Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/contao/contao@5.4.0-RC2
Typecomposer
Namespacecontao
Namecontao
Version5.4.0-RC2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.6.1
Latest_non_vulnerable_version5.6.1
Affected_by_vulnerabilities
0
url VCID-afma-748j-uqae
vulnerability_id VCID-afma-748j-uqae
summary 
Contao can disclose sensitive information in the news module
If a news feed contains protected news archives, their news items are not filtered and become publicly available in the RSS feed.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-57757
reference_id
reference_type
scores
0
value 0.00078
scoring_system epss
scoring_elements 0.23271
published_at 2026-06-05T12:55:00Z
1
value 0.00078
scoring_system epss
scoring_elements 0.2321
published_at 2026-06-07T12:55:00Z
2
value 0.00078
scoring_system epss
scoring_elements 0.23256
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-57757
1
reference_url https://contao.org/en/security-advisories/information-disclosure-in-the-news-module
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-28T17:45:40Z/
url https://contao.org/en/security-advisories/information-disclosure-in-the-news-module
2
reference_url https://github.com/contao/contao
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao
3
reference_url https://github.com/contao/contao/commit/e75f46b11974fbf7a4652e65c19ad6ca84c59271
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-28T17:45:40Z/
url https://github.com/contao/contao/commit/e75f46b11974fbf7a4652e65c19ad6ca84c59271
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-57757
reference_id CVE-2025-57757
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-57757
5
reference_url https://github.com/advisories/GHSA-w53m-gxvg-vx7p
reference_id GHSA-w53m-gxvg-vx7p
reference_type
scores
url https://github.com/advisories/GHSA-w53m-gxvg-vx7p
6
reference_url https://github.com/contao/contao/security/advisories/GHSA-w53m-gxvg-vx7p
reference_id GHSA-w53m-gxvg-vx7p
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-28T17:45:40Z/
url https://github.com/contao/contao/security/advisories/GHSA-w53m-gxvg-vx7p
fixed_packages
0
url pkg:composer/contao/contao@5.6.1
purl pkg:composer/contao/contao@5.6.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/contao@5.6.1
aliases CVE-2025-57757, GHSA-w53m-gxvg-vx7p
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-afma-748j-uqae
1
url VCID-f1az-1ejn-53f7
vulnerability_id VCID-f1az-1ejn-53f7
summary 
Contao discloses sensitive information in the front end search index
Protected content elements that are rendered as fragments are indexed and become publicly available in the front end search.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-57756
reference_id
reference_type
scores
0
value 0.00066
scoring_system epss
scoring_elements 0.20802
published_at 2026-06-05T12:55:00Z
1
value 0.00066
scoring_system epss
scoring_elements 0.20745
published_at 2026-06-07T12:55:00Z
2
value 0.00066
scoring_system epss
scoring_elements 0.20789
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-57756
1
reference_url https://contao.org/en/security-advisories/information-disclosure-in-the-front-end-search-index
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-28T17:49:20Z/
url https://contao.org/en/security-advisories/information-disclosure-in-the-front-end-search-index
2
reference_url https://github.com/contao/contao
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao
3
reference_url https://github.com/contao/contao/commit/a03976c459b6f3985a28f6488b82a76ffb6c0514
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-28T17:49:20Z/
url https://github.com/contao/contao/commit/a03976c459b6f3985a28f6488b82a76ffb6c0514
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-57756
reference_id CVE-2025-57756
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-57756
5
reference_url https://github.com/advisories/GHSA-2xmj-8wmq-7475
reference_id GHSA-2xmj-8wmq-7475
reference_type
scores
url https://github.com/advisories/GHSA-2xmj-8wmq-7475
6
reference_url https://github.com/contao/contao/security/advisories/GHSA-2xmj-8wmq-7475
reference_id GHSA-2xmj-8wmq-7475
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-28T17:49:20Z/
url https://github.com/contao/contao/security/advisories/GHSA-2xmj-8wmq-7475
fixed_packages
0
url pkg:composer/contao/contao@5.6.1
purl pkg:composer/contao/contao@5.6.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/contao@5.6.1
aliases CVE-2025-57756, GHSA-2xmj-8wmq-7475
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f1az-1ejn-53f7
2
url VCID-p4tq-y4en-57ag
vulnerability_id VCID-p4tq-y4en-57ag
summary 
Contao does not properly manage privileges for page and article fields
Under certain conditions, back end users may be able to edit fields of pages and articles without having the necessary permissions.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-57759
reference_id
reference_type
scores
0
value 0.00058
scoring_system epss
scoring_elements 0.18361
published_at 2026-06-05T12:55:00Z
1
value 0.00058
scoring_system epss
scoring_elements 0.18327
published_at 2026-06-07T12:55:00Z
2
value 0.00058
scoring_system epss
scoring_elements 0.18365
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-57759
1
reference_url https://contao.org/en/security-advisories/improper-privilege-management-for-page-and-article-fields
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-28T17:16:51Z/
url https://contao.org/en/security-advisories/improper-privilege-management-for-page-and-article-fields
2
reference_url https://github.com/contao/contao
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao
3
reference_url https://github.com/contao/contao/commit/80ee7db12d55ad979d9b1b180f273d4e2668851f
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-28T17:16:51Z/
url https://github.com/contao/contao/commit/80ee7db12d55ad979d9b1b180f273d4e2668851f
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-57759
reference_id CVE-2025-57759
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-57759
5
reference_url https://github.com/advisories/GHSA-qqfq-7cpp-hcqj
reference_id GHSA-qqfq-7cpp-hcqj
reference_type
scores
url https://github.com/advisories/GHSA-qqfq-7cpp-hcqj
6
reference_url https://github.com/contao/contao/security/advisories/GHSA-qqfq-7cpp-hcqj
reference_id GHSA-qqfq-7cpp-hcqj
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-28T17:16:51Z/
url https://github.com/contao/contao/security/advisories/GHSA-qqfq-7cpp-hcqj
fixed_packages
0
url pkg:composer/contao/contao@5.6.1
purl pkg:composer/contao/contao@5.6.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/contao@5.6.1
aliases CVE-2025-57759, GHSA-qqfq-7cpp-hcqj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p4tq-y4en-57ag
3
url VCID-rgvt-jwf2-9fbr
vulnerability_id VCID-rgvt-jwf2-9fbr
summary 
Duplicate Advisory: Contao allows admin an account to upload SVG file containing malicious JavaScript
## Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-vqqr-fgmh-f626. This link is maintained to preserve external references.

