Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/contao/contao@4.13.51

Type composer

Namespace contao

Name contao

Version 4.13.51

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 4.13.56

Latest_non_vulnerable_version 5.6.1

Affected_by_vulnerabilities

url VCID-f1az-1ejn-53f7

vulnerability_id VCID-f1az-1ejn-53f7

summary

Contao discloses sensitive information in the front end search index
Protected content elements that are rendered as fragments are indexed and become publicly available in the front end search.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-57756

reference_id

reference_type

scores

value	0.00066
scoring_system	epss
scoring_elements	0.20802
published_at	2026-06-05T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.20675
published_at	2026-06-08T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.20745
published_at	2026-06-07T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.20789
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-57756

reference_url

https://contao.org/en/security-advisories/information-disclosure-in-the-front-end-search-index

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-28T17:49:20Z/

url

https://contao.org/en/security-advisories/information-disclosure-in-the-front-end-search-index

reference_url

https://github.com/contao/contao

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/contao/contao

reference_url

https://github.com/contao/contao/commit/a03976c459b6f3985a28f6488b82a76ffb6c0514

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-28T17:49:20Z/

url

https://github.com/contao/contao/commit/a03976c459b6f3985a28f6488b82a76ffb6c0514

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-57756

reference_id

CVE-2025-57756

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-57756

reference_url	https://github.com/advisories/GHSA-2xmj-8wmq-7475
reference_id	GHSA-2xmj-8wmq-7475
reference_type
scores
url	https://github.com/advisories/GHSA-2xmj-8wmq-7475

reference_url

https://github.com/contao/contao/security/advisories/GHSA-2xmj-8wmq-7475

reference_id

GHSA-2xmj-8wmq-7475

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-28T17:49:20Z/

url

https://github.com/contao/contao/security/advisories/GHSA-2xmj-8wmq-7475

fixed_packages

url	pkg:composer/contao/contao@4.13.56
purl	pkg:composer/contao/contao@4.13.56
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/contao/contao@4.13.56

url	pkg:composer/contao/contao@5.3.38
purl	pkg:composer/contao/contao@5.3.38
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/contao/contao@5.3.38

url	pkg:composer/contao/contao@5.6.1
purl	pkg:composer/contao/contao@5.6.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/contao/contao@5.6.1

aliases CVE-2025-57756, GHSA-2xmj-8wmq-7475

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f1az-1ejn-53f7

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/contao@4.13.51

Package Instance