Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1038012?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1038012?format=api", "purl": "pkg:deb/debian/nodejs@4.8.2~dfsg-1~bpo8%2B1", "type": "deb", "namespace": "debian", "name": "nodejs", "version": "4.8.2~dfsg-1~bpo8+1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "20.19.2+dfsg-1", "latest_non_vulnerable_version": "20.19.2+dfsg-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81223?format=api", "vulnerability_id": "VCID-17k5-vadp-4kby", "summary": "nghttp2: overly large SETTINGS frames can lead to DoS", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11080.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11080.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-11080", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00741", "scoring_system": "epss", "scoring_elements": "0.7299", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00741", "scoring_system": "epss", "scoring_elements": "0.72893", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00741", "scoring_system": "epss", "scoring_elements": "0.72901", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00741", "scoring_system": "epss", "scoring_elements": "0.72922", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00741", "scoring_system": "epss", "scoring_elements": "0.72897", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00741", "scoring_system": "epss", "scoring_elements": "0.72934", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00741", "scoring_system": "epss", "scoring_elements": "0.72948", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00741", "scoring_system": "epss", "scoring_elements": "0.72973", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00741", "scoring_system": "epss", "scoring_elements": "0.72955", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00741", "scoring_system": "epss", "scoring_elements": "0.72949", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-11080" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11080", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11080" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8174", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8174" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1844929", "reference_id": "1844929", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1844929" }, { "reference_url": "https://github.com/nghttp2/nghttp2/commit/336a98feb0d56b9ac54e12736b18785c27f75090", "reference_id": "336a98feb0d56b9ac54e12736b18785c27f75090", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:44:48Z/" } ], "url": "https://github.com/nghttp2/nghttp2/commit/336a98feb0d56b9ac54e12736b18785c27f75090" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962145", "reference_id": "962145", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962145" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AAC2AA36OTRHKSVM5OV7TTVB3CZIGEFL/", "reference_id": "AAC2AA36OTRHKSVM5OV7TTVB3CZIGEFL", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:44:48Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AAC2AA36OTRHKSVM5OV7TTVB3CZIGEFL/" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4696", "reference_id": "dsa-4696", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:44:48Z/" } ], "url": "https://www.debian.org/security/2020/dsa-4696" }, { "reference_url": "https://github.com/nghttp2/nghttp2/commit/f8da73bd042f810f34d19f9eae02b46d870af394", "reference_id": "f8da73bd042f810f34d19f9eae02b46d870af394", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:44:48Z/" } ], "url": "https://github.com/nghttp2/nghttp2/commit/f8da73bd042f810f34d19f9eae02b46d870af394" }, { "reference_url": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-q5wr-xfw9-q7xr", "reference_id": "GHSA-q5wr-xfw9-q7xr", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:44:48Z/" } ], "url": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-q5wr-xfw9-q7xr" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2523", "reference_id": "RHSA-2020:2523", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2523" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2524", "reference_id": "RHSA-2020:2524", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2524" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2644", "reference_id": "RHSA-2020:2644", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2644" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2646", "reference_id": "RHSA-2020:2646", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2646" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2755", "reference_id": "RHSA-2020:2755", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2755" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2784", "reference_id": "RHSA-2020:2784", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2784" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2823", "reference_id": "RHSA-2020:2823", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2823" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2847", "reference_id": "RHSA-2020:2847", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2847" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2848", "reference_id": "RHSA-2020:2848", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2848" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2849", "reference_id": "RHSA-2020:2849", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2849" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2850", "reference_id": "RHSA-2020:2850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2850" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2852", "reference_id": "RHSA-2020:2852", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2852" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2895", "reference_id": "RHSA-2020:2895", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2895" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3042", "reference_id": "RHSA-2020:3042", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3042" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3084", "reference_id": "RHSA-2020:3084", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3084" }, { "reference_url": "https://usn.ubuntu.com/6142-1/", "reference_id": "USN-6142-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6142-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1038014?format=api", "purl": "pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2z1f-7jkw-17av" }, { "vulnerability": "VCID-53xm-8w84-93cx" }, { "vulnerability": "VCID-5cf7-va9h-h3gy" }, { "vulnerability": "VCID-7tpb-9zrz-e7e1" }, { "vulnerability": "VCID-8c4g-fjsa-nkhw" }, { "vulnerability": "VCID-9g7s-y7nq-xfbb" }, { "vulnerability": "VCID-9yq7-aba3-c7c3" }, { "vulnerability": "VCID-b54b-pd2b-bygm" }, { "vulnerability": "VCID-bx67-aud6-b3fa" }, { "vulnerability": "VCID-c8xz-v6h3-6ueb" }, { "vulnerability": "VCID-dfdy-vhdd-5kh4" }, { "vulnerability": "VCID-e18p-c3m9-2qgy" }, { "vulnerability": "VCID-e6gj-fe31-kkh5" }, { "vulnerability": "VCID-e7u5-356v-jbg7" }, { "vulnerability": "VCID-gwyr-ac4e-dqfa" }, { "vulnerability": "VCID-hnjv-fp2r-vqfq" }, { "vulnerability": "VCID-m5ae-uc68-d3g2" }, { "vulnerability": "VCID-m7rw-arzq-jba1" }, { "vulnerability": "VCID-ms5y-gp7v-2qay" }, { "vulnerability": "VCID-n91z-kugd-ebb5" }, { "vulnerability": "VCID-nenk-4cgd-fugv" }, { "vulnerability": "VCID-pqnn-ers1-3fec" }, { "vulnerability": "VCID-q8th-849w-bfhp" }, { "vulnerability": "VCID-tnhd-rr89-9udh" }, { "vulnerability": "VCID-vkvx-gxbu-3uau" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-wzcw-dd7m-zkaz" }, { "vulnerability": "VCID-xnzh-wpd4-63f9" }, { "vulnerability": "VCID-zj4d-e8r7-ufg3" }, { "vulnerability": "VCID-zstw-3wmu-u3c8" }, { "vulnerability": "VCID-ztt4-vnk7-7ycq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1" } ], "aliases": [ "CVE-2020-11080" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-17k5-vadp-4kby" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57383?format=api", "vulnerability_id": "VCID-1bhj-vafz-4ya8", "summary": "Multiple vulnerabilities have been found in Node.js, worst of which\n could allow remote attackers to write arbitrary files.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12122.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12122.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12122", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02716", "scoring_system": "epss", "scoring_elements": "0.85943", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02716", "scoring_system": "epss", "scoring_elements": "0.85929", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02716", "scoring_system": "epss", "scoring_elements": "0.85924", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03643", "scoring_system": "epss", "scoring_elements": "0.87866", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0549", "scoring_system": "epss", "scoring_elements": "0.90195", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0549", "scoring_system": "epss", "scoring_elements": "0.90211", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0549", "scoring_system": "epss", "scoring_elements": "0.90217", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0549", "scoring_system": "epss", "scoring_elements": "0.90175", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0549", "scoring_system": "epss", "scoring_elements": "0.90178", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0549", "scoring_system": "epss", "scoring_elements": "0.9019", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12122" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12122", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12122" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1661005", "reference_id": "1661005", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1661005" }, { "reference_url": "https://usn.ubuntu.com/USN-4796-1/", "reference_id": "USN-USN-4796-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4796-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1038014?format=api", "purl": "pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2z1f-7jkw-17av" }, { "vulnerability": "VCID-53xm-8w84-93cx" }, { "vulnerability": "VCID-5cf7-va9h-h3gy" }, { "vulnerability": "VCID-7tpb-9zrz-e7e1" }, { "vulnerability": "VCID-8c4g-fjsa-nkhw" }, { "vulnerability": "VCID-9g7s-y7nq-xfbb" }, { "vulnerability": "VCID-9yq7-aba3-c7c3" }, { "vulnerability": "VCID-b54b-pd2b-bygm" }, { "vulnerability": "VCID-bx67-aud6-b3fa" }, { "vulnerability": "VCID-c8xz-v6h3-6ueb" }, { "vulnerability": "VCID-dfdy-vhdd-5kh4" }, { "vulnerability": "VCID-e18p-c3m9-2qgy" }, { "vulnerability": "VCID-e6gj-fe31-kkh5" }, { "vulnerability": "VCID-e7u5-356v-jbg7" }, { "vulnerability": "VCID-gwyr-ac4e-dqfa" }, { "vulnerability": "VCID-hnjv-fp2r-vqfq" }, { "vulnerability": "VCID-m5ae-uc68-d3g2" }, { "vulnerability": "VCID-m7rw-arzq-jba1" }, { "vulnerability": "VCID-ms5y-gp7v-2qay" }, { "vulnerability": "VCID-n91z-kugd-ebb5" }, { "vulnerability": "VCID-nenk-4cgd-fugv" }, { "vulnerability": "VCID-pqnn-ers1-3fec" }, { "vulnerability": "VCID-q8th-849w-bfhp" }, { "vulnerability": "VCID-tnhd-rr89-9udh" }, { "vulnerability": "VCID-vkvx-gxbu-3uau" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-wzcw-dd7m-zkaz" }, { "vulnerability": "VCID-xnzh-wpd4-63f9" }, { "vulnerability": "VCID-zj4d-e8r7-ufg3" }, { "vulnerability": "VCID-zstw-3wmu-u3c8" }, { "vulnerability": "VCID-ztt4-vnk7-7ycq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1" } ], "aliases": [ "CVE-2018-12122" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1bhj-vafz-4ya8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37577?format=api", "vulnerability_id": "VCID-2z1f-7jkw-17av", "summary": "Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27982.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27982.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-27982", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60154", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60113", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60127", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60149", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60134", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60116", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60068", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60093", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60063", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-27982" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27982", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27982" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068347", "reference_id": "1068347", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068347" }, { "reference_url": "https://hackerone.com/reports/2237099", "reference_id": "2237099", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-07T18:19:19Z/" } ], "url": "https://hackerone.com/reports/2237099" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275392", "reference_id": "2275392", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275392" }, { "reference_url": "https://security.archlinux.org/AVG-2852", "reference_id": "AVG-2852", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2852" }, { "reference_url": "https://security.archlinux.org/AVG-2853", "reference_id": "AVG-2853", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2853" }, { "reference_url": "https://security.gentoo.org/glsa/202505-11", "reference_id": "GLSA-202505-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-11" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2778", "reference_id": "RHSA-2024:2778", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2778" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2779", "reference_id": "RHSA-2024:2779", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2779" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2780", "reference_id": "RHSA-2024:2780", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2780" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2853", "reference_id": "RHSA-2024:2853", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2853" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2910", "reference_id": "RHSA-2024:2910", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2910" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3545", "reference_id": "RHSA-2024:3545", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3545" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4559", "reference_id": "RHSA-2024:4559", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4559" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994761?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1" } ], "aliases": [ "CVE-2024-27982" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2z1f-7jkw-17av" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57385?format=api", "vulnerability_id": "VCID-3vdn-6af1-k3g6", "summary": "Multiple vulnerabilities have been found in Node.js, worst of which\n could allow remote attackers to write arbitrary files.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7161.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7161.