Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/openviking@0.2.16.dev9
Typepypi
Namespace
Nameopenviking
Version0.2.16.dev9
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version0.3.9
Latest_non_vulnerable_version0.3.9
Affected_by_vulnerabilities
0
url VCID-49ck-nv4f-2qh6
vulnerability_id VCID-49ck-nv4f-2qh6
summary OpenViking prior to version 0.3.9 contains an authentication bypass vulnerability in the VikingBot OpenAPI HTTP route surface where the authentication check fails open when the api_key configuration value is unset or empty. Remote attackers with network access to the exposed service can invoke privileged bot-control functionality without providing a valid X-API-Key header, including submitting attacker-controlled prompts, creating or using bot sessions, and accessing downstream tools, integrations, secrets, or data accessible to the bot.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-40525
reference_id
reference_type
scores
0
value 0.00144
scoring_system epss
scoring_elements 0.3452
published_at 2026-06-11T12:55:00Z
1
value 0.00144
scoring_system epss
scoring_elements 0.34701
published_at 2026-06-14T12:55:00Z
2
value 0.00144
scoring_system epss
scoring_elements 0.34721
published_at 2026-06-13T12:55:00Z
3
value 0.00144
scoring_system epss
scoring_elements 0.34697
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-40525
1
reference_url https://github.com/volcengine/OpenViking
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/volcengine/OpenViking
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-40525
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-40525
3
reference_url https://github.com/volcengine/OpenViking/pull/1447
reference_id 1447
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-20T13:37:40Z/
url https://github.com/volcengine/OpenViking/pull/1447
4
reference_url https://github.com/volcengine/OpenViking/commit/c7bb1676f4d037609f041bf39e4e2bd52e8f9820
reference_id c7bb1676f4d037609f041bf39e4e2bd52e8f9820
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-20T13:37:40Z/
url https://github.com/volcengine/OpenViking/commit/c7bb1676f4d037609f041bf39e4e2bd52e8f9820
5
reference_url https://github.com/advisories/GHSA-jgq2-vq69-gr6h
reference_id GHSA-jgq2-vq69-gr6h
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jgq2-vq69-gr6h
6
reference_url https://www.vulncheck.com/advisories/openviking-authentication-bypass-via-vikingbot-openapi
reference_id openviking-authentication-bypass-via-vikingbot-openapi
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-20T13:37:40Z/
url https://www.vulncheck.com/advisories/openviking-authentication-bypass-via-vikingbot-openapi
7
reference_url https://github.com/volcengine/OpenViking/releases/tag/v0.3.9
reference_id v0.3.9
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-20T13:37:40Z/
url https://github.com/volcengine/OpenViking/releases/tag/v0.3.9
fixed_packages
0
url pkg:pypi/openviking@0.3.9
purl pkg:pypi/openviking@0.3.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openviking@0.3.9
aliases CVE-2026-40525, GHSA-jgq2-vq69-gr6h
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-49ck-nv4f-2qh6
1
url VCID-aq14-8b5e-tbdm
vulnerability_id VCID-aq14-8b5e-tbdm
summary OpenViking versions prior to 0.3.3 contain a missing authorization vulnerability in the task polling endpoints that allows unauthorized attackers to enumerate or retrieve background task metadata created by other users. Attackers can access the /api/v1/tasks and /api/v1/tasks/{task_id} routes without authentication to expose task type, task status, resource identifiers, archive URIs, result payloads, and error information, potentially causing cross-tenant interference in multi-tenant deployments.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-22680
reference_id
reference_type
scores
0
value 0.0012
scoring_system epss
scoring_elements 0.3075
published_at 2026-06-14T12:55:00Z
1
value 0.00154
scoring_system epss
scoring_elements 0.3594
published_at 2026-06-11T12:55:00Z
2
value 0.00154
scoring_system epss
scoring_elements 0.36143
published_at 2026-06-13T12:55:00Z
3
value 0.00154
scoring_system epss
scoring_elements 0.3612
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-22680
1
reference_url https://github.com/volcengine/OpenViking
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/volcengine/OpenViking
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-22680
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-22680
3
reference_url https://github.com/volcengine/OpenViking/pull/1182
reference_id 1182
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-08T18:49:04Z/
url https://github.com/volcengine/OpenViking/pull/1182
4
reference_url https://github.com/volcengine/OpenViking/commit/8c1c3f3608364ee0bb0e45f73478771a68aebdf5
reference_id 8c1c3f3608364ee0bb0e45f73478771a68aebdf5
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-08T18:49:04Z/
url https://github.com/volcengine/OpenViking/commit/8c1c3f3608364ee0bb0e45f73478771a68aebdf5
5
reference_url https://github.com/advisories/GHSA-h336-2wxm-pr6q
reference_id GHSA-h336-2wxm-pr6q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h336-2wxm-pr6q
6
reference_url https://www.vulncheck.com/advisories/openviking-missing-authorization-via-task-polling
reference_id openviking-missing-authorization-via-task-polling
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-08T18:49:04Z/
url https://www.vulncheck.com/advisories/openviking-missing-authorization-via-task-polling
7
reference_url https://github.com/volcengine/OpenViking/releases/tag/v0.3.3
reference_id v0.3.3
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-08T18:49:04Z/
url https://github.com/volcengine/OpenViking/releases/tag/v0.3.3
fixed_packages
0
url pkg:pypi/openviking@0.3.3
purl pkg:pypi/openviking@0.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49ck-nv4f-2qh6
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openviking@0.3.3
aliases CVE-2026-22680, GHSA-h336-2wxm-pr6q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-aq14-8b5e-tbdm
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/openviking@0.2.16.dev9