Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/civetweb@1.13%2Bdfsg-5?distro=trixie
Typedeb
Namespacedebian
Namecivetweb
Version1.13+dfsg-5
Qualifiers
distro trixie
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.15+dfsg-1
Latest_non_vulnerable_version1.16+dfsg-4
Affected_by_vulnerabilities
0
url VCID-ee9e-j9ah-5fc6
vulnerability_id VCID-ee9e-j9ah-5fc6
summary The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file upload mechanism, via the mg_handle_form_request API. Web applications that use the file upload form handler, and use parts of the user-controlled filename in the output path, are susceptible to directory traversal
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27304.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27304.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-27304
reference_id
reference_type
scores
0
value 0.00995
scoring_system epss
scoring_elements 0.7728
published_at 2026-06-04T12:55:00Z
1
value 0.00995
scoring_system epss
scoring_elements 0.7731
published_at 2026-06-05T12:55:00Z
2
value 0.00995
scoring_system epss
scoring_elements 0.7732
published_at 2026-06-06T12:55:00Z
3
value 0.00995
scoring_system epss
scoring_elements 0.77309
published_at 2026-06-07T12:55:00Z
4
value 0.00995
scoring_system epss
scoring_elements 0.773
published_at 2026-06-08T12:55:00Z
5
value 0.00995
scoring_system epss
scoring_elements 0.77321
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-27304
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27304
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27304
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2016640
reference_id 2016640
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2016640
4
reference_url https://access.redhat.com/errata/RHSA-2021:4902
reference_id RHSA-2021:4902
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4902
fixed_packages
0
url pkg:deb/debian/civetweb@1.15%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/civetweb@1.15%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/civetweb@1.15%252Bdfsg-1%3Fdistro=trixie
1
url pkg:deb/debian/civetweb@1.15%2Bdfsg-4?distro=trixie
purl pkg:deb/debian/civetweb@1.15%2Bdfsg-4?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ng4g-9jxp-u3f2
1
vulnerability VCID-nmnu-s5c8-8bf9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/civetweb@1.15%252Bdfsg-4%3Fdistro=trixie
2
url pkg:deb/debian/civetweb@1.16%2Bdfsg-2%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/civetweb@1.16%2Bdfsg-2%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/civetweb@1.16%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie
3
url pkg:deb/debian/civetweb@1.16%2Bdfsg-4?distro=trixie
purl pkg:deb/debian/civetweb@1.16%2Bdfsg-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/civetweb@1.16%252Bdfsg-4%3Fdistro=trixie
aliases CVE-2020-27304
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ee9e-j9ah-5fc6
1
url VCID-ng4g-9jxp-u3f2
vulnerability_id VCID-ng4g-9jxp-u3f2
summary A vulnerability in the CivetWeb library's function mg_handle_form_request allows remote attackers to trigger a denial of service (DoS) condition. By sending a specially crafted HTTP POST request containing a null byte in the payload, the server enters an infinite loop during form data parsing. Multiple malicious requests will result in complete CPU exhaustion and render the service unresponsive to further requests. This issue was fixed in commit 782e189. This issue affects only the library, standalone executable pre-built by vendor is not affected.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9648.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9648.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-9648
reference_id
reference_type
scores
0
value 0.00979
scoring_system epss
scoring_elements 0.77114
published_at 2026-06-08T12:55:00Z
1
value 0.00979
scoring_system epss
scoring_elements 0.77125
published_at 2026-06-05T12:55:00Z
2
value 0.00979
scoring_system epss
scoring_elements 0.77135
published_at 2026-06-09T12:55:00Z
3
value 0.00979
scoring_system epss
scoring_elements 0.77123
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-9648
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9648
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9648
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118285
reference_id 1118285
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118285
5
reference_url https://github.com/civetweb/civetweb/issues/1348
reference_id 1348
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-29T12:53:35Z/
url https://github.com/civetweb/civetweb/issues/1348
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2400107
reference_id 2400107
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2400107