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7161", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01092", "scoring_system": "epss", "scoring_elements": "0.779", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01092", "scoring_system": "epss", "scoring_elements": "0.77992", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01092", "scoring_system": "epss", "scoring_elements": "0.77975", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01092", "scoring_system": "epss", "scoring_elements": "0.77959", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01092", "scoring_system": "epss", "scoring_elements": "0.77957", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01092", "scoring_system": "epss", "scoring_elements": "0.77907", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01092", "scoring_system": "epss", "scoring_elements": "0.77934", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01092", "scoring_system": "epss", "scoring_elements": "0.77917", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01092", "scoring_system": "epss", "scoring_elements": "0.77944", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01092", "scoring_system": "epss", "scoring_elements": "0.77948", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7161" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7161", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7161" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/" }, { "reference_url": "https://security.gentoo.org/glsa/202003-48", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-48" }, { "reference_url": "http://www.securityfocus.com/bid/106363", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/106363" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591013", "reference_id": "1591013", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591013" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7161", "reference_id": "CVE-2018-7161", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:C" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7161" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2949", "reference_id": "RHSA-2018:2949", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2949" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1038014?format=api", "purl": "pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2z1f-7jkw-17av" }, { "vulnerability": "VCID-53xm-8w84-93cx" }, { "vulnerability": "VCID-5cf7-va9h-h3gy" }, { "vulnerability": "VCID-7tpb-9zrz-e7e1" }, { "vulnerability": "VCID-8c4g-fjsa-nkhw" }, { "vulnerability": "VCID-9g7s-y7nq-xfbb" }, { "vulnerability": "VCID-9yq7-aba3-c7c3" }, { "vulnerability": "VCID-b54b-pd2b-bygm" }, { "vulnerability": "VCID-bx67-aud6-b3fa" }, { "vulnerability": "VCID-c8xz-v6h3-6ueb" }, { "vulnerability": "VCID-dfdy-vhdd-5kh4" }, { "vulnerability": "VCID-e18p-c3m9-2qgy" }, { "vulnerability": "VCID-e6gj-fe31-kkh5" }, { "vulnerability": "VCID-e7u5-356v-jbg7" }, { "vulnerability": "VCID-gwyr-ac4e-dqfa" }, { "vulnerability": "VCID-hnjv-fp2r-vqfq" }, { "vulnerability": "VCID-m5ae-uc68-d3g2" }, { "vulnerability": "VCID-m7rw-arzq-jba1" }, { "vulnerability": "VCID-ms5y-gp7v-2qay" }, { "vulnerability": "VCID-n91z-kugd-ebb5" }, { "vulnerability": "VCID-nenk-4cgd-fugv" }, { "vulnerability": "VCID-pqnn-ers1-3fec" }, { "vulnerability": "VCID-q8th-849w-bfhp" }, { "vulnerability": "VCID-tnhd-rr89-9udh" }, { "vulnerability": "VCID-vkvx-gxbu-3uau" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-wzcw-dd7m-zkaz" }, { "vulnerability": "VCID-xnzh-wpd4-63f9" }, { "vulnerability": "VCID-zj4d-e8r7-ufg3" }, { "vulnerability": "VCID-zstw-3wmu-u3c8" }, { "vulnerability": "VCID-ztt4-vnk7-7ycq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1" } ], "aliases": [ "CVE-2018-7161" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3vdn-6af1-k3g6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57389?format=api", "vulnerability_id": "VCID-4dhf-bpv6-a3e1", "summary": "Multiple vulnerabilities have been found in Node.js, worst of which\n could allow remote attackers to write arbitrary files.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15604.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15604.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15604", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03533", "scoring_system": "epss", "scoring_elements": "0.87611", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03533", "scoring_system": "epss", "scoring_elements": "0.87621", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03533", "scoring_system": "epss", "scoring_elements": "0.87634", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03533", "scoring_system": "epss", "scoring_elements": "0.87636", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03533", "scoring_system": "epss", "scoring_elements": "0.87656", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03533", "scoring_system": "epss", "scoring_elements": "0.87662", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03533", "scoring_system": "epss", "scoring_elements": "0.87673", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03533", "scoring_system": "epss", "scoring_elements": "0.87669", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03533", "scoring_system": "epss", "scoring_elements": "0.87666", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03533", "scoring_system": "epss", "scoring_elements": "0.87681", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15604" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800367", "reference_id": "1800367", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0598", "reference_id": "RHSA-2020:0598", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0598" }, { "reference_url": "https://usn.ubuntu.com/6380-1/", "reference_id": "USN-6380-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6380-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1038014?format=api", "purl": "pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2z1f-7jkw-17av" }, { "vulnerability": "VCID-53xm-8w84-93cx" }, { "vulnerability": "VCID-5cf7-va9h-h3gy" }, { "vulnerability": "VCID-7tpb-9zrz-e7e1" }, { "vulnerability": "VCID-8c4g-fjsa-nkhw" }, { "vulnerability": "VCID-9g7s-y7nq-xfbb" }, { "vulnerability": "VCID-9yq7-aba3-c7c3" }, { "vulnerability": "VCID-b54b-pd2b-bygm" }, { "vulnerability": "VCID-bx67-aud6-b3fa" }, { "vulnerability": "VCID-c8xz-v6h3-6ueb" }, { "vulnerability": "VCID-dfdy-vhdd-5kh4" }, { "vulnerability": "VCID-e18p-c3m9-2qgy" }, { "vulnerability": "VCID-e6gj-fe31-kkh5" }, { "vulnerability": "VCID-e7u5-356v-jbg7" }, { "vulnerability": "VCID-gwyr-ac4e-dqfa" }, { "vulnerability": "VCID-hnjv-fp2r-vqfq" }, { "vulnerability": "VCID-m5ae-uc68-d3g2" }, { "vulnerability": "VCID-m7rw-arzq-jba1" }, { "vulnerability": "VCID-ms5y-gp7v-2qay" }, { "vulnerability": "VCID-n91z-kugd-ebb5" }, { "vulnerability": "VCID-nenk-4cgd-fugv" }, { "vulnerability": "VCID-pqnn-ers1-3fec" }, { "vulnerability": "VCID-q8th-849w-bfhp" }, { "vulnerability": "VCID-tnhd-rr89-9udh" }, { "vulnerability": "VCID-vkvx-gxbu-3uau" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-wzcw-dd7m-zkaz" }, { "vulnerability": "VCID-xnzh-wpd4-63f9" }, { "vulnerability": "VCID-zj4d-e8r7-ufg3" }, { "vulnerability": "VCID-zstw-3wmu-u3c8" }, { "vulnerability": "VCID-ztt4-vnk7-7ycq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1" } ], "aliases": [ "CVE-2019-15604" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4dhf-bpv6-a3e1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57387?format=api", "vulnerability_id": "VCID-4khc-2nz3-ckhr", "summary": "Multiple vulnerabilities have been found in Node.js, worst of which\n could allow remote attackers to write arbitrary files.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7164.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7164.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7164", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01074", "scoring_system": "epss", "scoring_elements": "0.77708", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01074", "scoring_system": "epss", "scoring_elements": "0.77805", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01074", "scoring_system": "epss", "scoring_elements": "0.77769", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01074", "scoring_system": "epss", "scoring_elements": "0.77768", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01074", "scoring_system": "epss", "scoring_elements": "0.77715", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01074", "scoring_system": "epss", "scoring_elements": "0.77742", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01074", "scoring_system": "epss", "scoring_elements": "0.77725", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01074", "scoring_system": "epss", "scoring_elements": "0.77753", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01074", "scoring_system": "epss", "scoring_elements": "0.77758", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01074", "scoring_system": "epss", "scoring_elements": "0.77785", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7164" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/" }, { "reference_url": "https://security.gentoo.org/glsa/202003-48", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-48" }, { "reference_url": "http://www.securityfocus.com/bid/104463", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/104463" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591023", "reference_id": "1591023", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591023" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7164", "reference_id": "CVE-2018-7164", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7164" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1038014?format=api", "purl": "pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2z1f-7jkw-17av" }, { "vulnerability": "VCID-53xm-8w84-93cx" }, { "vulnerability": "VCID-5cf7-va9h-h3gy" }, { "vulnerability": "VCID-7tpb-9zrz-e7e1" }, { "vulnerability": "VCID-8c4g-fjsa-nkhw" }, { "vulnerability": "VCID-9g7s-y7nq-xfbb" }, { "vulnerability": "VCID-9yq7-aba3-c7c3" }, { "vulnerability": "VCID-b54b-pd2b-bygm" }, { "vulnerability": "VCID-bx67-aud6-b3fa" }, { "vulnerability": "VCID-c8xz-v6h3-6ueb" }, { "vulnerability": "VCID-dfdy-vhdd-5kh4" }, { "vulnerability": "VCID-e18p-c3m9-2qgy" }, { "vulnerability": "VCID-e6gj-fe31-kkh5" }, { "vulnerability": "VCID-e7u5-356v-jbg7" }, { "vulnerability": "VCID-gwyr-ac4e-dqfa" }, { "vulnerability": "VCID-hnjv-fp2r-vqfq" }, { "vulnerability": "VCID-m5ae-uc68-d3g2" }, { "vulnerability": "VCID-m7rw-arzq-jba1" }, { "vulnerability": "VCID-ms5y-gp7v-2qay" }, { "vulnerability": "VCID-n91z-kugd-ebb5" }, { "vulnerability": "VCID-nenk-4cgd-fugv" }, { "vulnerability": "VCID-pqnn-ers1-3fec" }, { "vulnerability": "VCID-q8th-849w-bfhp" }, { "vulnerability": "VCID-tnhd-rr89-9udh" }, { "vulnerability": "VCID-vkvx-gxbu-3uau" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-wzcw-dd7m-zkaz" }, { "vulnerability": "VCID-xnzh-wpd4-63f9" }, { "vulnerability": "VCID-zj4d-e8r7-ufg3" }, { "vulnerability": "VCID-zstw-3wmu-u3c8" }, { "vulnerability": "VCID-ztt4-vnk7-7ycq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1" } ], "aliases": [ "CVE-2018-7164" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4khc-2nz3-ckhr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34821?format=api", "vulnerability_id": "VCID-53xm-8w84-93cx", "summary": "Multiple vulnerabilities have been found in c-ares, the worst of which could result in the loss of confidentiality or integrity.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22930.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22930.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22930", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.55216", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.55378", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.55361", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.55342", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.55315", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.55339", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.55321", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.55371", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.55382", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22930" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22930", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22930" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1988394", "reference_id": "1988394", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1988394" }, { "reference_url": "https://security.archlinux.org/ASA-202108-1", "reference_id": "ASA-202108-1", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202108-1" }, { "reference_url": "https://security.archlinux.org/AVG-2239", "reference_id": "AVG-2239", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2239" }, { "reference_url": "https://security.gentoo.org/glsa/202401-02", "reference_id": "GLSA-202401-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202401-02" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3280", "reference_id": "RHSA-2021:3280", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3280" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3281", "reference_id": "RHSA-2021:3281", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3281" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3623", "reference_id": "RHSA-2021:3623", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3623" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3638", "reference_id": "RHSA-2021:3638", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3638" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3639", "reference_id": "RHSA-2021:3639", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3639" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3666", "reference_id": "RHSA-2021:3666", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3666" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994760?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-2z1f-7jkw-17av" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-9yq7-aba3-c7c3" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-bx67-aud6-b3fa" }, { "vulnerability": "VCID-c8xz-v6h3-6ueb" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-e6gj-fe31-kkh5" }, { "vulnerability": "VCID-e7u5-356v-jbg7" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-nenk-4cgd-fugv" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-vkvx-gxbu-3uau" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-zstw-3wmu-u3c8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4" } ], "aliases": [ "CVE-2021-22930" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-53xm-8w84-93cx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13058?format=api", "vulnerability_id": "VCID-5cf7-va9h-h3gy", "summary": "Improper Certificate Validation\nAccepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 was accepting URI SAN types, which PKIs are often not defined to use. Additionally, when a protocol allows URI SANs, Node.js does not match the URI correctly.Versions of Node.js with the fix for this disable the URI SAN type when checking a certificate against a hostname. This behavior can be reverted through the --security-revert command-line option.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44531.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44531.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-44531", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22783", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22952", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22996", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22789", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22863", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22916", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22936", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22899", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22843", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22856", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-44531" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/1429694", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1429694" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220325-0007/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20220325-0007/" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5170", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2022/dsa-5170" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004177", "reference_id": "1004177", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004177" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040839", "reference_id": "2040839", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040839" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44531", "reference_id": "CVE-2021-44531", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44531" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:4914", "reference_id": "RHSA-2022:4914", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:4914" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7044", "reference_id": "RHSA-2022:7044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7830", "reference_id": "RHSA-2022:7830", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7830" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:9073", "reference_id": "RHSA-2022:9073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:9073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1742", "reference_id": "RHSA-2023:1742", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1742" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3742", "reference_id": "RHSA-2023:3742", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994760?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-2z1f-7jkw-17av" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-9yq7-aba3-c7c3" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-bx67-aud6-b3fa" }, { "vulnerability": "VCID-c8xz-v6h3-6ueb" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-e6gj-fe31-kkh5" }, { "vulnerability": "VCID-e7u5-356v-jbg7" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-nenk-4cgd-fugv" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-vkvx-gxbu-3uau" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-zstw-3wmu-u3c8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4" } ], "aliases": [ "CVE-2021-44531" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5cf7-va9h-h3gy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62475?format=api", "vulnerability_id": "VCID-7tpb-9zrz-e7e1", "summary": "Multiple vulnerabilities have been discovered in Node.js.