Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/com.liferay/com.liferay.portal.vulcan.impl@5.0.79

Type maven

Namespace com.liferay

Name com.liferay.portal.vulcan.impl

Version 5.0.79

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 5.0.127

Latest_non_vulnerable_version 5.0.127

Affected_by_vulnerabilities

url VCID-53r6-urqs-afes

vulnerability_id VCID-53r6-urqs-afes

summary Liferay Portal 7.4.0 through 7.4.3.101, and Liferay DXP 2023.Q3.0 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA though update 35 does not limit the number of objects returned from a GraphQL queries, which allows remote attackers to perform denial-of-service (DoS) attacks on the application by executing queries that return a large number of objects.

references

reference_url

http://github.com/liferay/liferay-portal/commit/8f7eb98e05a5ea6961346ecc21fd73e4b46bba99

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://github.com/liferay/liferay-portal/commit/8f7eb98e05a5ea6961346ecc21fd73e4b46bba99

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-43796

reference_id

reference_type

scores

value	0.00226
scoring_system	epss
scoring_elements	0.45644
published_at	2026-06-12T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45496
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-43796

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://github.com/liferay/liferay-portal/commit/2e4adf041e31f3474a14c29b7c135693f6529400

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/2e4adf041e31f3474a14c29b7c135693f6529400

reference_url

https://github.com/liferay/liferay-portal/commit/2f74f23982fb03238f9b4ae145c33a9c1084f07e

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/2f74f23982fb03238f9b4ae145c33a9c1084f07e

reference_url

https://github.com/liferay/liferay-portal/commit/3780804b0d8f4f14bfca470a3e2e662bc6cef588

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/3780804b0d8f4f14bfca470a3e2e662bc6cef588

reference_url

https://github.com/liferay/liferay-portal/commit/8344aec3bebcd2ca409794523d5db5be6047c3dd

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/8344aec3bebcd2ca409794523d5db5be6047c3dd

reference_url

https://github.com/liferay/liferay-portal/commit/83e77963499d4d3e7cc82cc48e63c992f6f29a6d

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/83e77963499d4d3e7cc82cc48e63c992f6f29a6d

reference_url

https://github.com/liferay/liferay-portal/commit/8dda4adc0e9e7b6f82d4b3959592cad61640309b

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/8dda4adc0e9e7b6f82d4b3959592cad61640309b

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-43796

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-43796

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43796

reference_id

CVE-2025-43796

reference_type

scores

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-12T19:27:21Z/

url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43796

reference_url	https://github.com/advisories/GHSA-f3hf-r62c-mfrj
reference_id	GHSA-f3hf-r62c-mfrj
reference_type
scores
url	https://github.com/advisories/GHSA-f3hf-r62c-mfrj

fixed_packages

url pkg:maven/com.liferay/com.liferay.portal.vulcan.impl@5.0.105

purl pkg:maven/com.liferay/com.liferay.portal.vulcan.impl@5.0.105

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-e3n1-c81q-y7br

vulnerability	VCID-eng3-2741-47fm

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.portal.vulcan.impl@5.0.105

aliases CVE-2025-43796, GHSA-f3hf-r62c-mfrj

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-53r6-urqs-afes

url VCID-e3n1-c81q-y7br

vulnerability_id VCID-e3n1-c81q-y7br

summary Enumeration of ERC from object entry in Liferay Portal 7.4.0 through 7.4.3.128, and Liferay DXP 2024.Q3.0 through 2024.Q3.1, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 and 7.4 GA through update 92 allow attackers to determine existent ERC in the application by exploit the time response.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-43786

reference_id

reference_type

scores

value	0.00062
scoring_system	epss
scoring_elements	0.19719
published_at	2026-06-12T12:55:00Z

value	0.00062
scoring_system	epss
scoring_elements	0.19544
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-43786

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://github.com/liferay/liferay-portal/commit/8f9728086bd61661437b0aa8493c83510914a474

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/8f9728086bd61661437b0aa8493c83510914a474

reference_url

https://github.com/liferay/liferay-portal/commit/e34499eab2ce1d544835835afe6733a78b4ab532

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/e34499eab2ce1d544835835afe6733a78b4ab532

reference_url

https://github.com/liferay/liferay-portal/commit/e4a140d6d92e92911f08fe33051b677742531f19

