Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-mg72-e4j7-4yax

Summary

Aliases

alias	CVE-2025-9231

Fixed_packages

url	pkg:apk/alpine/openssl@3.3.5-r0?arch=aarch64&distroversion=v3.21&reponame=main
purl	pkg:apk/alpine/openssl@3.3.5-r0?arch=aarch64&distroversion=v3.21&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.3.5-r0%3Farch=aarch64&distroversion=v3.21&reponame=main

url	pkg:apk/alpine/openssl@3.3.5-r0?arch=armhf&distroversion=v3.21&reponame=main
purl	pkg:apk/alpine/openssl@3.3.5-r0?arch=armhf&distroversion=v3.21&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.3.5-r0%3Farch=armhf&distroversion=v3.21&reponame=main

url	pkg:apk/alpine/openssl@3.3.5-r0?arch=armv7&distroversion=v3.21&reponame=main
purl	pkg:apk/alpine/openssl@3.3.5-r0?arch=armv7&distroversion=v3.21&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.3.5-r0%3Farch=armv7&distroversion=v3.21&reponame=main

url	pkg:apk/alpine/openssl@3.3.5-r0?arch=loongarch64&distroversion=v3.21&reponame=main
purl	pkg:apk/alpine/openssl@3.3.5-r0?arch=loongarch64&distroversion=v3.21&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.3.5-r0%3Farch=loongarch64&distroversion=v3.21&reponame=main

url	pkg:apk/alpine/openssl@3.3.5-r0?arch=ppc64le&distroversion=v3.21&reponame=main
purl	pkg:apk/alpine/openssl@3.3.5-r0?arch=ppc64le&distroversion=v3.21&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.3.5-r0%3Farch=ppc64le&distroversion=v3.21&reponame=main

url	pkg:apk/alpine/openssl@3.3.5-r0?arch=riscv64&distroversion=v3.21&reponame=main
purl	pkg:apk/alpine/openssl@3.3.5-r0?arch=riscv64&distroversion=v3.21&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.3.5-r0%3Farch=riscv64&distroversion=v3.21&reponame=main

url	pkg:apk/alpine/openssl@3.3.5-r0?arch=s390x&distroversion=v3.21&reponame=main
purl	pkg:apk/alpine/openssl@3.3.5-r0?arch=s390x&distroversion=v3.21&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.3.5-r0%3Farch=s390x&distroversion=v3.21&reponame=main

url	pkg:apk/alpine/openssl@3.3.5-r0?arch=x86_64&distroversion=v3.21&reponame=main
purl	pkg:apk/alpine/openssl@3.3.5-r0?arch=x86_64&distroversion=v3.21&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.3.5-r0%3Farch=x86_64&distroversion=v3.21&reponame=main

url	pkg:apk/alpine/openssl@3.3.5-r0?arch=x86&distroversion=v3.21&reponame=main
purl	pkg:apk/alpine/openssl@3.3.5-r0?arch=x86&distroversion=v3.21&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.3.5-r0%3Farch=x86&distroversion=v3.21&reponame=main

url	pkg:apk/alpine/openssl@3.5.4-r0?arch=aarch64&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/openssl@3.5.4-r0?arch=aarch64&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.5.4-r0%3Farch=aarch64&distroversion=v3.22&reponame=main

url	pkg:apk/alpine/openssl@3.5.4-r0?arch=armhf&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/openssl@3.5.4-r0?arch=armhf&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.5.4-r0%3Farch=armhf&distroversion=v3.22&reponame=main

url	pkg:apk/alpine/openssl@3.5.4-r0?arch=armv7&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/openssl@3.5.4-r0?arch=armv7&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.5.4-r0%3Farch=armv7&distroversion=v3.22&reponame=main

url	pkg:apk/alpine/openssl@3.5.4-r0?arch=loongarch64&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/openssl@3.5.4-r0?arch=loongarch64&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.5.4-r0%3Farch=loongarch64&distroversion=v3.22&reponame=main

url	pkg:apk/alpine/openssl@3.5.4-r0?arch=ppc64le&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/openssl@3.5.4-r0?arch=ppc64le&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.5.4-r0%3Farch=ppc64le&distroversion=v3.22&reponame=main

url	pkg:apk/alpine/openssl@3.5.4-r0?arch=riscv64&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/openssl@3.5.4-r0?arch=riscv64&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.5.4-r0%3Farch=riscv64&distroversion=v3.22&reponame=main