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32212.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32212.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-32212", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19983", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20041", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19768", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19848", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19901", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19911", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19867", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19809", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19782", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-32212" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105422", "reference_id": "2105422", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105422" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6389", "reference_id": "RHSA-2022:6389", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6389" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6448", "reference_id": "RHSA-2022:6448", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6448" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6449", "reference_id": "RHSA-2022:6449", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6449" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6595", "reference_id": "RHSA-2022:6595", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6595" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6985", "reference_id": "RHSA-2022:6985", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6985" }, { "reference_url": "https://usn.ubuntu.com/6491-1/", "reference_id": "USN-6491-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6491-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994760?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-2z1f-7jkw-17av" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-9yq7-aba3-c7c3" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-bx67-aud6-b3fa" }, { "vulnerability": "VCID-c8xz-v6h3-6ueb" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-e6gj-fe31-kkh5" }, { "vulnerability": "VCID-e7u5-356v-jbg7" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-nenk-4cgd-fugv" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-vkvx-gxbu-3uau" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-zstw-3wmu-u3c8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4" } ], "aliases": [ "CVE-2022-32212" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7tpb-9zrz-e7e1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53859?format=api", "vulnerability_id": "VCID-8c4g-fjsa-nkhw", "summary": "llhttp allows HTTP Request Smuggling via Improper Delimiting of Header Fields\nThe llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. The LF character (without CR) is sufficient to delimit HTTP header fields in the lihttp parser. According to RFC7230 section 3, only the CRLF sequence should delimit each header-field. This can lead to HTTP Request Smuggling (HRS).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32214.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32214.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-32214", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.39294", "scoring_system": "epss", "scoring_elements": "0.97296", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.45841", "scoring_system": "epss", "scoring_elements": "0.97612", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.45841", "scoring_system": "epss", "scoring_elements": "0.97625", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.45841", "scoring_system": "epss", "scoring_elements": "0.97624", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.45841", "scoring_system": "epss", "scoring_elements": "0.97622", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.45841", "scoring_system": "epss", "scoring_elements": "0.97619", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.45841", "scoring_system": "epss", "scoring_elements": "0.97608", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.45841", "scoring_system": "epss", "scoring_elements": "0.97611", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.45841", "scoring_system": "epss", "scoring_elements": "0.97617", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-32214" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548" }, { "reference_url": "https://datatracker.ietf.org/doc/html/rfc7230#section-3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://datatracker.ietf.org/doc/html/rfc7230#section-3" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/nodejs/llhttp/commit/18a4afc7ffb4e49dc9e2daebc50588199a6d1dbb", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/nodejs/llhttp/commit/18a4afc7ffb4e49dc9e2daebc50588199a6d1dbb" }, { "reference_url": "https://hackerone.com/reports/1524692", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/1524692" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32214", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32214" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220915-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220915-0001" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220915-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20220915-0001/" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5326", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2023/dsa-5326" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105428", "reference_id": "2105428", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105428" }, { "reference_url": "https://github.com/advisories/GHSA-q5vx-44v4-gch4", "reference_id": "GHSA-q5vx-44v4-gch4", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q5vx-44v4-gch4" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6389", "reference_id": "RHSA-2022:6389", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6389" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6448", "reference_id": "RHSA-2022:6448", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6448" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6449", "reference_id": "RHSA-2022:6449", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6449" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6595", "reference_id": "RHSA-2022:6595", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6595" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6985", "reference_id": "RHSA-2022:6985", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6985" }, { "reference_url": "https://usn.ubuntu.com/6491-1/", "reference_id": "USN-6491-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6491-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994760?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-2z1f-7jkw-17av" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-9yq7-aba3-c7c3" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-bx67-aud6-b3fa" }, { "vulnerability": "VCID-c8xz-v6h3-6ueb" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-e6gj-fe31-kkh5" }, { "vulnerability": "VCID-e7u5-356v-jbg7" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-nenk-4cgd-fugv" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-vkvx-gxbu-3uau" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-zstw-3wmu-u3c8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4" } ], "aliases": [ "CVE-2022-32214", "GHSA-q5vx-44v4-gch4" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8c4g-fjsa-nkhw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34824?format=api", "vulnerability_id": "VCID-9g7s-y7nq-xfbb", "summary": "Multiple vulnerabilities have been found in c-ares, the worst of which could result in the loss of confidentiality or integrity.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22939.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22939.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22939", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31612", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.3165", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31653", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31617", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31744", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31788", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31607", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.3166", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31689", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31693", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22939" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22939", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22939" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1993039", "reference_id": "1993039", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1993039" }, { "reference_url": "https://security.archlinux.org/AVG-2283", "reference_id": "AVG-2283", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2283" }, { "reference_url": "https://security.gentoo.org/glsa/202401-02", "reference_id": "GLSA-202401-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202401-02" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3280", "reference_id": "RHSA-2021:3280", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3280" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3281", "reference_id": "RHSA-2021:3281", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3281" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3623", "reference_id": "RHSA-2021:3623", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3623" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3638", "reference_id": "RHSA-2021:3638", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3638" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3639", "reference_id": "RHSA-2021:3639", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3639" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3666", "reference_id": "RHSA-2021:3666", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3666" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994760?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-2z1f-7jkw-17av" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-9yq7-aba3-c7c3" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-bx67-aud6-b3fa" }, { "vulnerability": "VCID-c8xz-v6h3-6ueb" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-e6gj-fe31-kkh5" }, { "vulnerability": "VCID-e7u5-356v-jbg7" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-nenk-4cgd-fugv" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-vkvx-gxbu-3uau" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-zstw-3wmu-u3c8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4" } ], "aliases": [ "CVE-2021-22939" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9g7s-y7nq-xfbb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45?format=api", "vulnerability_id": "VCID-9hzg-r1fj-pubf", "summary": "Excessive CPU usage in HTTP/2 with priority changes", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9513.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9513.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9513", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06705", "scoring_system": "epss", "scoring_elements": "0.91201", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.06705", "scoring_system": "epss", "scoring_elements": "0.91275", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.06705", "scoring_system": "epss", "scoring_elements": "0.91235", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.06705", "scoring_system": "epss", "scoring_elements": "0.91241", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.06705", "scoring_system": "epss", "scoring_elements": "0.91248", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.06705", "scoring_system": "epss", "scoring_elements": "0.91251", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.06705", "scoring_system": "epss", "scoring_elements": "0.9125", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.06705", "scoring_system": "epss", "scoring_elements": "0.91206", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.06705", "scoring_system": "epss", "scoring_elements": "0.91215", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.06705", "scoring_system": "epss", "scoring_elements": "0.91221", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9513" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735741", "reference_id": "1735741", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735741" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934885", "reference_id": "934885", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934885" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935037", "reference_id": "935037", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935037" }, { "reference_url": "https://security.archlinux.org/ASA-201908-12", "reference_id": "ASA-201908-12", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201908-12" }, { "reference_url": "https://security.archlinux.org/ASA-201908-13", "reference_id": "ASA-201908-13", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201908-13" }, { "reference_url": "https://security.archlinux.org/ASA-201908-17", "reference_id": "ASA-201908-17", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201908-17" }, { "reference_url": "https://security.archlinux.org/AVG-1022", "reference_id": "AVG-1022", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1022" }, { "reference_url": "https://security.archlinux.org/AVG-1023", "reference_id": "AVG-1023", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1023" }, { "reference_url": "https://security.archlinux.org/AVG-1024", "reference_id": "AVG-1024", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1024" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9513", "reference_id": "CVE-2019-9513", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9513" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2692", "reference_id": "RHSA-2019:2692", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2692" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2745", "reference_id": "RHSA-2019:2745", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2745" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2746", "reference_id": "RHSA-2019:2746", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2746" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2775", "reference_id": "RHSA-2019:2775", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2775" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2799", "reference_id": "RHSA-2019:2799", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2799" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2946", "reference_id": "RHSA-2019:2946", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2946" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2949", "reference_id": "RHSA-2019:2949", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2949" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3041", "reference_id": "RHSA-2019:3041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3932", "reference_id": "RHSA-2019:3932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3933", "reference_id": "RHSA-2019:3933", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3933" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3935", "reference_id": "RHSA-2019:3935", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3935" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0983", "reference_id": "RHSA-2020:0983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0983" }, { "reference_url": "https://usn.ubuntu.com/4099-1/", "reference_id": "USN-4099-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4099-1/" }, { "reference_url": "https://usn.ubuntu.com/6754-1/", "reference_id": "USN-6754-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6754-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1038014?format=api", "purl": "pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2z1f-7jkw-17av" }, { "vulnerability": "VCID-53xm-8w84-93cx" }, { "vulnerability": "VCID-5cf7-va9h-h3gy" }, { "vulnerability": "VCID-7tpb-9zrz-e7e1" }, { "vulnerability": "VCID-8c4g-fjsa-nkhw" }, { "vulnerability": "VCID-9g7s-y7nq-xfbb" }, { "vulnerability": "VCID-9yq7-aba3-c7c3" }, { "vulnerability": "VCID-b54b-pd2b-bygm" }, { "vulnerability": "VCID-bx67-aud6-b3fa" }, { "vulnerability": "VCID-c8xz-v6h3-6ueb" }, { "vulnerability": "VCID-dfdy-vhdd-5kh4" }, { "vulnerability": "VCID-e18p-c3m9-2qgy" }, { "vulnerability": "VCID-e6gj-fe31-kkh5" }, { "vulnerability": "VCID-e7u5-356v-jbg7" }, { "vulnerability": "VCID-gwyr-ac4e-dqfa" }, { "vulnerability": "VCID-hnjv-fp2r-vqfq" }, { "vulnerability": "VCID-m5ae-uc68-d3g2" }, { "vulnerability": "VCID-m7rw-arzq-jba1" }, { "vulnerability": "VCID-ms5y-gp7v-2qay" }, { "vulnerability": "VCID-n91z-kugd-ebb5" }, { "vulnerability": "VCID-nenk-4cgd-fugv" }, { "vulnerability": "VCID-pqnn-ers1-3fec" }, { "vulnerability": "VCID-q8th-849w-bfhp" }, { "vulnerability": "VCID-tnhd-rr89-9udh" }, { "vulnerability": "VCID-vkvx-gxbu-3uau" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-wzcw-dd7m-zkaz" }, { "vulnerability": "VCID-xnzh-wpd4-63f9" }, { "vulnerability": "VCID-zj4d-e8r7-ufg3" }, { "vulnerability": "VCID-zstw-3wmu-u3c8" }, { "vulnerability": "VCID-ztt4-vnk7-7ycq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1" } ], "aliases": [ "CVE-2019-9513" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9hzg-r1fj-pubf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57393?format=api", "vulnerability_id": "VCID-9tvd-qsp8-byfx", "summary": "Multiple vulnerabilities have been found in Node.js, worst of which\n could allow remote attackers to write arbitrary files.