Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-kekh-f74c-m7bt
Summary
Server-Side Request Forgery in calibreweb
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17.
Aliases
0
alias CVE-2022-0766
1
alias GHSA-2647-c639-qv2j
Fixed_packages
0
url pkg:pypi/calibreweb@0.6.17
purl pkg:pypi/calibreweb@0.6.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4xd2-y3tq-ckh8
1
vulnerability VCID-bkzx-fvcv-t3g8
2
vulnerability VCID-gb1g-yf4f-tygr
3
vulnerability VCID-gwc3-dztv-37dw
4
vulnerability VCID-jcpd-2fkh-mkc1
5
vulnerability VCID-m8wg-f36t-pygt
6
vulnerability VCID-s28v-vbvy-3bgb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/calibreweb@0.6.17
Affected_packages
0
url pkg:pypi/calibreweb@0.6.12
purl pkg:pypi/calibreweb@0.6.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4xd2-y3tq-ckh8
1
vulnerability VCID-6z85-9d5x-nyaq
2
vulnerability VCID-9jsz-tc58-2ud8
3
vulnerability VCID-am1q-9mhn-c7fr
4
vulnerability VCID-bkzx-fvcv-t3g8
5
vulnerability VCID-c5yg-2q1m-qkf6
6
vulnerability VCID-g6g1-rcqv-wkdj
7
vulnerability VCID-gb1g-yf4f-tygr
8
vulnerability VCID-gwc3-dztv-37dw
9
vulnerability VCID-hsbf-rfcu-qyaq
10
vulnerability VCID-jcpd-2fkh-mkc1
11
vulnerability VCID-kekh-f74c-m7bt
12
vulnerability VCID-kswt-bt4h-nbdf
13
vulnerability VCID-m8wg-f36t-pygt
14
vulnerability VCID-mayx-3wtu-nkbp
15
vulnerability VCID-s28v-vbvy-3bgb
16
vulnerability VCID-xmnj-teby-fygk
17
vulnerability VCID-y3wa-7wgk-3khp
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/calibreweb@0.6.12
1
url pkg:pypi/calibreweb@0.6.13
purl pkg:pypi/calibreweb@0.6.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4xd2-y3tq-ckh8
1
vulnerability VCID-6z85-9d5x-nyaq
2
vulnerability VCID-9jsz-tc58-2ud8
3
vulnerability VCID-am1q-9mhn-c7fr
4
vulnerability VCID-bkzx-fvcv-t3g8
5
vulnerability VCID-c5yg-2q1m-qkf6
6
vulnerability VCID-g6g1-rcqv-wkdj
7
vulnerability VCID-gb1g-yf4f-tygr
8
vulnerability VCID-gwc3-dztv-37dw
9
vulnerability VCID-hsbf-rfcu-qyaq
10
vulnerability VCID-jcpd-2fkh-mkc1
11
vulnerability VCID-kekh-f74c-m7bt
12
vulnerability VCID-kswt-bt4h-nbdf
13
vulnerability VCID-m8wg-f36t-pygt
14
vulnerability VCID-mayx-3wtu-nkbp
15
vulnerability VCID-s28v-vbvy-3bgb
16
vulnerability VCID-xmnj-teby-fygk
17
vulnerability VCID-y3wa-7wgk-3khp
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/calibreweb@0.6.13
2
url pkg:pypi/calibreweb@0.6.14
purl pkg:pypi/calibreweb@0.6.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4xd2-y3tq-ckh8
1
vulnerability VCID-6z85-9d5x-nyaq
2
vulnerability VCID-9jsz-tc58-2ud8
3
vulnerability VCID-am1q-9mhn-c7fr
4
vulnerability VCID-bkzx-fvcv-t3g8
5
vulnerability VCID-c5yg-2q1m-qkf6
6
vulnerability VCID-g6g1-rcqv-wkdj
7
vulnerability VCID-gb1g-yf4f-tygr
8
vulnerability VCID-gwc3-dztv-37dw
9
vulnerability VCID-hsbf-rfcu-qyaq
10
vulnerability VCID-jcpd-2fkh-mkc1
11
vulnerability VCID-kekh-f74c-m7bt
12
vulnerability VCID-kswt-bt4h-nbdf
13
vulnerability VCID-m8wg-f36t-pygt
14
vulnerability VCID-mayx-3wtu-nkbp
15
vulnerability VCID-s28v-vbvy-3bgb
16
vulnerability VCID-xmnj-teby-fygk
17
vulnerability VCID-y3wa-7wgk-3khp
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/calibreweb@0.6.14
3
url pkg:pypi/calibreweb@0.6.15
purl pkg:pypi/calibreweb@0.6.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4xd2-y3tq-ckh8
1
vulnerability VCID-6z85-9d5x-nyaq
2
vulnerability VCID-9jsz-tc58-2ud8
3
vulnerability VCID-am1q-9mhn-c7fr
4
vulnerability VCID-bkzx-fvcv-t3g8
5
vulnerability VCID-g6g1-rcqv-wkdj
6
vulnerability VCID-gb1g-yf4f-tygr
7
vulnerability VCID-gwc3-dztv-37dw
8
vulnerability VCID-jcpd-2fkh-mkc1
9
vulnerability VCID-kekh-f74c-m7bt
10
vulnerability VCID-m8wg-f36t-pygt
11
vulnerability VCID-s28v-vbvy-3bgb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/calibreweb@0.6.15
4
url pkg:pypi/calibreweb@0.6.16
purl pkg:pypi/calibreweb@0.6.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4xd2-y3tq-ckh8
1
vulnerability VCID-bkzx-fvcv-t3g8
2
vulnerability VCID-g6g1-rcqv-wkdj
3
vulnerability VCID-gb1g-yf4f-tygr
4
vulnerability VCID-gwc3-dztv-37dw
5
vulnerability VCID-jcpd-2fkh-mkc1
6
vulnerability VCID-kekh-f74c-m7bt
7
vulnerability VCID-m8wg-f36t-pygt
8
vulnerability VCID-s28v-vbvy-3bgb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/calibreweb@0.6.16
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0766
reference_id
reference_type
scores
0
value 0.00288
scoring_system epss
scoring_elements 0.52542
published_at 2026-06-04T12:55:00Z
1
value 0.00288
scoring_system epss
scoring_elements 0.52563
published_at 2026-06-08T12:55:00Z
2
value 0.00288
scoring_system epss
scoring_elements 0.52591
published_at 2026-06-07T12:55:00Z
3
value 0.00288
scoring_system epss
scoring_elements 0.5261
published_at 2026-06-06T12:55:00Z
4
value 0.00288
scoring_system epss
scoring_elements 0.52602
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0766
1
reference_url https://github.com/janeczku/calibre-web
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/janeczku/calibre-web
2
reference_url https://github.com/janeczku/calibre-web/commit/965352c8d96c9eae7a6867ff76b0db137d04b0b8
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/janeczku/calibre-web/commit/965352c8d96c9eae7a6867ff76b0db137d04b0b8
3
reference_url https://huntr.dev/bounties/7f2a5bb4-e6c7-4b6a-b8eb-face9e3add7b
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/7f2a5bb4-e6c7-4b6a-b8eb-face9e3add7b
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-0766
reference_id CVE-2022-0766
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-0766
5
reference_url https://github.com/advisories/GHSA-2647-c639-qv2j
reference_id GHSA-2647-c639-qv2j
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2647-c639-qv2j
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
2
cwe_id 918
name Server-Side Request Forgery (SSRF)
description The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Exploits
Severity_range_score9.0 - 10.0
Exploitability0.5
Weighted_severity9.0
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-kekh-f74c-m7bt