Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/%40payloadcms/drizzle@3.0.2-canary.03cffa2
Typenpm
Namespace@payloadcms
Namedrizzle
Version3.0.2-canary.03cffa2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.73.0
Latest_non_vulnerable_version3.73.0
Affected_by_vulnerabilities
0
url VCID-m9an-nfpy-ayhe
vulnerability_id VCID-m9an-nfpy-ayhe
summary Payload is a free and open source headless content management system. Prior to 3.73.0, when querying JSON or richText fields, user input was directly embedded into SQL without escaping, enabling blind SQL injection attacks. An unauthenticated attacker could extract sensitive data (emails, password reset tokens) and achieve full account takeover without password cracking. This vulnerability is fixed in 3.73.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25544
reference_id
reference_type
scores
0
value 0.00045
scoring_system epss
scoring_elements 0.14304
published_at 2026-06-14T12:55:00Z
1
value 0.00045
scoring_system epss
scoring_elements 0.14331
published_at 2026-06-13T12:55:00Z
2
value 0.00045
scoring_system epss
scoring_elements 0.14212
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25544
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25544
reference_id CVE-2026-25544
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25544
2
reference_url https://github.com/advisories/GHSA-xx6w-jxg9-2wh8
reference_id GHSA-xx6w-jxg9-2wh8
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xx6w-jxg9-2wh8
3
reference_url https://github.com/payloadcms/payload/security/advisories/GHSA-xx6w-jxg9-2wh8
reference_id GHSA-xx6w-jxg9-2wh8
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-09T15:22:49Z/
url https://github.com/payloadcms/payload/security/advisories/GHSA-xx6w-jxg9-2wh8
fixed_packages
0
url pkg:npm/%40payloadcms/drizzle@3.73.0
purl pkg:npm/%40payloadcms/drizzle@3.73.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540payloadcms/drizzle@3.73.0
aliases CVE-2026-25544, GHSA-xx6w-jxg9-2wh8
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m9an-nfpy-ayhe
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/%2540payloadcms/drizzle@3.0.2-canary.03cffa2