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5739.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5739.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5739", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.54291", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.54411", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.54412", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.54394", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.54372", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.54311", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.54341", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.54316", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.54368", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.54363", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5739" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5739", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5739" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/" }, { "reference_url": "https://security.gentoo.org/glsa/202003-48", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-48" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190502-0008/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20190502-0008/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1690798", "reference_id": "1690798", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1690798" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5739", "reference_id": "CVE-2019-5739", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5739" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1038014?format=api", "purl": "pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2z1f-7jkw-17av" }, { "vulnerability": "VCID-53xm-8w84-93cx" }, { "vulnerability": "VCID-5cf7-va9h-h3gy" }, { "vulnerability": "VCID-7tpb-9zrz-e7e1" }, { "vulnerability": "VCID-8c4g-fjsa-nkhw" }, { "vulnerability": "VCID-9g7s-y7nq-xfbb" }, { "vulnerability": "VCID-9yq7-aba3-c7c3" }, { "vulnerability": "VCID-b54b-pd2b-bygm" }, { "vulnerability": "VCID-bx67-aud6-b3fa" }, { "vulnerability": "VCID-c8xz-v6h3-6ueb" }, { "vulnerability": "VCID-dfdy-vhdd-5kh4" }, { "vulnerability": "VCID-e18p-c3m9-2qgy" }, { "vulnerability": "VCID-e6gj-fe31-kkh5" }, { "vulnerability": "VCID-e7u5-356v-jbg7" }, { "vulnerability": "VCID-gwyr-ac4e-dqfa" }, { "vulnerability": "VCID-hnjv-fp2r-vqfq" }, { "vulnerability": "VCID-m5ae-uc68-d3g2" }, { "vulnerability": "VCID-m7rw-arzq-jba1" }, { "vulnerability": "VCID-ms5y-gp7v-2qay" }, { "vulnerability": "VCID-n91z-kugd-ebb5" }, { "vulnerability": "VCID-nenk-4cgd-fugv" }, { "vulnerability": "VCID-pqnn-ers1-3fec" }, { "vulnerability": "VCID-q8th-849w-bfhp" }, { "vulnerability": "VCID-tnhd-rr89-9udh" }, { "vulnerability": "VCID-vkvx-gxbu-3uau" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-wzcw-dd7m-zkaz" }, { "vulnerability": "VCID-xnzh-wpd4-63f9" }, { "vulnerability": "VCID-zj4d-e8r7-ufg3" }, { "vulnerability": "VCID-zstw-3wmu-u3c8" }, { "vulnerability": "VCID-ztt4-vnk7-7ycq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1" } ], "aliases": [ "CVE-2019-5739" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9tvd-qsp8-byfx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57384?format=api", "vulnerability_id": "VCID-9v22-ened-4bg2", "summary": "Multiple vulnerabilities have been found in Node.js, worst of which\n could allow remote attackers to write arbitrary files.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12123.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12123.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12123", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04555", "scoring_system": "epss", "scoring_elements": "0.89144", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.04555", "scoring_system": "epss", "scoring_elements": "0.89151", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.04555", "scoring_system": "epss", "scoring_elements": "0.89166", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.04555", "scoring_system": "epss", "scoring_elements": "0.89169", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.04555", "scoring_system": "epss", "scoring_elements": "0.89187", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.04555", "scoring_system": "epss", "scoring_elements": "0.89192", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.04555", "scoring_system": "epss", "scoring_elements": "0.89202", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.04555", "scoring_system": "epss", "scoring_elements": "0.89198", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.04555", "scoring_system": "epss", "scoring_elements": "0.89195", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04555", "scoring_system": "epss", "scoring_elements": "0.89208", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12123" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12123", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12123" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1661010", "reference_id": "1661010", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1661010" }, { "reference_url": "https://usn.ubuntu.com/USN-4796-1/", "reference_id": "USN-USN-4796-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4796-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1038014?format=api", "purl": "pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2z1f-7jkw-17av" }, { "vulnerability": "VCID-53xm-8w84-93cx" }, { "vulnerability": "VCID-5cf7-va9h-h3gy" }, { "vulnerability": "VCID-7tpb-9zrz-e7e1" }, { "vulnerability": "VCID-8c4g-fjsa-nkhw" }, { "vulnerability": "VCID-9g7s-y7nq-xfbb" }, { "vulnerability": "VCID-9yq7-aba3-c7c3" }, { "vulnerability": "VCID-b54b-pd2b-bygm" }, { "vulnerability": "VCID-bx67-aud6-b3fa" }, { "vulnerability": "VCID-c8xz-v6h3-6ueb" }, { "vulnerability": "VCID-dfdy-vhdd-5kh4" }, { "vulnerability": "VCID-e18p-c3m9-2qgy" }, { "vulnerability": "VCID-e6gj-fe31-kkh5" }, { "vulnerability": "VCID-e7u5-356v-jbg7" }, { "vulnerability": "VCID-gwyr-ac4e-dqfa" }, { "vulnerability": "VCID-hnjv-fp2r-vqfq" }, { "vulnerability": "VCID-m5ae-uc68-d3g2" }, { "vulnerability": "VCID-m7rw-arzq-jba1" }, { "vulnerability": "VCID-ms5y-gp7v-2qay" }, { "vulnerability": "VCID-n91z-kugd-ebb5" }, { "vulnerability": "VCID-nenk-4cgd-fugv" }, { "vulnerability": "VCID-pqnn-ers1-3fec" }, { "vulnerability": "VCID-q8th-849w-bfhp" }, { "vulnerability": "VCID-tnhd-rr89-9udh" }, { "vulnerability": "VCID-vkvx-gxbu-3uau" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-wzcw-dd7m-zkaz" }, { "vulnerability": "VCID-xnzh-wpd4-63f9" }, { "vulnerability": "VCID-zj4d-e8r7-ufg3" }, { "vulnerability": "VCID-zstw-3wmu-u3c8" }, { "vulnerability": "VCID-ztt4-vnk7-7ycq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1" } ], "aliases": [ "CVE-2018-12123" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9v22-ened-4bg2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62495?format=api", "vulnerability_id": "VCID-9yq7-aba3-c7c3", "summary": "Multiple vulnerabilities have been discovered in Node.js.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32559.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32559.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-32559", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.1888", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.18885", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.18963", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19017", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19024", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.18977", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.18926", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19169", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22427", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-32559" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32559", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32559" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050739", "reference_id": "1050739", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050739" }, { "reference_url": "https://hackerone.com/reports/1946470", "reference_id": "1946470", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T13:34:58Z/" } ], "url": "https://hackerone.com/reports/1946470" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2230956", "reference_id": "2230956", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2230956" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20231006-0006/", "reference_id": "ntap-20231006-0006", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T13:34:58Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20231006-0006/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5360", "reference_id": "RHSA-2023:5360", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5360" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5361", "reference_id": "RHSA-2023:5361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5362", "reference_id": "RHSA-2023:5362", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5362" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5363", "reference_id": "RHSA-2023:5363", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5363" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5532", "reference_id": "RHSA-2023:5532", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5532" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5533", "reference_id": "RHSA-2023:5533", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5533" }, { "reference_url": "https://usn.ubuntu.com/6822-1/", "reference_id": "USN-6822-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6822-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994761?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1" } ], "aliases": [ "CVE-2023-32559" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9yq7-aba3-c7c3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53933?format=api", "vulnerability_id": "VCID-b54b-pd2b-bygm", "summary": "llhttp allows HTTP Request Smuggling via Flawed Parsing of Transfer-Encoding\nThe llhttp parser in the http module in Node.js v17.x does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS).\n\nImpacts:\n\n- All versions of the nodejs 18.x, 16.x, and 14.x releases lines.\n- llhttp v6.0.7 and llhttp v2.1.5 contains the fixes that were updated inside Node.js", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32213.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32213.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-32213", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.88458", "scoring_system": "epss", "scoring_elements": "0.99504", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.89626", "scoring_system": "epss", "scoring_elements": "0.99561", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.89626", "scoring_system": "epss", "scoring_elements": "0.9956", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.89626", "scoring_system": "epss", "scoring_elements": "0.99559", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.89626", "scoring_system": "epss", "scoring_elements": "0.99558", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.89626", "scoring_system": "epss", "scoring_elements": "0.99557", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-32213" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/nodejs/llhttp/commit/18a4afc7ffb4e49dc9e2daebc50588199a6d1dbb", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/nodejs/llhttp/commit/18a4afc7ffb4e49dc9e2daebc50588199a6d1dbb" }, { "reference_url": "https://hackerone.com/reports/1524555", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/1524555" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ICG6CSIB3GUWH5DUSQEVX53MOJW7LYK", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ICG6CSIB3GUWH5DUSQEVX53MOJW7LYK" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ICG6CSIB3GUWH5DUSQEVX53MOJW7LYK/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ICG6CSIB3GUWH5DUSQEVX53MOJW7LYK/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QCNN3YG2BCLS4ZEKJ3CLSUT6AS7AXTH3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QCNN3YG2BCLS4ZEKJ3CLSUT6AS7AXTH3" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QCNN3YG2BCLS4ZEKJ3CLSUT6AS7AXTH3/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QCNN3YG2BCLS4ZEKJ3CLSUT6AS7AXTH3/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMQK5L5SBYD47QQZ67LEMHNQ662GH3OY", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMQK5L5SBYD47QQZ67LEMHNQ662GH3OY" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMQK5L5SBYD47QQZ67LEMHNQ662GH3OY/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMQK5L5SBYD47QQZ67LEMHNQ662GH3OY/" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32213", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32213" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220915-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220915-0001" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220915-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20220915-0001/" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5326", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2023/dsa-5326" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105430", "reference_id": "2105430", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105430" }, { "reference_url": "https://github.com/advisories/GHSA-5689-v88g-g6rv", "reference_id": "GHSA-5689-v88g-g6rv", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5689-v88g-g6rv" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6389", "reference_id": "RHSA-2022:6389", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6389" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6448", "reference_id": "RHSA-2022:6448", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6448" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6449", "reference_id": "RHSA-2022:6449", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6449" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6595", "reference_id": "RHSA-2022:6595", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6595" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6985", "reference_id": "RHSA-2022:6985", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6985" }, { "reference_url": "https://usn.ubuntu.com/6491-1/", "reference_id": "USN-6491-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6491-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994760?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-2z1f-7jkw-17av" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-9yq7-aba3-c7c3" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-bx67-aud6-b3fa" }, { "vulnerability": "VCID-c8xz-v6h3-6ueb" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-e6gj-fe31-kkh5" }, { "vulnerability": "VCID-e7u5-356v-jbg7" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-nenk-4cgd-fugv" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-vkvx-gxbu-3uau" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-zstw-3wmu-u3c8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4" } ], "aliases": [ "CVE-2022-32213", "GHSA-5689-v88g-g6rv" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b54b-pd2b-bygm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37572?format=api", "vulnerability_id": "VCID-bx67-aud6-b3fa", "summary": "Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-22025.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-22025.