url	pkg:apk/alpine/openssl@3.5.4-r0?arch=s390x&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/openssl@3.5.4-r0?arch=s390x&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.5.4-r0%3Farch=s390x&distroversion=v3.22&reponame=main

url	pkg:apk/alpine/openssl@3.5.4-r0?arch=x86_64&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/openssl@3.5.4-r0?arch=x86_64&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.5.4-r0%3Farch=x86_64&distroversion=v3.22&reponame=main

url	pkg:apk/alpine/openssl@3.5.4-r0?arch=x86&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/openssl@3.5.4-r0?arch=x86&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.5.4-r0%3Farch=x86&distroversion=v3.22&reponame=main

url	pkg:apk/alpine/openssl@3.5.4-r0?arch=aarch64&distroversion=v3.23&reponame=main
purl	pkg:apk/alpine/openssl@3.5.4-r0?arch=aarch64&distroversion=v3.23&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.5.4-r0%3Farch=aarch64&distroversion=v3.23&reponame=main

url	pkg:apk/alpine/openssl@3.5.4-r0?arch=armhf&distroversion=v3.23&reponame=main
purl	pkg:apk/alpine/openssl@3.5.4-r0?arch=armhf&distroversion=v3.23&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.5.4-r0%3Farch=armhf&distroversion=v3.23&reponame=main

url	pkg:apk/alpine/openssl@3.5.4-r0?arch=armv7&distroversion=v3.23&reponame=main
purl	pkg:apk/alpine/openssl@3.5.4-r0?arch=armv7&distroversion=v3.23&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.5.4-r0%3Farch=armv7&distroversion=v3.23&reponame=main

url	pkg:apk/alpine/openssl@3.5.4-r0?arch=loongarch64&distroversion=v3.23&reponame=main
purl	pkg:apk/alpine/openssl@3.5.4-r0?arch=loongarch64&distroversion=v3.23&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.5.4-r0%3Farch=loongarch64&distroversion=v3.23&reponame=main

url	pkg:apk/alpine/openssl@3.5.4-r0?arch=ppc64le&distroversion=v3.23&reponame=main
purl	pkg:apk/alpine/openssl@3.5.4-r0?arch=ppc64le&distroversion=v3.23&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.5.4-r0%3Farch=ppc64le&distroversion=v3.23&reponame=main

url	pkg:apk/alpine/openssl@3.5.4-r0?arch=riscv64&distroversion=v3.23&reponame=main
purl	pkg:apk/alpine/openssl@3.5.4-r0?arch=riscv64&distroversion=v3.23&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.5.4-r0%3Farch=riscv64&distroversion=v3.23&reponame=main

url	pkg:apk/alpine/openssl@3.5.4-r0?arch=s390x&distroversion=v3.23&reponame=main
purl	pkg:apk/alpine/openssl@3.5.4-r0?arch=s390x&distroversion=v3.23&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.5.4-r0%3Farch=s390x&distroversion=v3.23&reponame=main

url	pkg:apk/alpine/openssl@3.5.4-r0?arch=x86_64&distroversion=v3.23&reponame=main
purl	pkg:apk/alpine/openssl@3.5.4-r0?arch=x86_64&distroversion=v3.23&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.5.4-r0%3Farch=x86_64&distroversion=v3.23&reponame=main

url	pkg:apk/alpine/openssl@3.5.4-r0?arch=x86&distroversion=v3.23&reponame=main
purl	pkg:apk/alpine/openssl@3.5.4-r0?arch=x86&distroversion=v3.23&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.5.4-r0%3Farch=x86&distroversion=v3.23&reponame=main

url	pkg:deb/debian/openssl@0?distro=trixie
purl	pkg:deb/debian/openssl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@0%3Fdistro=trixie

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7y4x-nrsa-mbb3

vulnerability	VCID-a6ex-h8k7-8fbx

vulnerability	VCID-cccj-zqe2-1bbw

vulnerability	VCID-mnvc-6qng-ufbb

vulnerability	VCID-q64m-j51z-6fhu

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.0.20-1~deb12u1?distro=trixie

purl pkg:deb/debian/openssl@3.0.20-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cccj-zqe2-1bbw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.20-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.5.1-1%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/openssl@3.5.1-1%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.1-1%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.5.4-1?distro=trixie
purl	pkg:deb/debian/openssl@3.5.4-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.4-1%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.5.6-1~deb13u1?distro=trixie
purl	pkg:deb/debian/openssl@3.5.6-1~deb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.6-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
purl	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.2-1%3Fdistro=trixie