7
reference_url https://github.com/civetweb/civetweb/commit/782e18903515f43bafbf2e668994e82bdfa51133
reference_id 782e18903515f43bafbf2e668994e82bdfa51133
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-29T12:53:35Z/
url https://github.com/civetweb/civetweb/commit/782e18903515f43bafbf2e668994e82bdfa51133
8
reference_url https://github.com/civetweb/civetweb
reference_id civetweb
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-29T12:53:35Z/
url https://github.com/civetweb/civetweb
9
reference_url https://cert.pl/en/posts/2025/09/CVE-2025-9648
reference_id CVE-2025-9648
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-29T12:53:35Z/
url https://cert.pl/en/posts/2025/09/CVE-2025-9648
10
reference_url https://access.redhat.com/errata/RHSA-2025:21929
reference_id RHSA-2025:21929
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:21929
11
reference_url https://access.redhat.com/errata/RHSA-2025:22179
reference_id RHSA-2025:22179
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:22179
12
reference_url https://access.redhat.com/errata/RHSA-2025:23248
reference_id RHSA-2025:23248
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23248
fixed_packages
0
url pkg:deb/debian/civetweb@1.16%2Bdfsg-2%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/civetweb@1.16%2Bdfsg-2%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/civetweb@1.16%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie
1
url pkg:deb/debian/civetweb@1.16%2Bdfsg-4?distro=trixie
purl pkg:deb/debian/civetweb@1.16%2Bdfsg-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/civetweb@1.16%252Bdfsg-4%3Fdistro=trixie
aliases CVE-2025-9648
risk_score 3.9
exploitability 0.5
weighted_severity 7.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ng4g-9jxp-u3f2
2
url VCID-nmnu-s5c8-8bf9
vulnerability_id VCID-nmnu-s5c8-8bf9
summary Buffer Overflow in the URI parser of CivetWeb 1.14 through 1.16 (latest) allows a remote attacker to achieve remote code execution via a crafted HTTP request. This vulnerability is triggered during request processing and may allow an attacker to corrupt heap memory, potentially leading to denial of service or arbitrary code execution.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-55763
reference_id
reference_type
scores
0
value 0.03251
scoring_system epss
scoring_elements 0.87392
published_at 2026-06-09T12:55:00Z
1
value 0.03251
scoring_system epss
scoring_elements 0.87386
published_at 2026-06-05T12:55:00Z
2
value 0.03251
scoring_system epss
scoring_elements 0.87383
published_at 2026-06-06T12:55:00Z
3
value 0.03251
scoring_system epss
scoring_elements 0.8738
published_at 2026-06-07T12:55:00Z
4
value 0.03251
scoring_system epss
scoring_elements 0.87379
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-55763
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55763
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55763
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112507
reference_id 1112507
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112507
3
reference_url https://github.com/civetweb/civetweb
reference_id civetweb
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-29T17:04:53Z/
url https://github.com/civetweb/civetweb
4
reference_url https://github.com/krispybyte/CVE-2025-55763
reference_id CVE-2025-55763
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-29T17:04:53Z/
url https://github.com/krispybyte/CVE-2025-55763
fixed_packages
0
url pkg:deb/debian/civetweb@1.16%2Bdfsg-2%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/civetweb@1.16%2Bdfsg-2%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/civetweb@1.16%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie
1
url pkg:deb/debian/civetweb@1.16%2Bdfsg-3?distro=trixie
purl pkg:deb/debian/civetweb@1.16%2Bdfsg-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/civetweb@1.16%252Bdfsg-3%3Fdistro=trixie
2
url pkg:deb/debian/civetweb@1.16%2Bdfsg-4?distro=trixie
purl pkg:deb/debian/civetweb@1.16%2Bdfsg-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/civetweb@1.16%252Bdfsg-4%3Fdistro=trixie
aliases CVE-2025-55763
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nmnu-s5c8-8bf9
Fixing_vulnerabilities
0
url VCID-aenh-kq75-nfg1
vulnerability_id VCID-aenh-kq75-nfg1
summary Out-of-bounds Read in the send_ssi_file function in civetweb.c in CivetWeb through 1.10 allows attackers to cause a Denial of Service or Information Disclosure via a crafted SSI file.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12684.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12684.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-12684
reference_id
reference_type
scores
0
value 0.00189
scoring_system epss
scoring_elements 0.40486
published_at 2026-06-04T12:55:00Z