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22025", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0043", "scoring_system": "epss", "scoring_elements": "0.62515", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0043", "scoring_system": "epss", "scoring_elements": "0.62483", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00636", "scoring_system": "epss", "scoring_elements": "0.70404", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00636", "scoring_system": "epss", "scoring_elements": "0.70415", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00636", "scoring_system": "epss", "scoring_elements": "0.70429", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00636", "scoring_system": "epss", "scoring_elements": "0.70444", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00636", "scoring_system": "epss", "scoring_elements": "0.70457", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00636", "scoring_system": "epss", "scoring_elements": "0.7042", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00636", "scoring_system": "epss", "scoring_elements": "0.70359", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22025" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22025", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22025" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270559", "reference_id": "2270559", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270559" }, { "reference_url": "https://hackerone.com/reports/2284065", "reference_id": "2284065", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T20:30:35Z/" } ], "url": "https://hackerone.com/reports/2284065" }, { "reference_url": "https://security.gentoo.org/glsa/202505-11", "reference_id": "GLSA-202505-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-11" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00029.html", "reference_id": "msg00029.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T20:30:35Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00029.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240517-0008/", "reference_id": "ntap-20240517-0008", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T20:30:35Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240517-0008/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2778", "reference_id": "RHSA-2024:2778", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2778" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2779", "reference_id": "RHSA-2024:2779", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2779" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2780", "reference_id": "RHSA-2024:2780", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2780" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2853", "reference_id": "RHSA-2024:2853", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2853" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2910", "reference_id": "RHSA-2024:2910", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2910" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4559", "reference_id": "RHSA-2024:4559", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4559" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4721", "reference_id": "RHSA-2024:4721", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4721" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994761?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1" } ], "aliases": [ "CVE-2024-22025" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bx67-aud6-b3fa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69900?format=api", "vulnerability_id": "VCID-c8xz-v6h3-6ueb", "summary": "nodejs: libuv: Out-of-Bounds Access Due to Inconsistent off_t Size in libuv and Node.js Build on i386", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47153.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47153.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-47153", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71787", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71861", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71805", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71779", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71818", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71829", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71854", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71837", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71819", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-47153" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47153", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47153" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2363236", "reference_id": "2363236", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2363236" }, { "reference_url": "https://github.com/nodejs/node-v0.x-archive/issues/4549", "reference_id": "4549", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:42:34Z/" } ], "url": "https://github.com/nodejs/node-v0.x-archive/issues/4549" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076350", "reference_id": "bugreport.cgi?bug=1076350", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:42:34Z/" } ], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076350" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922075", "reference_id": "bugreport.cgi?bug=922075", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:42:34Z/" } ], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922075" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=892601", "reference_id": "show_bug.cgi?id=892601", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:42:34Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=892601" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994761?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1" } ], "aliases": [ "CVE-2025-47153" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c8xz-v6h3-6ueb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62479?format=api", "vulnerability_id": "VCID-dfdy-vhdd-5kh4", "summary": "Multiple vulnerabilities have been discovered in Node.js.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35256.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35256.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35256", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03945", "scoring_system": "epss", "scoring_elements": "0.88301", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03945", "scoring_system": "epss", "scoring_elements": "0.88361", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.03945", "scoring_system": "epss", "scoring_elements": "0.88315", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03945", "scoring_system": "epss", "scoring_elements": "0.8832", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03945", "scoring_system": "epss", "scoring_elements": "0.88339", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03945", "scoring_system": "epss", "scoring_elements": "0.88346", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03945", "scoring_system": "epss", "scoring_elements": "0.88356", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03945", "scoring_system": "epss", "scoring_elements": "0.88348", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35256" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/1675191", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-24T13:21:44Z/" } ], "url": "https://hackerone.com/reports/1675191" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130518", "reference_id": "2130518", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130518" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35256", "reference_id": "CVE-2022-35256", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35256" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6963", "reference_id": "RHSA-2022:6963", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6963" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6964", "reference_id": "RHSA-2022:6964", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6964" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7044", "reference_id": "RHSA-2022:7044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7821", "reference_id": "RHSA-2022:7821", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7821" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7830", "reference_id": "RHSA-2022:7830", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7830" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0321", "reference_id": "RHSA-2023:0321", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0321" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1533", "reference_id": "RHSA-2023:1533", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1533" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1742", "reference_id": "RHSA-2023:1742", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1742" }, { "reference_url": "https://usn.ubuntu.com/6491-1/", "reference_id": "USN-6491-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6491-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994760?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-2z1f-7jkw-17av" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-9yq7-aba3-c7c3" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-bx67-aud6-b3fa" }, { "vulnerability": "VCID-c8xz-v6h3-6ueb" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-e6gj-fe31-kkh5" }, { "vulnerability": "VCID-e7u5-356v-jbg7" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-nenk-4cgd-fugv" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-vkvx-gxbu-3uau" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-zstw-3wmu-u3c8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4" } ], "aliases": [ "CVE-2022-35256" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dfdy-vhdd-5kh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/25?format=api", "vulnerability_id": "VCID-dmv4-ydq9-a7eq", "summary": "Excessive CPU usage in HTTP/2 with small window updates", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9511.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9511.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9511", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.13948", "scoring_system": "epss", "scoring_elements": "0.94283", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.13948", "scoring_system": "epss", "scoring_elements": "0.94339", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.13948", "scoring_system": "epss", "scoring_elements": "0.94304", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.13948", "scoring_system": "epss", "scoring_elements": "0.94313", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.13948", "scoring_system": "epss", "scoring_elements": "0.94318", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.13948", "scoring_system": "epss", "scoring_elements": "0.94322", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.13948", "scoring_system": "epss", "scoring_elements": "0.94324", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.13948", "scoring_system": "epss", "scoring_elements": "0.94292", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.13948", "scoring_system": "epss", "scoring_elements": "0.94302", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9511" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "medium", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741860", "reference_id": "1741860", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741860" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934885", "reference_id": "934885", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934885" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935037", "reference_id": "935037", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935037" }, { "reference_url": "https://security.archlinux.org/ASA-201908-12", "reference_id": "ASA-201908-12", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201908-12" }, { "reference_url": "https://security.archlinux.org/ASA-201908-13", "reference_id": "ASA-201908-13", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201908-13" }, { "reference_url": "https://security.archlinux.org/ASA-201908-17", "reference_id": "ASA-201908-17", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201908-17" }, { "reference_url": "https://security.archlinux.org/AVG-1022", "reference_id": "AVG-1022", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1022" }, { "reference_url": "https://security.archlinux.org/AVG-1023", "reference_id": "AVG-1023", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1023" }, { "reference_url": "https://security.archlinux.org/AVG-1024", "reference_id": "AVG-1024", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1024" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9511", "reference_id": "CVE-2019-9511", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9511" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2692", "reference_id": "RHSA-2019:2692", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2692" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2745", "reference_id": "RHSA-2019:2745", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2745" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2746", "reference_id": "RHSA-2019:2746", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2746" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2775", "reference_id": "RHSA-2019:2775", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2775" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2799", "reference_id": "RHSA-2019:2799", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2799" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2946", "reference_id": "RHSA-2019:2946", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2946" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2949", "reference_id": "RHSA-2019:2949", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2949" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3041", "reference_id": "RHSA-2019:3041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3932", "reference_id": "RHSA-2019:3932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3933", "reference_id": "RHSA-2019:3933", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3933" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3935", "reference_id": "RHSA-2019:3935", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3935" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0922", "reference_id": "RHSA-2020:0922", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0922" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1445", "reference_id": "RHSA-2020:1445", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1445" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2067", "reference_id": "RHSA-2020:2067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2067" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2565", "reference_id": "RHSA-2020:2565", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2565" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3192", "reference_id": "RHSA-2020:3192", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3192" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5856", "reference_id": "RHSA-2024:5856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5856" }, { "reference_url": "https://usn.ubuntu.com/4099-1/", "reference_id": "USN-4099-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4099-1/" }, { "reference_url": "https://usn.ubuntu.com/6754-1/", "reference_id": "USN-6754-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6754-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1038014?format=api", "purl": "pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2z1f-7jkw-17av" }, { "vulnerability": "VCID-53xm-8w84-93cx" }, { "vulnerability": "VCID-5cf7-va9h-h3gy" }, { "vulnerability": "VCID-7tpb-9zrz-e7e1" }, { "vulnerability": "VCID-8c4g-fjsa-nkhw" }, { "vulnerability": "VCID-9g7s-y7nq-xfbb" }, { "vulnerability": "VCID-9yq7-aba3-c7c3" }, { "vulnerability": "VCID-b54b-pd2b-bygm" }, { "vulnerability": "VCID-bx67-aud6-b3fa" }, { "vulnerability": "VCID-c8xz-v6h3-6ueb" }, { "vulnerability": "VCID-dfdy-vhdd-5kh4" }, { "vulnerability": "VCID-e18p-c3m9-2qgy" }, { "vulnerability": "VCID-e6gj-fe31-kkh5" }, { "vulnerability": "VCID-e7u5-356v-jbg7" }, { "vulnerability": "VCID-gwyr-ac4e-dqfa" }, { "vulnerability": "VCID-hnjv-fp2r-vqfq" }, { "vulnerability": "VCID-m5ae-uc68-d3g2" }, { "vulnerability": "VCID-m7rw-arzq-jba1" }, { "vulnerability": "VCID-ms5y-gp7v-2qay" }, { "vulnerability": "VCID-n91z-kugd-ebb5" }, { "vulnerability": "VCID-nenk-4cgd-fugv" }, { "vulnerability": "VCID-pqnn-ers1-3fec" }, { "vulnerability": "VCID-q8th-849w-bfhp" }, { "vulnerability": "VCID-tnhd-rr89-9udh" }, { "vulnerability": "VCID-vkvx-gxbu-3uau" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-wzcw-dd7m-zkaz" }, { "vulnerability": "VCID-xnzh-wpd4-63f9" }, { "vulnerability": "VCID-zj4d-e8r7-ufg3" }, { "vulnerability": "VCID-zstw-3wmu-u3c8" }, { "vulnerability": "VCID-ztt4-vnk7-7ycq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1" } ], "aliases": [ "CVE-2019-9511" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dmv4-ydq9-a7eq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62473?format=api", "vulnerability_id": "VCID-e18p-c3m9-2qgy", "summary": "Multiple vulnerabilities have been discovered in Node.js.