Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-hkqm-uwa6-3qaz

Summary InventoryGui is a library for creating chest GUIs for Bukkit/Spigot plugins. Versions 1.6.1-SNAPSHOT and earlier contain a vulnerability where any plugin using the `GuiStorageElement can allow item duplication when the experimental Bundle item feature is enabled on the server. The vulnerability is resolved in version 1.6.2-SNAPSHOT.

Aliases

alias	CVE-2025-62783

alias	GHSA-598q-jw82-5w66

Fixed_packages

url	pkg:maven/de.themoep/inventorygui@1.6.2-SNAPSHOT
purl	pkg:maven/de.themoep/inventorygui@1.6.2-SNAPSHOT
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/de.themoep/inventorygui@1.6.2-SNAPSHOT

Affected_packages

url pkg:maven/de.themoep/inventorygui@1.6.1-SNAPSHOT

purl pkg:maven/de.themoep/inventorygui@1.6.1-SNAPSHOT

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hkqm-uwa6-3qaz

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/de.themoep/inventorygui@1.6.1-SNAPSHOT

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-62783

reference_id

reference_type

scores

value	0.00016
scoring_system	epss
scoring_elements	0.03609
published_at	2026-06-12T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03594
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-62783

reference_url

https://github.com/Phoenix616/InventoryGui

reference_id

reference_type

scores

value	5.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/Phoenix616/InventoryGui

reference_url

https://github.com/Phoenix616/InventoryGui/commit/27a52ef6d934a1c232e110e0010e4aa810c27029

reference_id

27a52ef6d934a1c232e110e0010e4aa810c27029

reference_type

scores

value	5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

value	5.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-28T14:31:23Z/

url

https://github.com/Phoenix616/InventoryGui/commit/27a52ef6d934a1c232e110e0010e4aa810c27029

reference_url

https://github.com/Phoenix616/InventoryGui/issues/48

reference_id

reference_type

scores

value	5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

value	5.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-28T14:31:23Z/

url

https://github.com/Phoenix616/InventoryGui/issues/48

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-62783

reference_id

CVE-2025-62783

reference_type

scores

value	5.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-62783

reference_url

https://github.com/advisories/GHSA-598q-jw82-5w66

reference_id

GHSA-598q-jw82-5w66

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-598q-jw82-5w66

reference_url

https://github.com/Phoenix616/InventoryGui/security/advisories/GHSA-598q-jw82-5w66

reference_id

GHSA-598q-jw82-5w66

reference_type

scores

value	5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

value	5.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-28T14:31:23Z/

url

https://github.com/Phoenix616/InventoryGui/security/advisories/GHSA-598q-jw82-5w66

Weaknesses

cwe_id	837
name	Improper Enforcement of a Single, Unique Action
description	The product requires that an actor should only be able to perform an action once, or to have only one unique action, but the product does not enforce or improperly enforces this restriction.

cwe_id	754
name	Improper Check for Unusual or Exceptional Conditions
description	The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

Exploits

Severity_range_score 4.0 - 6.9

Exploitability 0.5

Weighted_severity 6.2

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hkqm-uwa6-3qaz

Vulnerability Instance