Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/969425?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/969425?format=api", "purl": "pkg:pypi/rucio-webui@1.24.1.post4", "type": "pypi", "namespace": "", "name": "rucio-webui", "version": "1.24.1.post4", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "35.8.3", "latest_non_vulnerable_version": "39.3.1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50361?format=api", "vulnerability_id": "VCID-ba98-9kr9-2qe5", "summary": "Rucio WebUI has a Stored Cross-site Scripting (XSS) Vulnerability in its Custom RSE Attribute\nA stored Cross-site Scripting (XSS) vulnerability was identified in the Custom RSE Attribute of the WebUI where attacker-controlled input is persisted by the backend and later rendered in the WebUI without proper output encoding. This allows arbitrary JavaScript execution in the context of the WebUI for users who view affected pages, potentially enabling session token theft or unauthorized actions.\n\n---", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25736", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.26009", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.259", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25957", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.26003", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25736" }, { "reference_url": "https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-02-26T15:59:14Z/" } ], "url": "https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html" }, { "reference_url": "https://github.com/rucio/rucio", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rucio/rucio" }, { "reference_url": "https://github.com/rucio/rucio/releases/tag/35.8.3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-02-26T15:59:14Z/" } ], "url": "https://github.com/rucio/rucio/releases/tag/35.8.3" }, { "reference_url": "https://github.com/rucio/rucio/releases/tag/38.5.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-02-26T15:59:14Z/" } ], "url": "https://github.com/rucio/rucio/releases/tag/38.5.4" }, { "reference_url": "https://github.com/rucio/rucio/releases/tag/39.3.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-02-26T15:59:14Z/" } ], "url": "https://github.com/rucio/rucio/releases/tag/39.3.1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25736", "reference_id": "CVE-2026-25736", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25736" }, { "reference_url": "https://github.com/advisories/GHSA-fq4f-4738-rqxm", "reference_id": "GHSA-fq4f-4738-rqxm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fq4f-4738-rqxm" }, { "reference_url": "https://github.com/rucio/rucio/security/advisories/GHSA-fq4f-4738-rqxm", "reference_id": "GHSA-fq4f-4738-rqxm", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-02-26T15:59:14Z/" } ], "url": "https://github.com/rucio/rucio/security/advisories/GHSA-fq4f-4738-rqxm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74249?format=api", "purl": "pkg:pypi/rucio-webui@35.8.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/rucio-webui@35.8.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/74250?format=api", "purl": "pkg:pypi/rucio-webui@38.5.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/rucio-webui@38.5.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/74251?format=api", "purl": "pkg:pypi/rucio-webui@39.3.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/rucio-webui@39.3.1" } ], "aliases": [ "CVE-2026-25736", "GHSA-fq4f-4738-rqxm" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ba98-9kr9-2qe5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50388?format=api", "vulnerability_id": "VCID-cck3-675p-wfay", "summary": "Rucio WebUI has a Stored Cross-site Scripting (XSS) vulnerability its Identity Name\nA stored Cross-site Scripting (XSS) vulnerability was identified in the Identity Name of the WebUI where attacker-controlled input is persisted by the backend and later rendered in the WebUI without proper output encoding. This allows arbitrary JavaScript execution in the context of the WebUI for users who view affected pages, potentially enabling session token theft or unauthorized actions.\n\n---", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25735", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.259", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25957", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.26003", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.26009", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25735" }, { "reference_url": "https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html" }, { "reference_url": "https://github.com/rucio/rucio", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rucio/rucio" }, { "reference_url": "https://github.com/rucio/rucio/releases/tag/35.8.3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rucio/rucio/releases/tag/35.8.3" }, { "reference_url": "https://github.com/rucio/rucio/releases/tag/38.5.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rucio/rucio/releases/tag/38.5.4" }, { "reference_url": "https://github.com/rucio/rucio/releases/tag/39.3.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rucio/rucio/releases/tag/39.3.1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25735", "reference_id": "CVE-2026-25735", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25735" }, { "reference_url": "https://github.com/advisories/GHSA-8wpv-6x3f-3rm5", "reference_id": "GHSA-8wpv-6x3f-3rm5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8wpv-6x3f-3rm5" }, { "reference_url": "https://github.com/rucio/rucio/security/advisories/GHSA-8wpv-6x3f-3rm5", "reference_id": "GHSA-8wpv-6x3f-3rm5", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rucio/rucio/security/advisories/GHSA-8wpv-6x3f-3rm5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74249?format=api", "purl": "pkg:pypi/rucio-webui@35.8.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/rucio-webui@35.8.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/74250?format=api", "purl": "pkg:pypi/rucio-webui@38.5.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/rucio-webui@38.5.