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44532.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44532.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-44532", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32731", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32862", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32897", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32718", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32765", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32792", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32794", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32756", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.3273", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32771", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-44532" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004177", "reference_id": "1004177", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004177" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040846", "reference_id": "2040846", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040846" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:4914", "reference_id": "RHSA-2022:4914", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:4914" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7044", "reference_id": "RHSA-2022:7044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7830", "reference_id": "RHSA-2022:7830", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7830" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:9073", "reference_id": "RHSA-2022:9073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:9073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1742", "reference_id": "RHSA-2023:1742", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1742" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3742", "reference_id": "RHSA-2023:3742", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994760?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-2z1f-7jkw-17av" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-9yq7-aba3-c7c3" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-bx67-aud6-b3fa" }, { "vulnerability": "VCID-c8xz-v6h3-6ueb" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-e6gj-fe31-kkh5" }, { "vulnerability": "VCID-e7u5-356v-jbg7" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-nenk-4cgd-fugv" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-vkvx-gxbu-3uau" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-zstw-3wmu-u3c8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4" } ], "aliases": [ "CVE-2021-44532" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e18p-c3m9-2qgy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37546?format=api", "vulnerability_id": "VCID-e6gj-fe31-kkh5", "summary": "Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46809.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46809.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-46809", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01239", "scoring_system": "epss", "scoring_elements": "0.79194", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01239", "scoring_system": "epss", "scoring_elements": "0.79259", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01239", "scoring_system": "epss", "scoring_elements": "0.7926", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01239", "scoring_system": "epss", "scoring_elements": "0.79244", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01239", "scoring_system": "epss", "scoring_elements": "0.79232", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01239", "scoring_system": "epss", "scoring_elements": "0.79218", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01239", "scoring_system": "epss", "scoring_elements": "0.79203", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01239", "scoring_system": "epss", "scoring_elements": "0.79228", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01239", "scoring_system": "epss", "scoring_elements": "0.79236", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-46809" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46809" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064055", "reference_id": "1064055", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064055" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264569", "reference_id": "2264569", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264569" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/february-2024-security-releases", "reference_id": "february-2024-security-releases", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T17:40:41Z/" } ], "url": "https://nodejs.org/en/blog/vulnerability/february-2024-security-releases" }, { "reference_url": "https://security.gentoo.org/glsa/202505-11", "reference_id": "GLSA-202505-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-11" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1503", "reference_id": "RHSA-2024:1503", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1503" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1510", "reference_id": "RHSA-2024:1510", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1510" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1687", "reference_id": "RHSA-2024:1687", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1687" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1688", "reference_id": "RHSA-2024:1688", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1688" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1880", "reference_id": "RHSA-2024:1880", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1880" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1932", "reference_id": "RHSA-2024:1932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1932" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994761?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1" } ], "aliases": [ "CVE-2023-46809" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e6gj-fe31-kkh5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62488?format=api", "vulnerability_id": "VCID-e7u5-356v-jbg7", "summary": "Multiple vulnerabilities have been discovered in Node.js.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30590.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30590.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30590", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00954", "scoring_system": "epss", "scoring_elements": "0.76361", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00954", "scoring_system": "epss", "scoring_elements": "0.76391", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00954", "scoring_system": "epss", "scoring_elements": "0.76373", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00954", "scoring_system": "epss", "scoring_elements": "0.76405", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00954", "scoring_system": "epss", "scoring_elements": "0.7642", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00954", "scoring_system": "epss", "scoring_elements": "0.76445", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00954", "scoring_system": "epss", "scoring_elements": "0.76423", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00954", "scoring_system": "epss", "scoring_elements": "0.76418", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00954", "scoring_system": "epss", "scoring_elements": "0.76459", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30590" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30590", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30590" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039990", "reference_id": "1039990", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039990" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219842", "reference_id": "2219842", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219842" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4330", "reference_id": "RHSA-2023:4330", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4330" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4331", "reference_id": "RHSA-2023:4331", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4331" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4536", "reference_id": "RHSA-2023:4536", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4536" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4537", "reference_id": "RHSA-2023:4537", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4537" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5361", "reference_id": "RHSA-2023:5361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5533", "reference_id": "RHSA-2023:5533", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5533" }, { "reference_url": "https://usn.ubuntu.com/6735-1/", "reference_id": "USN-6735-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6735-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994761?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1" } ], "aliases": [ "CVE-2023-30590" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e7u5-356v-jbg7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57381?format=api", "vulnerability_id": "VCID-f7ch-ze7a-d7gr", "summary": "Multiple vulnerabilities have been found in Node.js, worst of which\n could allow remote attackers to write arbitrary files.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12116.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12116.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12116", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00619", "scoring_system": "epss", "scoring_elements": "0.69917", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00619", "scoring_system": "epss", "scoring_elements": "0.69929", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00619", "scoring_system": "epss", "scoring_elements": "0.69944", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00619", "scoring_system": "epss", "scoring_elements": "0.69922", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00619", "scoring_system": "epss", "scoring_elements": "0.6997", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00619", "scoring_system": "epss", "scoring_elements": "0.69987", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00619", "scoring_system": "epss", "scoring_elements": "0.7001", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00619", "scoring_system": "epss", "scoring_elements": "0.69995", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00619", "scoring_system": "epss", "scoring_elements": "0.69981", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00619", "scoring_system": "epss", "scoring_elements": "0.70024", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12116" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12116", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12116" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1660998", "reference_id": "1660998", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1660998" }, { "reference_url": "https://usn.ubuntu.com/USN-4796-1/", "reference_id": "USN-USN-4796-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4796-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1038014?format=api", "purl": "pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2z1f-7jkw-17av" }, { "vulnerability": "VCID-53xm-8w84-93cx" }, { "vulnerability": "VCID-5cf7-va9h-h3gy" }, { "vulnerability": "VCID-7tpb-9zrz-e7e1" }, { "vulnerability": "VCID-8c4g-fjsa-nkhw" }, { "vulnerability": "VCID-9g7s-y7nq-xfbb" }, { "vulnerability": "VCID-9yq7-aba3-c7c3" }, { "vulnerability": "VCID-b54b-pd2b-bygm" }, { "vulnerability": "VCID-bx67-aud6-b3fa" }, { "vulnerability": "VCID-c8xz-v6h3-6ueb" }, { "vulnerability": "VCID-dfdy-vhdd-5kh4" }, { "vulnerability": "VCID-e18p-c3m9-2qgy" }, { "vulnerability": "VCID-e6gj-fe31-kkh5" }, { "vulnerability": "VCID-e7u5-356v-jbg7" }, { "vulnerability": "VCID-gwyr-ac4e-dqfa" }, { "vulnerability": "VCID-hnjv-fp2r-vqfq" }, { "vulnerability": "VCID-m5ae-uc68-d3g2" }, { "vulnerability": "VCID-m7rw-arzq-jba1" }, { "vulnerability": "VCID-ms5y-gp7v-2qay" }, { "vulnerability": "VCID-n91z-kugd-ebb5" }, { "vulnerability": "VCID-nenk-4cgd-fugv" }, { "vulnerability": "VCID-pqnn-ers1-3fec" }, { "vulnerability": "VCID-q8th-849w-bfhp" }, { "vulnerability": "VCID-tnhd-rr89-9udh" }, { "vulnerability": "VCID-vkvx-gxbu-3uau" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-wzcw-dd7m-zkaz" }, { "vulnerability": "VCID-xnzh-wpd4-63f9" }, { "vulnerability": "VCID-zj4d-e8r7-ufg3" }, { "vulnerability": "VCID-zstw-3wmu-u3c8" }, { "vulnerability": "VCID-ztt4-vnk7-7ycq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1" } ], "aliases": [ "CVE-2018-12116" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f7ch-ze7a-d7gr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11561?format=api", "vulnerability_id": "VCID-gwyr-ac4e-dqfa", "summary": "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')\nThe llhttp parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22959.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22959.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22959", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43692", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43791", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43746", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.4373", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43747", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43772", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43706", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43756", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43759", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43779", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22959" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/1238709", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1238709" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2014057", "reference_id": "2014057", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2014057" }, { "reference_url": "https://security.archlinux.org/ASA-202110-4", "reference_id": "ASA-202110-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202110-4" }, { "reference_url": "https://security.archlinux.org/AVG-2460", "reference_id": "AVG-2460", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2460" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22959", "reference_id": "CVE-2021-22959", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22959" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5171", "reference_id": "RHSA-2021:5171", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5171" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0041", "reference_id": "RHSA-2022:0041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0246", "reference_id": "RHSA-2022:0246", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0246" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0350", "reference_id": "RHSA-2022:0350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:4914", "reference_id": "RHSA-2022:4914", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:4914" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994760?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-2z1f-7jkw-17av" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-9yq7-aba3-c7c3" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-bx67-aud6-b3fa" }, { "vulnerability": "VCID-c8xz-v6h3-6ueb" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-e6gj-fe31-kkh5" }, { "vulnerability": "VCID-e7u5-356v-jbg7" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-nenk-4cgd-fugv" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-vkvx-gxbu-3uau" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-zstw-3wmu-u3c8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4" } ], "aliases": [ "CVE-2021-22959" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gwyr-ac4e-dqfa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82978?format=api", "vulnerability_id": "VCID-h8gu-1htb-u3fg", "summary": "nodejs: Debugger port 5858 listens on any interface by default", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12120.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12120.