Affected_packages

url pkg:rpm/redhat/openssl-main@3.5.6-0.1?arch=hum1

purl pkg:rpm/redhat/openssl-main@3.5.6-0.1?arch=hum1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2e7a-p1jj-93eu

vulnerability	VCID-3fzu-b8xk-gfa7

vulnerability	VCID-5cpy-4cch-uqhe

vulnerability	VCID-6c9t-f9wj-cbbs

vulnerability	VCID-7xw3-uquz-v7ek

vulnerability	VCID-7y4x-nrsa-mbb3

vulnerability	VCID-9u2f-m6r6-yqev

vulnerability	VCID-a6ex-h8k7-8fbx

vulnerability	VCID-bvz5-dj4f-gbbz

vulnerability	VCID-ecac-wyth-3fgd

vulnerability	VCID-f94y-yeah-y7cu

vulnerability	VCID-fpxe-6bps-eke6

vulnerability	VCID-hh45-myn6-83ex

vulnerability	VCID-m28e-hawn-wqhh

vulnerability	VCID-mg72-e4j7-4yax

vulnerability	VCID-mnvc-6qng-ufbb

vulnerability	VCID-pxab-d41r-m3c2

vulnerability	VCID-pxaj-7epr-pqbs

vulnerability	VCID-q64m-j51z-6fhu

vulnerability	VCID-q6ke-1n27-53f1

vulnerability	VCID-rkwm-zkyy-bbfu

vulnerability	VCID-xs57-nrgs-fka9

vulnerability	VCID-y7cx-fpjq-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openssl-main@3.5.6-0.1%3Farch=hum1

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9231.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9231.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-9231

reference_id

reference_type

scores

value	0.00034
scoring_system	epss
scoring_elements	0.10525
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-9231

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://openssl-library.org/news/secadv/20250930.txt

reference_id

20250930.txt

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-30T19:27:45Z/

url

https://openssl-library.org/news/secadv/20250930.txt

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2396055
reference_id	2396055
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2396055

reference_url

https://github.com/openssl/openssl/commit/567f64386e43683888212226824b6a179885a0fe

reference_id

567f64386e43683888212226824b6a179885a0fe

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-30T19:27:45Z/

url

https://github.com/openssl/openssl/commit/567f64386e43683888212226824b6a179885a0fe

reference_url

https://github.com/openssl/openssl/commit/cba616c26ac8e7b37de5e77762e505ba5ca51698

reference_id

cba616c26ac8e7b37de5e77762e505ba5ca51698

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-30T19:27:45Z/

url

https://github.com/openssl/openssl/commit/cba616c26ac8e7b37de5e77762e505ba5ca51698

reference_url

https://github.com/openssl/openssl/commit/eed5adc9f969d77c94f213767acbb41ff923b6f4

reference_id

eed5adc9f969d77c94f213767acbb41ff923b6f4

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-30T19:27:45Z/

url

https://github.com/openssl/openssl/commit/eed5adc9f969d77c94f213767acbb41ff923b6f4

reference_url

https://github.com/openssl/openssl/commit/fc47a2ec078912b3e914fab5734535e76c4820c2

reference_id

fc47a2ec078912b3e914fab5734535e76c4820c2

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-30T19:27:45Z/

url

https://github.com/openssl/openssl/commit/fc47a2ec078912b3e914fab5734535e76c4820c2

reference_url	https://access.redhat.com/errata/RHSA-2026:7261
reference_id	RHSA-2026:7261
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7261

reference_url	https://usn.ubuntu.com/7786-1/
reference_id	USN-7786-1
reference_type
scores
url	https://usn.ubuntu.com/7786-1/

Weaknesses

cwe_id	208
name	Observable Timing Discrepancy
description	Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not.

cwe_id	385
name	Covert Timing Channel
description	Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system behavior and infer protected information.

Exploits

Severity_range_score 5.3 - 6.5

Exploitability 0.5

Weighted_severity 5.3

Risk_score 2.6

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mg72-e4j7-4yax

Vulnerability Instance