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/74251?format=api", "purl": "pkg:pypi/rucio-webui@39.3.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/rucio-webui@39.3.1" } ], "aliases": [ "CVE-2026-25735", "GHSA-8wpv-6x3f-3rm5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cck3-675p-wfay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50372?format=api", "vulnerability_id": "VCID-errw-b3eq-hydt", "summary": "Rucio WebUI Vulnerable to Stored Cross-site Scripting (XSS) through Custom Rule Function\nA stored Cross-site Scripting (XSS) vulnerability was identified in the Custom Rules function of the WebUI where attacker-controlled input is persisted by the backend and later rendered in the WebUI without proper output encoding. This allows arbitrary JavaScript execution in the context of the WebUI for users who view affected pages, potentially enabling session token theft or unauthorized actions.\n\n---", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25733", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19873", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.1994", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19983", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19988", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25733" }, { "reference_url": "https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html" }, { "reference_url": "https://github.com/rucio/rucio", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rucio/rucio" }, { "reference_url": "https://github.com/rucio/rucio/releases/tag/35.8.3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rucio/rucio/releases/tag/35.8.3" }, { "reference_url": "https://github.com/rucio/rucio/releases/tag/38.5.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rucio/rucio/releases/tag/38.5.4" }, { "reference_url": "https://github.com/rucio/rucio/releases/tag/39.3.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rucio/rucio/releases/tag/39.3.1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25733", "reference_id": "CVE-2026-25733", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25733" }, { "reference_url": "https://github.com/advisories/GHSA-rwj9-7j48-9f7q", "reference_id": "GHSA-rwj9-7j48-9f7q", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rwj9-7j48-9f7q" }, { "reference_url": "https://github.com/rucio/rucio/security/advisories/GHSA-rwj9-7j48-9f7q", "reference_id": "GHSA-rwj9-7j48-9f7q", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rucio/rucio/security/advisories/GHSA-rwj9-7j48-9f7q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74249?format=api", "purl": "pkg:pypi/rucio-webui@35.8.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/rucio-webui@35.8.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/74250?format=api", "purl": "pkg:pypi/rucio-webui@38.5.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/rucio-webui@38.5.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/74251?format=api", "purl": "pkg:pypi/rucio-webui@39.3.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/rucio-webui@39.3.1" } ], "aliases": [ "CVE-2026-25733", "GHSA-rwj9-7j48-9f7q" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-errw-b3eq-hydt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50383?format=api", "vulnerability_id": "VCID-hmt9-4bxz-9kau", "summary": "Rucio WebUI has a Reflected Cross-site Scripting Vulnerability\nA reflected Cross-site Scripting vulnerability was located in the rendering of the ExceptionMessage of the WebUI 500 error which could allow attackers to steal login session tokens of users who navigate to a specially crafted URL.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25136", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23742", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23627", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23681", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23727", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25136" }, { "reference_url": "https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T20:44:39Z/" } ], "url": "https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html" }, { "reference_url": "https://github.com/rucio/rucio", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rucio/rucio" }, { "reference_url": "https://github.com/rucio/rucio/releases/tag/35.8.3", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T20:44:39Z/" } ], "url": "https://github.com/rucio/rucio/releases/tag/35.8.3" }, { "reference_url": "https://github.com/rucio/rucio/releases/tag/38.5.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T20:44:39Z/" } ], "url": "https://github.com/rucio/rucio/releases/tag/38.5.4" }, { "reference_url": "https://github.com/rucio/rucio/releases/tag/39.3.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T20:44:39Z/" } ], "url": "https://github.com/rucio/rucio/releases/tag/39.3.1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25136", "reference_id": "CVE-2026-25136", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25136" }, { "reference_url": "https://github.com/advisories/GHSA-h79m-5jjm-jm4q", "reference_id": "GHSA-h79m-5jjm-jm4q", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h79m-5jjm-jm4q" }, { "reference_url": "https://github.com/rucio/rucio/security/advisories/GHSA-h79m-5jjm-jm4q", "reference_id": "GHSA-h79m-5jjm-jm4q", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T20:44:39Z/" } ], "url": "https://github.com/rucio/rucio/security/advisories/GHSA-h79m-5jjm-jm4q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74249?format=api", "purl": "pkg:pypi/rucio-webui@35.8.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/rucio-webui@35.8.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/74250?format=api", "purl": "pkg:pypi/rucio-webui@38.5.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/rucio-webui@38.5.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/74251?format=api", "purl": "pkg:pypi/rucio-webui@39.3.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/rucio-webui@39.3.1" } ], "aliases": [ "CVE-2026-25136", "GHSA-h79m-5jjm-jm4q" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hmt9-4bxz-9kau" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50376?format=api", "vulnerability_id": "VCID-qnqm-pubz-hbh9", "summary": "Rucio WebUI has Username Enumeration via Login Error Message\nThe WebUI login endpoint returns distinct error messages depending on whether a supplied username exists, allowing unauthenticated attackers to enumerate valid usernames.