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12120", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.61938", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.6201", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.62041", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.62009", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.62059", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.62077", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.62098", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.62087", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.62066", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.62109", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12120" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12120", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12120" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1661016", "reference_id": "1661016", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1661016" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1038014?format=api", "purl": "pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2z1f-7jkw-17av" }, { "vulnerability": "VCID-53xm-8w84-93cx" }, { "vulnerability": "VCID-5cf7-va9h-h3gy" }, { "vulnerability": "VCID-7tpb-9zrz-e7e1" }, { "vulnerability": "VCID-8c4g-fjsa-nkhw" }, { "vulnerability": "VCID-9g7s-y7nq-xfbb" }, { "vulnerability": "VCID-9yq7-aba3-c7c3" }, { "vulnerability": "VCID-b54b-pd2b-bygm" }, { "vulnerability": "VCID-bx67-aud6-b3fa" }, { "vulnerability": "VCID-c8xz-v6h3-6ueb" }, { "vulnerability": "VCID-dfdy-vhdd-5kh4" }, { "vulnerability": "VCID-e18p-c3m9-2qgy" }, { "vulnerability": "VCID-e6gj-fe31-kkh5" }, { "vulnerability": "VCID-e7u5-356v-jbg7" }, { "vulnerability": "VCID-gwyr-ac4e-dqfa" }, { "vulnerability": "VCID-hnjv-fp2r-vqfq" }, { "vulnerability": "VCID-m5ae-uc68-d3g2" }, { "vulnerability": "VCID-m7rw-arzq-jba1" }, { "vulnerability": "VCID-ms5y-gp7v-2qay" }, { "vulnerability": "VCID-n91z-kugd-ebb5" }, { "vulnerability": "VCID-nenk-4cgd-fugv" }, { "vulnerability": "VCID-pqnn-ers1-3fec" }, { "vulnerability": "VCID-q8th-849w-bfhp" }, { "vulnerability": "VCID-tnhd-rr89-9udh" }, { "vulnerability": "VCID-vkvx-gxbu-3uau" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-wzcw-dd7m-zkaz" }, { "vulnerability": "VCID-xnzh-wpd4-63f9" }, { "vulnerability": "VCID-zj4d-e8r7-ufg3" }, { "vulnerability": "VCID-zstw-3wmu-u3c8" }, { "vulnerability": "VCID-ztt4-vnk7-7ycq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1" } ], "aliases": [ "CVE-2018-12120" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h8gu-1htb-u3fg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78661?format=api", "vulnerability_id": "VCID-hnjv-fp2r-vqfq", "summary": "Node.js: insecure loading of ICU data through ICU_DATA environment variable", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23920.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23920.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-23920", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26656", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26511", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26699", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26485", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26553", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26602", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26608", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26562", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26505", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-23920" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23920", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23920" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031834", "reference_id": "1031834", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031834" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172217", "reference_id": "2172217", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172217" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5395", "reference_id": "dsa-5395", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-12T14:22:16Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5395" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/", "reference_id": "february-2023-security-releases", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-12T14:22:16Z/" } ], "url": "https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00038.html", "reference_id": "msg00038.html", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-12T14:22:16Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00038.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230316-0008/", "reference_id": "ntap-20230316-0008", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-12T14:22:16Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230316-0008/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1533", "reference_id": "RHSA-2023:1533", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1533" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1582", "reference_id": "RHSA-2023:1582", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1582" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1583", "reference_id": "RHSA-2023:1583", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1583" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1742", "reference_id": "RHSA-2023:1742", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1742" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1743", "reference_id": "RHSA-2023:1743", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1743" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1744", "reference_id": "RHSA-2023:1744", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1744" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2654", "reference_id": "RHSA-2023:2654", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2654" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2655", "reference_id": "RHSA-2023:2655", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2655" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5533", "reference_id": "RHSA-2023:5533", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5533" }, { "reference_url": "https://usn.ubuntu.com/6672-1/", "reference_id": "USN-6672-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6672-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994760?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-2z1f-7jkw-17av" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-9yq7-aba3-c7c3" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-bx67-aud6-b3fa" }, { "vulnerability": "VCID-c8xz-v6h3-6ueb" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-e6gj-fe31-kkh5" }, { "vulnerability": "VCID-e7u5-356v-jbg7" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-nenk-4cgd-fugv" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-vkvx-gxbu-3uau" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-zstw-3wmu-u3c8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4" } ], "aliases": [ "CVE-2023-23920" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hnjv-fp2r-vqfq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84192?format=api", "vulnerability_id": "VCID-hu7c-gc8f-q3cm", "summary": "nodejs: Constant Hashtable Seeds vulnerability", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11499.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11499.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-11499", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59252", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59395", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.5938", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59362", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59326", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59349", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59314", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59364", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59377", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59396", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-11499" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11499", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11499" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1475327", "reference_id": "1475327", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1475327" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868162", "reference_id": "868162", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868162" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2908", "reference_id": "RHSA-2017:2908", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2908" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3002", "reference_id": "RHSA-2017:3002", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3002" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1038014?format=api", "purl": "pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2z1f-7jkw-17av" }, { "vulnerability": "VCID-53xm-8w84-93cx" }, { "vulnerability": "VCID-5cf7-va9h-h3gy" }, { "vulnerability": "VCID-7tpb-9zrz-e7e1" }, { "vulnerability": "VCID-8c4g-fjsa-nkhw" }, { "vulnerability": "VCID-9g7s-y7nq-xfbb" }, { "vulnerability": "VCID-9yq7-aba3-c7c3" }, { "vulnerability": "VCID-b54b-pd2b-bygm" }, { "vulnerability": "VCID-bx67-aud6-b3fa" }, { "vulnerability": "VCID-c8xz-v6h3-6ueb" }, { "vulnerability": "VCID-dfdy-vhdd-5kh4" }, { "vulnerability": "VCID-e18p-c3m9-2qgy" }, { "vulnerability": "VCID-e6gj-fe31-kkh5" }, { "vulnerability": "VCID-e7u5-356v-jbg7" }, { "vulnerability": "VCID-gwyr-ac4e-dqfa" }, { "vulnerability": "VCID-hnjv-fp2r-vqfq" }, { "vulnerability": "VCID-m5ae-uc68-d3g2" }, { "vulnerability": "VCID-m7rw-arzq-jba1" }, { "vulnerability": "VCID-ms5y-gp7v-2qay" }, { "vulnerability": "VCID-n91z-kugd-ebb5" }, { "vulnerability": "VCID-nenk-4cgd-fugv" }, { "vulnerability": "VCID-pqnn-ers1-3fec" }, { "vulnerability": "VCID-q8th-849w-bfhp" }, { "vulnerability": "VCID-tnhd-rr89-9udh" }, { "vulnerability": "VCID-vkvx-gxbu-3uau" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-wzcw-dd7m-zkaz" }, { "vulnerability": "VCID-xnzh-wpd4-63f9" }, { "vulnerability": "VCID-zj4d-e8r7-ufg3" }, { "vulnerability": "VCID-zstw-3wmu-u3c8" }, { "vulnerability": "VCID-ztt4-vnk7-7ycq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1" } ], "aliases": [ "CVE-2017-11499" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hu7c-gc8f-q3cm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57390?format=api", "vulnerability_id": "VCID-ke6j-fgys-gyga", "summary": "Multiple vulnerabilities have been found in Node.js, worst of which\n could allow remote attackers to write arbitrary files.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15605.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15605.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15605", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.32252", "scoring_system": "epss", "scoring_elements": "0.96807", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.32252", "scoring_system": "epss", "scoring_elements": "0.96815", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.32252", "scoring_system": "epss", "scoring_elements": "0.96816", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.32252", "scoring_system": "epss", "scoring_elements": "0.9682", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.32252", "scoring_system": "epss", "scoring_elements": "0.96828", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.32252", "scoring_system": "epss", "scoring_elements": "0.9683", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.32252", "scoring_system": "epss", "scoring_elements": "0.96832", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.32252", "scoring_system": "epss", "scoring_elements": "0.96834", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.32252", "scoring_system": "epss", "scoring_elements": "0.9684", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15605" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800364", "reference_id": "1800364", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800364" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977467", "reference_id": "977467", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977467" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0598", "reference_id": "RHSA-2020:0598", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0598" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0703", "reference_id": "RHSA-2020:0703", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0703" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0707", "reference_id": "RHSA-2020:0707", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0707" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0708", "reference_id": "RHSA-2020:0708", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0708" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1510", "reference_id": "RHSA-2020:1510", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1510" }, { "reference_url": "https://usn.ubuntu.com/6380-1/", "reference_id": "USN-6380-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6380-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1038014?format=api", "purl": "pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2z1f-7jkw-17av" }, { "vulnerability": "VCID-53xm-8w84-93cx" }, { "vulnerability": "VCID-5cf7-va9h-h3gy" }, { "vulnerability": "VCID-7tpb-9zrz-e7e1" }, { "vulnerability": "VCID-8c4g-fjsa-nkhw" }, { "vulnerability": "VCID-9g7s-y7nq-xfbb" }, { "vulnerability": "VCID-9yq7-aba3-c7c3" }, { "vulnerability": "VCID-b54b-pd2b-bygm" }, { "vulnerability": "VCID-bx67-aud6-b3fa" }, { "vulnerability": "VCID-c8xz-v6h3-6ueb" }, { "vulnerability": "VCID-dfdy-vhdd-5kh4" }, { "vulnerability": "VCID-e18p-c3m9-2qgy" }, { "vulnerability": "VCID-e6gj-fe31-kkh5" }, { "vulnerability": "VCID-e7u5-356v-jbg7" }, { "vulnerability": "VCID-gwyr-ac4e-dqfa" }, { "vulnerability": "VCID-hnjv-fp2r-vqfq" }, { "vulnerability": "VCID-m5ae-uc68-d3g2" }, { "vulnerability": "VCID-m7rw-arzq-jba1" }, { "vulnerability": "VCID-ms5y-gp7v-2qay" }, { "vulnerability": "VCID-n91z-kugd-ebb5" }, { "vulnerability": "VCID-nenk-4cgd-fugv" }, { "vulnerability": "VCID-pqnn-ers1-3fec" }, { "vulnerability": "VCID-q8th-849w-bfhp" }, { "vulnerability": "VCID-tnhd-rr89-9udh" }, { "vulnerability": "VCID-vkvx-gxbu-3uau" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-wzcw-dd7m-zkaz" }, { "vulnerability": "VCID-xnzh-wpd4-63f9" }, { "vulnerability": "VCID-zj4d-e8r7-ufg3" }, { "vulnerability": "VCID-zstw-3wmu-u3c8" }, { "vulnerability": "VCID-ztt4-vnk7-7ycq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1" } ], "aliases": [ "CVE-2019-15605" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ke6j-fgys-gyga" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13041?format=api", "vulnerability_id": "VCID-m5ae-uc68-d3g2", "summary": "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')\nThis advisory has been marked as a false positive.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21824.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21824.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21824", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00505", "scoring_system": "epss", "scoring_elements": "0.66171", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0066", "scoring_system": "epss", "scoring_elements": "0.71033", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0066", "scoring_system": "epss", "scoring_elements": "0.71076", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0066", "scoring_system": "epss", "scoring_elements": "0.71088", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0066", "scoring_system": "epss", "scoring_elements": "0.71111", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0066", "scoring_system": "epss", "scoring_elements": "0.71096", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0066", "scoring_system": "epss", "scoring_elements": "0.7108", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0066", "scoring_system": "epss", "scoring_elements": "0.71126", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0066", "scoring_system": "epss", "scoring_elements": "0.71058", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21824" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/1431042", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1431042" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220325-0007/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20220325-0007/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220729-0004/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20220729-0004/" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5170", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2022/dsa-5170" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004177", "reference_id": "1004177", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004177" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040862", "reference_id": "2040862", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040862" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21824", "reference_id": "CVE-2022-21824", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21824" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:4914", "reference_id": "RHSA-2022:4914", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:4914" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7044", "reference_id": "RHSA-2022:7044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7830", "reference_id": "RHSA-2022:7830", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7830" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:9073", "reference_id": "RHSA-2022:9073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:9073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1742", "reference_id": "RHSA-2023:1742", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1742" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3742", "reference_id": "RHSA-2023:3742", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994760?