Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/psy/psysh@0.1.9
Typecomposer
Namespacepsy
Namepsysh
Version0.1.9
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version0.11.23
Latest_non_vulnerable_version0.12.19
Affected_by_vulnerabilities
0
url VCID-3y1b-7rsj-vugy
vulnerability_id VCID-3y1b-7rsj-vugy
summary 
PsySH has Local Privilege Escalation via CWD .psysh.php auto-load
PsySH automatically loads and executes a `.psysh.php` file from the Current Working Directory (CWD) on startup. If an attacker can write to a directory that a victim later uses as their CWD when launching PsySH, the attacker can trigger arbitrary code execution in the victim's context. When the victim runs PsySH with elevated privileges (e.g., root), this results in local privilege escalation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25129
reference_id
reference_type
scores
0
value 7e-05
scoring_system epss
scoring_elements 0.0051
published_at 2026-06-06T12:55:00Z
1
value 7e-05
scoring_system epss
scoring_elements 0.00506
published_at 2026-06-09T12:55:00Z
2
value 7e-05
scoring_system epss
scoring_elements 0.00502
published_at 2026-06-08T12:55:00Z
3
value 7e-05
scoring_system epss
scoring_elements 0.00507
published_at 2026-06-07T12:55:00Z
4
value 7e-05
scoring_system epss
scoring_elements 0.00509
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25129
1
reference_url https://github.com/bobthecow/psysh
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/bobthecow/psysh
2
reference_url https://github.com/bobthecow/psysh/releases/tag/v0.11.23
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-02-02T15:44:26Z/
url https://github.com/bobthecow/psysh/releases/tag/v0.11.23
3
reference_url https://github.com/bobthecow/psysh/releases/tag/v0.12.19
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-02-02T15:44:26Z/
url https://github.com/bobthecow/psysh/releases/tag/v0.12.19
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25129
reference_id CVE-2026-25129
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25129
5
reference_url https://github.com/advisories/GHSA-4486-gxhx-5mg7
reference_id GHSA-4486-gxhx-5mg7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4486-gxhx-5mg7
6
reference_url https://github.com/bobthecow/psysh/security/advisories/GHSA-4486-gxhx-5mg7
reference_id GHSA-4486-gxhx-5mg7
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-02-02T15:44:26Z/
url https://github.com/bobthecow/psysh/security/advisories/GHSA-4486-gxhx-5mg7
fixed_packages
0
url pkg:composer/psy/psysh@0.11.23
purl pkg:composer/psy/psysh@0.11.23
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/psy/psysh@0.11.23
1
url pkg:composer/psy/psysh@0.12.19
purl pkg:composer/psy/psysh@0.12.19
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/psy/psysh@0.12.19
aliases CVE-2026-25129, GHSA-4486-gxhx-5mg7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3y1b-7rsj-vugy
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/psy/psysh@0.1.9