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25138", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23101", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22988", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23043", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23088", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25138" }, { "reference_url": "https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html#authentication-and-error-messages", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-26T16:03:18Z/" } ], "url": "https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html#authentication-and-error-messages" }, { "reference_url": "https://github.com/rucio/rucio", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rucio/rucio" }, { "reference_url": "https://github.com/rucio/rucio/releases/tag/35.8.3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-26T16:03:18Z/" } ], "url": "https://github.com/rucio/rucio/releases/tag/35.8.3" }, { "reference_url": "https://github.com/rucio/rucio/releases/tag/38.5.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-26T16:03:18Z/" } ], "url": "https://github.com/rucio/rucio/releases/tag/38.5.4" }, { "reference_url": "https://github.com/rucio/rucio/releases/tag/39.3.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-26T16:03:18Z/" } ], "url": "https://github.com/rucio/rucio/releases/tag/39.3.1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25138", "reference_id": "CVE-2026-25138", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25138" }, { "reference_url": "https://github.com/advisories/GHSA-38wq-6q2w-hcf9", "reference_id": "GHSA-38wq-6q2w-hcf9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-38wq-6q2w-hcf9" }, { "reference_url": "https://github.com/rucio/rucio/security/advisories/GHSA-38wq-6q2w-hcf9", "reference_id": "GHSA-38wq-6q2w-hcf9", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-26T16:03:18Z/" } ], "url": "https://github.com/rucio/rucio/security/advisories/GHSA-38wq-6q2w-hcf9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74249?format=api", "purl": "pkg:pypi/rucio-webui@35.8.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/rucio-webui@35.8.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/74250?format=api", "purl": "pkg:pypi/rucio-webui@38.5.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/rucio-webui@38.5.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/74251?format=api", "purl": "pkg:pypi/rucio-webui@39.3.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/rucio-webui@39.3.1" } ], "aliases": [ "CVE-2026-25138", "GHSA-38wq-6q2w-hcf9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qnqm-pubz-hbh9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50405?format=api", "vulnerability_id": "VCID-uv12-htb1-8ubh", "summary": "Rucio WebUI has Stored Cross-site Scripting (XSS) in RSE Metadata\nA stored Cross-site Scripting (XSS) vulnerability was identified in the RSE metadata of the WebUI where attacker-controlled input is persisted by the backend and later rendered in the WebUI without proper output encoding. This allows arbitrary JavaScript execution in the context of the WebUI for users who view affected pages, potentially enabling session token theft or unauthorized actions.\n\n---", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25734", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.26009", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.259", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25957", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.26003", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25734" }, { "reference_url": "https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-02-26T16:01:30Z/" } ], "url": "https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html" }, { "reference_url": "https://github.com/rucio/rucio", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rucio/rucio" }, { "reference_url": "https://github.com/rucio/rucio/releases/tag/35.8.3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-02-26T16:01:30Z/" } ], "url": "https://github.com/rucio/rucio/releases/tag/35.8.3" }, { "reference_url": "https://github.com/rucio/rucio/releases/tag/38.5.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-02-26T16:01:30Z/" } ], "url": "https://github.com/rucio/rucio/releases/tag/38.5.4" }, { "reference_url": "https://github.com/rucio/rucio/releases/tag/39.3.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-02-26T16:01:30Z/" } ], "url": "https://github.com/rucio/rucio/releases/tag/39.3.1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25734", "reference_id": "CVE-2026-25734", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25734" }, { "reference_url": "https://github.com/advisories/GHSA-h9fp-p2p9-873q", "reference_id": "GHSA-h9fp-p2p9-873q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h9fp-p2p9-873q" }, { "reference_url": "https://github.com/rucio/rucio/security/advisories/GHSA-h9fp-p2p9-873q", "reference_id": "GHSA-h9fp-p2p9-873q", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-02-26T16:01:30Z/" } ], "url": "https://github.com/rucio/rucio/security/advisories/GHSA-h9fp-p2p9-873q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74249?format=api", "purl": "pkg:pypi/rucio-webui@35.8.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/rucio-webui@35.8.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/74250?format=api", "purl": "pkg:pypi/rucio-webui@38.5.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/rucio-webui@38.5.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/74251?format=api", "purl": "pkg:pypi/rucio-webui@39.3.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/rucio-webui@39.3.1" } ], "aliases": [ "CVE-2026-25734", "GHSA-h9fp-p2p9-873q" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uv12-htb1-8ubh" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/rucio-webui@1.24.1.post4" }