Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.opencastproject/opencast-common@12.9
Typemaven
Namespaceorg.opencastproject
Nameopencast-common
Version12.9
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version18.5
Latest_non_vulnerable_version18.5
Affected_by_vulnerabilities
0
url VCID-bn7h-rrh5-q3am
vulnerability_id VCID-bn7h-rrh5-q3am
summary Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 17.8 and 18.2, the paella would include and render some user inputs (metadata like title, description, etc.) unfiltered and unmodified. The vulnerability allows attackers to inject and malicious HTML and JavaScript in the player, which would then be executed in the browsers of users watching the prepared media. This can then be used to modify the site or to execute actions in the name of logged-in users. To inject malicious metadata, an attacker needs write access to the system. For example, the ability to upload media and modify metadata. This cannot be exploited by unauthenticated users. This issue is fixed in Opencast 17.8 and 18.2.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-61788
reference_id
reference_type
scores
0
value 0.00087
scoring_system epss
scoring_elements 0.25006
published_at 2026-06-11T12:55:00Z
1
value 0.00087
scoring_system epss
scoring_elements 0.25206
published_at 2026-06-12T12:55:00Z
2
value 0.00095
scoring_system epss
scoring_elements 0.26527
published_at 2026-06-13T12:55:00Z
3
value 0.00095
scoring_system epss
scoring_elements 0.26514
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-61788
1
reference_url https://github.com/opencast/opencast
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/opencast/opencast
2
reference_url https://github.com/opencast/opencast/commit/2809520fa88d108d8104c760f00c10bad42c14f9
reference_id 2809520fa88d108d8104c760f00c10bad42c14f9
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-08T18:26:03Z/
url https://github.com/opencast/opencast/commit/2809520fa88d108d8104c760f00c10bad42c14f9
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-61788
reference_id CVE-2025-61788
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-61788
4
reference_url https://github.com/advisories/GHSA-m2vg-rmq6-p62r
reference_id GHSA-m2vg-rmq6-p62r
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m2vg-rmq6-p62r
5
reference_url https://github.com/opencast/opencast/security/advisories/GHSA-m2vg-rmq6-p62r
reference_id GHSA-m2vg-rmq6-p62r
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-08T18:26:03Z/
url https://github.com/opencast/opencast/security/advisories/GHSA-m2vg-rmq6-p62r
fixed_packages
0
url pkg:maven/org.opencastproject/opencast-common@18.5
purl pkg:maven/org.opencastproject/opencast-common@18.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.opencastproject/opencast-common@18.5
aliases CVE-2025-61788, GHSA-m2vg-rmq6-p62r
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bn7h-rrh5-q3am
1
url VCID-svjg-7bga-vyff
vulnerability_id VCID-svjg-7bga-vyff
summary Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to version 17.6, Opencast would incorrectly send the hashed global system account credentials (ie: org.opencastproject.security.digest.user and org.opencastproject.security.digest.pass) when attempting to fetch mediapackage elements included in a mediapackage XML file. A previous CVE prevented many cases where the credentials were inappropriately sent, but not all. Anyone with ingest permissions could cause Opencast to send its hashed global system account credentials to a url of their choosing. This issue is fixed in Opencast 17.6.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-54380
reference_id
reference_type
scores
0
value 0.00189
scoring_system epss
scoring_elements 0.4064
published_at 2026-06-11T12:55:00Z
1
value 0.00189
scoring_system epss
scoring_elements 0.40818
published_at 2026-06-14T12:55:00Z
2
value 0.00189
scoring_system epss
scoring_elements 0.40808
published_at 2026-06-12T12:55:00Z
3
value 0.00189
scoring_system epss
scoring_elements 0.40831
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-54380
1
reference_url https://github.com/opencast/opencast
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/opencast/opencast
2
reference_url https://github.com/opencast/opencast/commit/2d3219113e2b9fadfb06443f5468b1c2157827a6
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/opencast/opencast/commit/2d3219113e2b9fadfb06443f5468b1c2157827a6
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-54380
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-54380
4
reference_url https://github.com/opencast/opencast/commit/e8980435342149375802648b9c9e696c9a5f0c9a
reference_id e8980435342149375802648b9c9e696c9a5f0c9a
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:59:53Z/
url https://github.com/opencast/opencast/commit/e8980435342149375802648b9c9e696c9a5f0c9a
5
reference_url https://github.com/opencast/opencast/security/advisories/GHSA-hcxx-mp6g-6gr9
reference_id GHSA-hcxx-mp6g-6gr9
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:59:53Z/
url https://github.com/opencast/opencast/security/advisories/GHSA-hcxx-mp6g-6gr9
6
reference_url https://github.com/advisories/GHSA-j63h-hmgw-x4j7
reference_id GHSA-j63h-hmgw-x4j7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j63h-hmgw-x4j7
7
reference_url https://github.com/opencast/opencast/security/advisories/GHSA-j63h-hmgw-x4j7
reference_id GHSA-j63h-hmgw-x4j7
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:59:53Z/
url https://github.com/opencast/opencast/security/advisories/GHSA-j63h-hmgw-x4j7
fixed_packages
0
url pkg:maven/org.opencastproject/opencast-common@17.6
purl pkg:maven/org.opencastproject/opencast-common@17.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.opencastproject/opencast-common@17.6
1
url pkg:maven/org.opencastproject/opencast-common@18.5
purl pkg:maven/org.opencastproject/opencast-common@18.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.opencastproject/opencast-common@18.5
aliases CVE-2025-54380, GHSA-j63h-hmgw-x4j7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-svjg-7bga-vyff
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.opencastproject/opencast-common@12.9