Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-4kgm-mmjn-g3a7

Summary The E-book viewer in calibre before 2.75 allows remote attackers to read arbitrary files via a crafted epub file with JavaScript.

Aliases

alias	CVE-2016-10187

Fixed_packages

url pkg:deb/debian/calibre@2.75.1%2Bdfsg-1

purl pkg:deb/debian/calibre@2.75.1%2Bdfsg-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4gvv-bsf9-vqca

vulnerability	VCID-b3vv-xdp2-7ub8

vulnerability	VCID-bjj5-ynf7-v7aa

vulnerability	VCID-favj-1bjh-9uff

vulnerability	VCID-jwpx-aqjh-dqej

vulnerability	VCID-pa4n-csyj-wqet

vulnerability	VCID-vq4p-dvg4-eudz

vulnerability	VCID-x63d-4kux-cqcu

vulnerability	VCID-xhf1-k7jg-6ued

vulnerability	VCID-ycp8-ws8x-3qbn

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@2.75.1%252Bdfsg-1

url	pkg:deb/debian/calibre@2.75.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/calibre@2.75.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@2.75.1%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/calibre@5.12.0%2Bdfsg-1%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/calibre@5.12.0%2Bdfsg-1%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2w1b-b6qm-4qhf

vulnerability	VCID-b3vv-xdp2-7ub8

vulnerability	VCID-bjj5-ynf7-v7aa

vulnerability	VCID-dywq-dzuv-wka2

vulnerability	VCID-hgmk-8s7s-tfdb

vulnerability	VCID-jwpx-aqjh-dqej

vulnerability	VCID-mqmp-g7uy-gbg4

vulnerability	VCID-nj3z-4ya4-bqf7

vulnerability	VCID-vq4p-dvg4-eudz

vulnerability	VCID-x63d-4kux-cqcu

vulnerability	VCID-zhz3-1799-a7hk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@5.12.0%252Bdfsg-1%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/calibre@6.13.0%2Brepack-2%2Bdeb12u5?distro=trixie

purl pkg:deb/debian/calibre@6.13.0%2Brepack-2%2Bdeb12u5?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2w1b-b6qm-4qhf

vulnerability	VCID-bjj5-ynf7-v7aa

vulnerability	VCID-dywq-dzuv-wka2

vulnerability	VCID-hgmk-8s7s-tfdb

vulnerability	VCID-jwpx-aqjh-dqej

vulnerability	VCID-mqmp-g7uy-gbg4

vulnerability	VCID-nj3z-4ya4-bqf7

vulnerability	VCID-vq4p-dvg4-eudz

vulnerability	VCID-x63d-4kux-cqcu

vulnerability	VCID-zhz3-1799-a7hk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@6.13.0%252Brepack-2%252Bdeb12u5%3Fdistro=trixie

url pkg:deb/debian/calibre@8.5.0%2Bds-1%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/calibre@8.5.0%2Bds-1%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2w1b-b6qm-4qhf

vulnerability	VCID-bjj5-ynf7-v7aa

vulnerability	VCID-dywq-dzuv-wka2

vulnerability	VCID-hgmk-8s7s-tfdb

vulnerability	VCID-jwpx-aqjh-dqej

vulnerability	VCID-mqmp-g7uy-gbg4

vulnerability	VCID-nj3z-4ya4-bqf7

vulnerability	VCID-vq4p-dvg4-eudz

vulnerability	VCID-x63d-4kux-cqcu

vulnerability	VCID-zhz3-1799-a7hk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@8.5.0%252Bds-1%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/calibre@9.5.0%2Bds%2B~0.10.5-1?distro=trixie
purl	pkg:deb/debian/calibre@9.5.0%2Bds%2B~0.10.5-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@9.5.0%252Bds%252B~0.10.5-1%3Fdistro=trixie

url	pkg:deb/debian/calibre@9.6.0%2Bds%2B~0.10.5-5?distro=trixie
purl	pkg:deb/debian/calibre@9.6.0%2Bds%2B~0.10.5-5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@9.6.0%252Bds%252B~0.10.5-5%3Fdistro=trixie

url	pkg:deb/debian/calibre@9.6.0%2Bds%2B~0.10.5-6?distro=trixie
purl	pkg:deb/debian/calibre@9.6.0%2Bds%2B~0.10.5-6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@9.6.0%252Bds%252B~0.10.5-6%3Fdistro=trixie

url	pkg:deb/debian/calibre@9.7.0%2Bds%2B~0.10.5-2?distro=trixie
purl	pkg:deb/debian/calibre@9.7.0%2Bds%2B~0.10.5-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@9.7.0%252Bds%252B~0.10.5-2%3Fdistro=trixie