## Original Description

Contao 5.4.1 allows an authenticated admin account to upload a SVG file containing malicious javascript code into the target system. If the file is accessed through the website, it could lead to a Cross-Site Scripting (XSS) attack or execute arbitrary code via a crafted javascript to the target.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-45965
reference_id
reference_type
scores
0
value 0.00343
scoring_system epss
scoring_elements 0.57233
published_at 2026-06-05T12:55:00Z
1
value 0.00343
scoring_system epss
scoring_elements 0.57228
published_at 2026-06-07T12:55:00Z
2
value 0.00343
scoring_system epss
scoring_elements 0.57241
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-45965
1
reference_url https://contao.org/en/security-advisories/cross-site-scripting-through-svg-uploads
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
2
value 1.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P
3
value LOW
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T20:29:10Z/
url https://contao.org/en/security-advisories/cross-site-scripting-through-svg-uploads
2
reference_url https://github.com/contao/contao
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value 1.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao
3
reference_url https://grimthereaperteam.medium.com/contao-5-4-1-malicious-file-upload-xss-in-svg-30edb8820ecb
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
2
value 1.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P
3
value LOW
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T20:29:10Z/
url https://grimthereaperteam.medium.com/contao-5-4-1-malicious-file-upload-xss-in-svg-30edb8820ecb
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-45965
reference_id CVE-2024-45965
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value 1.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-45965
5
reference_url https://github.com/advisories/GHSA-mrw8-5368-phm3
reference_id GHSA-mrw8-5368-phm3
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mrw8-5368-phm3
fixed_packages
0
url pkg:composer/contao/contao@5.4.2
purl pkg:composer/contao/contao@5.4.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-afma-748j-uqae
1
vulnerability VCID-f1az-1ejn-53f7
2
vulnerability VCID-p4tq-y4en-57ag
3
vulnerability VCID-ycnh-mnst-duap
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/contao@5.4.2
aliases CVE-2024-45965, GHSA-mrw8-5368-phm3
risk_score 2.1
exploitability 0.5
weighted_severity 4.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rgvt-jwf2-9fbr
4
url VCID-ycnh-mnst-duap
vulnerability_id VCID-ycnh-mnst-duap
summary 
Contao applies improper access control in the back end voters
The table access voter in the back end doesn't check if a user is allowed to access the corresponding module.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-57758
reference_id
reference_type
scores
0
value 0.00062
scoring_system epss
scoring_elements 0.19591
published_at 2026-06-07T12:55:00Z
1
value 0.00062
scoring_system epss
scoring_elements 0.19635
published_at 2026-06-06T12:55:00Z
2
value 0.00062
scoring_system epss
scoring_elements 0.1964
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-57758
1
reference_url https://contao.org/en/security-advisories/improper-access-control-in-the-back-end-voters
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-28T17:19:56Z/
url https://contao.org/en/security-advisories/improper-access-control-in-the-back-end-voters
2
reference_url https://github.com/contao/contao
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao
3
reference_url https://github.com/contao/contao/commit/3f05c603e1c94d34819f837f060df5d66447d0d7
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-28T17:19:56Z/
url https://github.com/contao/contao/commit/3f05c603e1c94d34819f837f060df5d66447d0d7
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-57758
reference_id CVE-2025-57758
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-57758
5
reference_url https://github.com/advisories/GHSA-7m47-r75r-cx8v
reference_id GHSA-7m47-r75r-cx8v
reference_type
scores
url https://github.com/advisories/GHSA-7m47-r75r-cx8v
6
reference_url https://github.com/contao/contao/security/advisories/GHSA-7m47-r75r-cx8v
reference_id GHSA-7m47-r75r-cx8v
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-28T17:19:56Z/
url https://github.com/contao/contao/security/advisories/GHSA-7m47-r75r-cx8v
fixed_packages
0
url pkg:composer/contao/contao@5.6.1
purl pkg:composer/contao/contao@5.6.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/contao@5.6.1
aliases CVE-2025-57758, GHSA-7m47-r75r-cx8v
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ycnh-mnst-duap
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/contao/contao@5.4.0-RC2