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/e4a140d6d92e92911f08fe33051b677742531f19

reference_url

https://liferay.atlassian.net/browse/LPE-18106

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://liferay.atlassian.net/browse/LPE-18106

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-43786

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-43786

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43786

reference_id

CVE-2025-43786

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-10T15:57:30Z/

url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43786

reference_url	https://github.com/advisories/GHSA-9p7x-8c57-4pqv
reference_id	GHSA-9p7x-8c57-4pqv
reference_type
scores
url	https://github.com/advisories/GHSA-9p7x-8c57-4pqv

fixed_packages

url	pkg:maven/com.liferay/com.liferay.portal.vulcan.impl@5.0.127
purl	pkg:maven/com.liferay/com.liferay.portal.vulcan.impl@5.0.127
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.portal.vulcan.impl@5.0.127

aliases CVE-2025-43786, GHSA-9p7x-8c57-4pqv

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e3n1-c81q-y7br

url VCID-eng3-2741-47fm

vulnerability_id VCID-eng3-2741-47fm

summary A memory leak in the headless API for StructuredContents in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2024.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows an attacker to cause server unavailability (denial of service) via repeatedly calling the API endpoint.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-43816

reference_id

reference_type

scores

value	0.00141
scoring_system	epss
scoring_elements	0.34091
published_at	2026-06-11T12:55:00Z

value	0.00141
scoring_system	epss
scoring_elements	0.34268
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-43816

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://liferay.atlassian.net/browse/LPE-18005

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://liferay.atlassian.net/browse/LPE-18005

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43816

reference_id

CVE-2025-43816

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-26T17:38:55Z/

url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43816

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-43816

reference_id

CVE-2025-43816

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-43816

reference_url

https://github.com/advisories/GHSA-hrqm-qpw9-w8rv

reference_id

GHSA-hrqm-qpw9-w8rv

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-hrqm-qpw9-w8rv

fixed_packages

url pkg:maven/com.liferay/com.liferay.portal.vulcan.impl@5.0.115

purl pkg:maven/com.liferay/com.liferay.portal.vulcan.impl@5.0.115

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-e3n1-c81q-y7br

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.portal.vulcan.impl@5.0.115

aliases CVE-2025-43816, GHSA-hrqm-qpw9-w8rv

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eng3-2741-47fm

url VCID-v1t7-ftn6-1bcw

vulnerability_id VCID-v1t7-ftn6-1bcw

summary Liferay Portal 7.4.0 through 7.4.3.97, and Liferay DXP 2023.Q3.1 through 2023.Q3.2, 7.4 GA through update 92, 7.3 GA through update 35, and 7.2 fix pack 8 through fix pack 20 does not limit the depth of a GraphQL queries, which allows remote attackers to perform denial-of-service (DoS) attacks on the application by executing complex queries.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-3602

reference_id

reference_type

scores

value	0.00547
scoring_system	epss
scoring_elements	0.68378
published_at	2026-06-12T12:55:00Z

value	0.00547
scoring_system	epss
scoring_elements	0.6829
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-3602

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://github.com/liferay/liferay-portal/commit/6c6dad38c9c891ad58cdee9deb2e35432d7e8816

reference_id

reference_type

scores

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/6c6dad38c9c891ad58cdee9deb2e35432d7e8816

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-3602

reference_id

reference_type

scores

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-3602

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-3602

reference_id

CVE-2025-3602

reference_type

scores

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T14:29:39Z/

url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-3602

reference_url	https://github.com/advisories/GHSA-8c26-xm99-53w7
reference_id	GHSA-8c26-xm99-53w7
reference_type
scores
url	https://github.com/advisories/GHSA-8c26-xm99-53w7

fixed_packages

url pkg:maven/com.liferay/com.liferay.portal.vulcan.impl@5.0.103

purl pkg:maven/com.liferay/com.liferay.portal.vulcan.impl@5.0.103

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-53r6-urqs-afes

vulnerability	VCID-e3n1-c81q-y7br

vulnerability	VCID-eng3-2741-47fm

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.portal.vulcan.impl@5.0.103

aliases CVE-2025-3602, GHSA-8c26-xm99-53w7

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v1t7-ftn6-1bcw

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.portal.vulcan.impl@5.0.79

Package Instance