url	pkg:deb/debian/calibre@9.8.0%2Bds%2B~0.10.5-1?distro=trixie
purl	pkg:deb/debian/calibre@9.8.0%2Bds%2B~0.10.5-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@9.8.0%252Bds%252B~0.10.5-1%3Fdistro=trixie

url	pkg:deb/debian/calibre@9.8.0%2Bds%2B~0.10.5-5?distro=trixie
purl	pkg:deb/debian/calibre@9.8.0%2Bds%2B~0.10.5-5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@9.8.0%252Bds%252B~0.10.5-5%3Fdistro=trixie

url	pkg:deb/debian/calibre@9.8.0%2Bds%2B~0.10.6-1?distro=trixie
purl	pkg:deb/debian/calibre@9.8.0%2Bds%2B~0.10.6-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@9.8.0%252Bds%252B~0.10.6-1%3Fdistro=trixie

Affected_packages

url pkg:deb/debian/calibre@0.7.7%2Bdfsg-1squeeze1

purl pkg:deb/debian/calibre@0.7.7%2Bdfsg-1squeeze1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1uhd-3upf-nqbu

vulnerability	VCID-4gvv-bsf9-vqca

vulnerability	VCID-4kgm-mmjn-g3a7

vulnerability	VCID-b3vv-xdp2-7ub8

vulnerability	VCID-bjj5-ynf7-v7aa

vulnerability	VCID-favj-1bjh-9uff

vulnerability	VCID-jwpx-aqjh-dqej

vulnerability	VCID-pa4n-csyj-wqet

vulnerability	VCID-qsbr-up7k-kbcr

vulnerability	VCID-stnm-9pm7-gqbv

vulnerability	VCID-vq4p-dvg4-eudz

vulnerability	VCID-x63d-4kux-cqcu

vulnerability	VCID-xhf1-k7jg-6ued

vulnerability	VCID-ycp8-ws8x-3qbn

vulnerability	VCID-z6j2-32tf-g7ax

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@0.7.7%252Bdfsg-1squeeze1

url pkg:deb/debian/calibre@0.8.51%2Bdfsg1-0.1

purl pkg:deb/debian/calibre@0.8.51%2Bdfsg1-0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1uhd-3upf-nqbu

vulnerability	VCID-4gvv-bsf9-vqca

vulnerability	VCID-4kgm-mmjn-g3a7

vulnerability	VCID-b3vv-xdp2-7ub8

vulnerability	VCID-bjj5-ynf7-v7aa

vulnerability	VCID-favj-1bjh-9uff

vulnerability	VCID-jwpx-aqjh-dqej

vulnerability	VCID-pa4n-csyj-wqet

vulnerability	VCID-qsbr-up7k-kbcr

vulnerability	VCID-stnm-9pm7-gqbv

vulnerability	VCID-vq4p-dvg4-eudz

vulnerability	VCID-x63d-4kux-cqcu

vulnerability	VCID-xhf1-k7jg-6ued

vulnerability	VCID-ycp8-ws8x-3qbn

vulnerability	VCID-z6j2-32tf-g7ax

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@0.8.51%252Bdfsg1-0.1

url pkg:deb/debian/calibre@1.22.0%2Bdfsg1-1~bpo70%2B2

purl pkg:deb/debian/calibre@1.22.0%2Bdfsg1-1~bpo70%2B2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4gvv-bsf9-vqca

vulnerability	VCID-4kgm-mmjn-g3a7

vulnerability	VCID-b3vv-xdp2-7ub8

vulnerability	VCID-bjj5-ynf7-v7aa

vulnerability	VCID-favj-1bjh-9uff

vulnerability	VCID-jwpx-aqjh-dqej

vulnerability	VCID-pa4n-csyj-wqet

vulnerability	VCID-vq4p-dvg4-eudz

vulnerability	VCID-x63d-4kux-cqcu

vulnerability	VCID-xhf1-k7jg-6ued

vulnerability	VCID-ycp8-ws8x-3qbn

vulnerability	VCID-z6j2-32tf-g7ax

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@1.22.0%252Bdfsg1-1~bpo70%252B2

url pkg:deb/debian/calibre@2.5.0%2Bdfsg-1

purl pkg:deb/debian/calibre@2.5.0%2Bdfsg-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4gvv-bsf9-vqca