1
value 0.00189
scoring_system epss
scoring_elements 0.40566
published_at 2026-06-05T12:55:00Z
2
value 0.00189
scoring_system epss
scoring_elements 0.40568
published_at 2026-06-06T12:55:00Z
3
value 0.00189
scoring_system epss
scoring_elements 0.4054
published_at 2026-06-07T12:55:00Z
4
value 0.00189
scoring_system epss
scoring_elements 0.4051
published_at 2026-06-08T12:55:00Z
5
value 0.00189
scoring_system epss
scoring_elements 0.40524
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-12684
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1595529
reference_id 1595529
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1595529
fixed_packages
0
url pkg:deb/debian/civetweb@0?distro=trixie
purl pkg:deb/debian/civetweb@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/civetweb@0%3Fdistro=trixie
1
url pkg:deb/debian/civetweb@1.13%2Bdfsg-5?distro=trixie
purl pkg:deb/debian/civetweb@1.13%2Bdfsg-5?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ee9e-j9ah-5fc6
1
vulnerability VCID-ng4g-9jxp-u3f2
2
vulnerability VCID-nmnu-s5c8-8bf9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/civetweb@1.13%252Bdfsg-5%3Fdistro=trixie
2
url pkg:deb/debian/civetweb@1.15%2Bdfsg-4?distro=trixie
purl pkg:deb/debian/civetweb@1.15%2Bdfsg-4?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ng4g-9jxp-u3f2
1
vulnerability VCID-nmnu-s5c8-8bf9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/civetweb@1.15%252Bdfsg-4%3Fdistro=trixie
3
url pkg:deb/debian/civetweb@1.16%2Bdfsg-2%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/civetweb@1.16%2Bdfsg-2%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/civetweb@1.16%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/civetweb@1.16%2Bdfsg-4?distro=trixie
purl pkg:deb/debian/civetweb@1.16%2Bdfsg-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/civetweb@1.16%252Bdfsg-4%3Fdistro=trixie
aliases CVE-2018-12684
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-aenh-kq75-nfg1
1
url VCID-nhk2-8j33-5qg5
vulnerability_id VCID-nhk2-8j33-5qg5
summary Vulnerability related to an unquoted search path in CivetWeb v1.16. This vulnerability allows a local attacker to execute arbitrary code with elevated privileges by placing a malicious executable in a directory that is scanned before the intended application path (C:\Program Files\CivetWeb\CivetWeb.exe --), due to the absence of quotes in the service configuration.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-5789
reference_id
reference_type
scores
0
value 0.00017
scoring_system epss
scoring_elements 0.0423
published_at 2026-06-06T12:55:00Z
1
value 0.00017
scoring_system epss
scoring_elements 0.04193
published_at 2026-06-08T12:55:00Z
2
value 0.00017
scoring_system epss
scoring_elements 0.04219
published_at 2026-06-09T12:55:00Z
3
value 0.00017
scoring_system epss
scoring_elements 0.04231
published_at 2026-06-05T12:55:00Z
4
value 0.00017
scoring_system epss
scoring_elements 0.0422
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-5789
1
reference_url https://www.incibe.es/en/incibe-cert/notices/aviso/search-path-without-quotes-civetweb
reference_id search-path-without-quotes-civetweb
reference_type
scores
0
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T19:27:46Z/
url https://www.incibe.es/en/incibe-cert/notices/aviso/search-path-without-quotes-civetweb
fixed_packages
0
url pkg:deb/debian/civetweb@0?distro=trixie
purl pkg:deb/debian/civetweb@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/civetweb@0%3Fdistro=trixie
1
url pkg:deb/debian/civetweb@1.13%2Bdfsg-5?distro=trixie
purl pkg:deb/debian/civetweb@1.13%2Bdfsg-5?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ee9e-j9ah-5fc6
1
vulnerability VCID-ng4g-9jxp-u3f2
2
vulnerability VCID-nmnu-s5c8-8bf9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/civetweb@1.13%252Bdfsg-5%3Fdistro=trixie
2
url pkg:deb/debian/civetweb@1.15%2Bdfsg-4?distro=trixie
purl pkg:deb/debian/civetweb@1.15%2Bdfsg-4?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ng4g-9jxp-u3f2
1
vulnerability VCID-nmnu-s5c8-8bf9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/civetweb@1.15%252Bdfsg-4%3Fdistro=trixie
3
url pkg:deb/debian/civetweb@1.16%2Bdfsg-2%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/civetweb@1.16%2Bdfsg-2%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/civetweb@1.16%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/civetweb@1.16%2Bdfsg-4?distro=trixie
purl pkg:deb/debian/civetweb@1.16%2Bdfsg-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/civetweb@1.16%252Bdfsg-4%3Fdistro=trixie
aliases CVE-2026-5789
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nhk2-8j33-5qg5
Risk_score4.4
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/civetweb@1.13%252Bdfsg-5%3Fdistro=trixie