads
reference_id cross-site-scripting-through-svg-uploads
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
2
value 1.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P
3
value LOW
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T20:29:10Z/
url https://contao.org/en/security-advisories/cross-site-scripting-through-svg-uploads
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-45965
reference_id CVE-2024-45965
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value 1.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-45965
5
reference_url https://github.com/advisories/GHSA-mrw8-5368-phm3
reference_id GHSA-mrw8-5368-phm3
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mrw8-5368-phm3
fixed_packages
0
url pkg:composer/contao/contao@5.4.2
purl pkg:composer/contao/contao@5.4.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4s26-ndpg-jkcy
1
vulnerability VCID-9fgc-p6aq-vygh
2
vulnerability VCID-bmg9-saw6-efhd
3
vulnerability VCID-w65y-66s4-qbgy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/contao@5.4.2
aliases CVE-2024-45965, GHSA-mrw8-5368-phm3
risk_score 2.1
exploitability 0.5
weighted_severity 4.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-arpe-7th1-kuep
2
url VCID-bmg9-saw6-efhd
vulnerability_id VCID-bmg9-saw6-efhd
summary Contao is an Open Source CMS. In versions starting from 5.0.0 and prior to 5.3.38 and 5.6.1, the table access voter in the back end doesn't check if a user is allowed to access the corresponding module. This issue has been patched in versions 5.3.38 and 5.6.1. A workaround involves not relying solely on the voter and additionally to check USER_CAN_ACCESS_MODULE.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-57758
reference_id
reference_type
scores
0
value 0.00062
scoring_system epss
scoring_elements 0.19632
published_at 2026-06-11T12:55:00Z
1
value 0.00062
scoring_system epss
scoring_elements 0.19808
published_at 2026-06-12T12:55:00Z
2
value 0.00062
scoring_system epss
scoring_elements 0.19825
published_at 2026-06-13T12:55:00Z
3
value 0.00067
scoring_system epss
scoring_elements 0.21166
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-57758
1
reference_url https://github.com/contao/contao
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-57758
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-57758
3
reference_url https://github.com/contao/contao/commit/3f05c603e1c94d34819f837f060df5d66447d0d7
reference_id 3f05c603e1c94d34819f837f060df5d66447d0d7
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-28T17:19:56Z/
url https://github.com/contao/contao/commit/3f05c603e1c94d34819f837f060df5d66447d0d7
4
reference_url https://github.com/advisories/GHSA-7m47-r75r-cx8v
reference_id GHSA-7m47-r75r-cx8v
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7m47-r75r-cx8v
5
reference_url https://github.com/contao/contao/security/advisories/GHSA-7m47-r75r-cx8v
reference_id GHSA-7m47-r75r-cx8v
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-28T17:19:56Z/
url https://github.com/contao/contao/security/advisories/GHSA-7m47-r75r-cx8v
6
reference_url https://contao.org/en/security-advisories/improper-access-control-in-the-back-end-voters
reference_id improper-access-control-in-the-back-end-voters
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-28T17:19:56Z/
url https://contao.org/en/security-advisories/improper-access-control-in-the-back-end-voters
fixed_packages
0
url pkg:composer/contao/contao@5.3.38
purl pkg:composer/contao/contao@5.3.38
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/contao@5.3.38
1
url pkg:composer/contao/contao@5.6.1
purl pkg:composer/contao/contao@5.6.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/contao@5.6.1
aliases CVE-2025-57758, GHSA-7m47-r75r-cx8v
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bmg9-saw6-efhd
3
url VCID-w65y-66s4-qbgy
vulnerability_id VCID-w65y-66s4-qbgy
summary Contao is an Open Source CMS. In versions starting from 5.0.0 and prior to 5.3.38 and 5.6.1, if a news feed contains protected news archives, their news items are not filtered and become publicly available in the RSS feed. This issue has been patched in versions 5.3.38 and 5.6.1. A workaround involves not adding protected news archives to the news feed page.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-57757
reference_id
reference_type
scores
0
value 0.00078
scoring_system epss
scoring_elements 0.232
published_at 2026-06-11T12:55:00Z
1
value 0.00078
scoring_system epss
scoring_elements 0.23394
published_at 2026-06-12T12:55:00Z
2
value 0.00078
scoring_system epss
scoring_elements 0.23406
published_at 2026-06-13T12:55:00Z
3
value 0.00084
scoring_system epss
scoring_elements 0.24648
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-57757
1
reference_url https://github.com/contao/contao
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-57757
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-57757
3
reference_url https://github.com/contao/contao/commit/e75f46b11974fbf7a4652e65c19ad6ca84c59271
reference_id e75f46b11974fbf7a4652e65c19ad6ca84c59271
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-28T17:45:40Z/
url https://github.com/contao/contao/commit/e75f46b11974fbf7a4652e65c19ad6ca84c59271
4
reference_url https://github.com/advisories/GHSA-w53m-gxvg-vx7p
reference_id GHSA-w53m-gxvg-vx7p
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w53m-gxvg-vx7p
5
reference_url https://github.com/contao/contao/security/advisories/GHSA-w53m-gxvg-vx7p
reference_id GHSA-w53m-gxvg-vx7p
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-28T17:45:40Z/
url https://github.com/contao/contao/security/advisories/GHSA-w53m-gxvg-vx7p
6
reference_url https://contao.org/en/security-advisories/information-disclosure-in-the-news-module
reference_id information-disclosure-in-the-news-module
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-28T17:45:40Z/
url https://contao.org/en/security-advisories/information-disclosure-in-the-news-module
fixed_packages
0
url pkg:composer/contao/contao@5.3.38
purl pkg:composer/contao/contao@5.3.38
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/contao@5.3.38
1
url pkg:composer/contao/contao@5.6.1
purl pkg:composer/contao/contao@5.6.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/contao@5.6.1
aliases CVE-2025-57757, GHSA-w53m-gxvg-vx7p
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w65y-66s4-qbgy
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/contao/contao@5.0.5