vulnerability	VCID-4kgm-mmjn-g3a7

vulnerability	VCID-b3vv-xdp2-7ub8

vulnerability	VCID-bjj5-ynf7-v7aa

vulnerability	VCID-favj-1bjh-9uff

vulnerability	VCID-jwpx-aqjh-dqej

vulnerability	VCID-pa4n-csyj-wqet

vulnerability	VCID-vq4p-dvg4-eudz

vulnerability	VCID-x63d-4kux-cqcu

vulnerability	VCID-xhf1-k7jg-6ued

vulnerability	VCID-ycp8-ws8x-3qbn

vulnerability	VCID-z6j2-32tf-g7ax

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@2.5.0%252Bdfsg-1

url pkg:deb/debian/calibre@2.75.1%2Bdfsg-1~bpo8%2B1

purl pkg:deb/debian/calibre@2.75.1%2Bdfsg-1~bpo8%2B1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4gvv-bsf9-vqca

vulnerability	VCID-4kgm-mmjn-g3a7

vulnerability	VCID-b3vv-xdp2-7ub8

vulnerability	VCID-bjj5-ynf7-v7aa

vulnerability	VCID-favj-1bjh-9uff

vulnerability	VCID-jwpx-aqjh-dqej

vulnerability	VCID-pa4n-csyj-wqet

vulnerability	VCID-vq4p-dvg4-eudz

vulnerability	VCID-x63d-4kux-cqcu

vulnerability	VCID-xhf1-k7jg-6ued

vulnerability	VCID-ycp8-ws8x-3qbn

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@2.75.1%252Bdfsg-1~bpo8%252B1

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-10187

reference_id

reference_type

scores

value	0.0039
scoring_system	epss
scoring_elements	0.60186
published_at	2026-05-14T12:55:00Z

value	0.0039
scoring_system	epss
scoring_elements	0.60097
published_at	2026-05-11T12:55:00Z

value	0.0039
scoring_system	epss
scoring_elements	0.60123
published_at	2026-05-12T12:55:00Z

value	0.0039
scoring_system	epss
scoring_elements	0.59944
published_at	2026-04-01T12:55:00Z

value	0.0039
scoring_system	epss
scoring_elements	0.60022
published_at	2026-04-02T12:55:00Z

value	0.0039
scoring_system	epss
scoring_elements	0.60046
published_at	2026-04-04T12:55:00Z

value	0.0039
scoring_system	epss
scoring_elements	0.60016
published_at	2026-04-07T12:55:00Z

value	0.0039
scoring_system	epss
scoring_elements	0.60066
published_at	2026-04-08T12:55:00Z

value	0.0039
scoring_system	epss
scoring_elements	0.6008
published_at	2026-05-07T12:55:00Z

value	0.0039
scoring_system	epss
scoring_elements	0.60101
published_at	2026-04-21T12:55:00Z

value	0.0039
scoring_system	epss
scoring_elements	0.60087
published_at	2026-04-26T12:55:00Z

value	0.0039
scoring_system	epss
scoring_elements	0.6007
published_at	2026-04-13T12:55:00Z

value	0.0039
scoring_system	epss
scoring_elements	0.60108
published_at	2026-04-16T12:55:00Z

value	0.0039
scoring_system	epss
scoring_elements	0.60114
published_at	2026-04-18T12:55:00Z

value	0.0039
scoring_system	epss
scoring_elements	0.60071
published_at	2026-04-24T12:55:00Z

value	0.0039
scoring_system	epss
scoring_elements	0.60075
published_at	2026-04-29T12:55:00Z

value	0.0039
scoring_system	epss
scoring_elements	0.60033
published_at	2026-05-05T12:55:00Z

value	0.0039
scoring_system	epss
scoring_elements	0.60138
published_at	2026-05-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-10187

reference_url	https://bugs.launchpad.net/calibre/+bug/1651728
reference_id
reference_type
scores
url	https://bugs.launchpad.net/calibre/+bug/1651728

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10187
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10187

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://github.com/kovidgoyal/calibre/commit/3a89718664cb8c
reference_id
reference_type
scores
url	https://github.com/kovidgoyal/calibre/commit/3a89718664cb8c

reference_url	http://www.openwall.com/lists/oss-security/2017/01/29/8
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2017/01/29/8

reference_url	http://www.openwall.com/lists/oss-security/2017/01/31/9
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2017/01/31/9

reference_url	http://www.securityfocus.com/bid/95909
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/95909

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853004
reference_id	853004
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853004

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:calibre-ebook:calibre::::::::
reference_id	cpe:2.3:a:calibre-ebook:calibre::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:calibre-ebook:calibre::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-10187

reference_id

CVE-2016-10187

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:N/A:N

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2016-10187

Weaknesses

cwe_id	264
name	Permissions, Privileges, and Access Controls
description	Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Exploits

Severity_range_score 4.3 - 5.5

Exploitability 0.5

Weighted_severity 5.0

Risk_score 2.5

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4kgm-mmjn-g3a7

Vulnerability Instance