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-2z1f-7jkw-17av" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-9yq7-aba3-c7c3" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-bx67-aud6-b3fa" }, { "vulnerability": "VCID-c8xz-v6h3-6ueb" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-e6gj-fe31-kkh5" }, { "vulnerability": "VCID-e7u5-356v-jbg7" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-nenk-4cgd-fugv" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-vkvx-gxbu-3uau" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-zstw-3wmu-u3c8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4" } ], "aliases": [ "CVE-2022-21824" ], "risk_score": 3.7, "exploitability": "0.5", "weighted_severity": "7.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m5ae-uc68-d3g2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62480?format=api", "vulnerability_id": "VCID-m7rw-arzq-jba1", "summary": "Multiple vulnerabilities have been discovered in Node.js.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43548.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43548.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43548", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68402", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68484", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68422", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68398", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68449", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68466", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68492", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.6848", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68447", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43548" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023518", "reference_id": "1023518", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023518" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140911", "reference_id": "2140911", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140911" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00038.html", "reference_id": "msg00038.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-24T14:03:01Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00038.html" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/", "reference_id": "november-2022-security-releases", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-24T14:03:01Z/" } ], "url": "https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230120-0004/", "reference_id": "ntap-20230120-0004", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-24T14:03:01Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230120-0004/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230427-0007/", "reference_id": "ntap-20230427-0007", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-24T14:03:01Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230427-0007/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8832", "reference_id": "RHSA-2022:8832", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8832" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8833", "reference_id": "RHSA-2022:8833", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8833" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:9073", "reference_id": "RHSA-2022:9073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:9073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0050", "reference_id": "RHSA-2023:0050", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0050" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0321", "reference_id": "RHSA-2023:0321", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0321" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0612", "reference_id": "RHSA-2023:0612", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0612" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1533", "reference_id": "RHSA-2023:1533", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1533" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1742", "reference_id": "RHSA-2023:1742", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1742" }, { "reference_url": "https://usn.ubuntu.com/6491-1/", "reference_id": "USN-6491-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6491-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994760?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-2z1f-7jkw-17av" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-9yq7-aba3-c7c3" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-bx67-aud6-b3fa" }, { "vulnerability": "VCID-c8xz-v6h3-6ueb" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-e6gj-fe31-kkh5" }, { "vulnerability": "VCID-e7u5-356v-jbg7" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-nenk-4cgd-fugv" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-vkvx-gxbu-3uau" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-zstw-3wmu-u3c8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4" } ], "aliases": [ "CVE-2022-43548" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m7rw-arzq-jba1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62474?format=api", "vulnerability_id": "VCID-ms5y-gp7v-2qay", "summary": "Multiple vulnerabilities have been discovered in Node.js.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44533.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44533.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-44533", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00421", "scoring_system": "epss", "scoring_elements": "0.61846", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00421", "scoring_system": "epss", "scoring_elements": "0.6192", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00421", "scoring_system": "epss", "scoring_elements": "0.6195", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00421", "scoring_system": "epss", "scoring_elements": "0.61969", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00421", "scoring_system": "epss", "scoring_elements": "0.61987", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00421", "scoring_system": "epss", "scoring_elements": "0.62008", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00421", "scoring_system": "epss", "scoring_elements": "0.61997", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00421", "scoring_system": "epss", "scoring_elements": "0.61977", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00421", "scoring_system": "epss", "scoring_elements": "0.62019", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-44533" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004177", "reference_id": "1004177", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004177" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040856", "reference_id": "2040856", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040856" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:4914", "reference_id": "RHSA-2022:4914", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:4914" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7044", "reference_id": "RHSA-2022:7044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7830", "reference_id": "RHSA-2022:7830", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7830" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:9073", "reference_id": "RHSA-2022:9073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:9073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1742", "reference_id": "RHSA-2023:1742", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1742" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3742", "reference_id": "RHSA-2023:3742", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994760?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-2z1f-7jkw-17av" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-9yq7-aba3-c7c3" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-bx67-aud6-b3fa" }, { "vulnerability": "VCID-c8xz-v6h3-6ueb" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-e6gj-fe31-kkh5" }, { "vulnerability": "VCID-e7u5-356v-jbg7" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-nenk-4cgd-fugv" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-vkvx-gxbu-3uau" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-zstw-3wmu-u3c8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4" } ], "aliases": [ "CVE-2021-44533" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ms5y-gp7v-2qay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55688?format=api", "vulnerability_id": "VCID-n66u-b73u-zucb", "summary": "golang.org/x/net/http vulnerable to a reset flood\nSome HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. Servers that accept direct connections from untrusted clients could be remotely made to allocate an unlimited amount of memory, until the program crashes. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.\n\n### Specific Go Packages Affected\ngolang.org/x/net/http2", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2594", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2594" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2661", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2661" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2682", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2682" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2690", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2690" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2726", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2726" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2766", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2766" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2769", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2769" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2796", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2796" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2861", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2925", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2925" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2939", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2939" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2955", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2955" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2966", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2966" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3131", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3131" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3245", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3245" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3265", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3265" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3892", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3892" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3906", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3906" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4018", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:4018" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4019", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:4019" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4020", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:4020" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4021", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:4021" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4040", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:4040" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4041", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:4041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4042", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:4042" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4045", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:4045" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4269", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:4269" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4273", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:4273" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4352", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:4352" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0406", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2020:0406" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0727", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2020:0727" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9514.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9514.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9514", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09483", "scoring_system": "epss", "scoring_elements": "0.92836", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.09483", "scoring_system": "epss", "scoring_elements": "0.92799", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.09483", "scoring_system": "epss", "scoring_elements": "0.92806", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.09483", "scoring_system": "epss", "scoring_elements": "0.9281", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.09483", "scoring_system": "epss", "scoring_elements": "0.92809", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.09483", "scoring_system": "epss", "scoring_elements": "0.92818", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.09483", "scoring_system": "epss", "scoring_elements": "0.92822", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.09483", "scoring_system": "epss", "scoring_elements": "0.92826", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.09483", "scoring_system": "epss", "scoring_elements": "0.92825", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9514" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10079", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10079" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14809" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9515", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9515" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9518", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9518" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/Aug/16", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2019/Aug/16" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md" }, { "reference_url": "https://go.dev/cl/190137", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://go.dev/cl/190137" }, { "reference_url": "https://go.dev/issue/33606", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://go.dev/issue/33606" }, { "reference_url": "https://go.googlesource.com/go/+/145e193131eb486077b66009beb051aba07c52a5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://go.googlesource.com/go/+/145e193131eb486077b66009beb051aba07c52a5" }, { "reference_url": "https://groups.google.com/g/golang-announce/c/65QixT3tcmg/m/DrFiG6vvCwAJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/golang-announce/c/65QixT3tcmg/m/DrFiG6vvCwAJ" }, { "reference_url": "https://kb.cert.org/vuls/id/605641", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://kb.cert.org/vuls/id/605641" }, { "reference_url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10296", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10296" }, { "reference_url": "https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04@%3Cusers.trafficserver.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04@%3Cusers.trafficserver.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19@%3Cannounce.trafficserver.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19@%3Cannounce.trafficserver.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7@%3Cdev.trafficserver.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7@%3Cdev.trafficserver.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9514", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9514" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2022-0536", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://pkg.go.dev/vuln/GO-2022-0536" }, { "reference_url": "https://seclists.org/bugtraq/2019/Aug/24", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Aug/24" }, { "reference_url": "https://seclists.org/bugtraq/2019/Aug/31", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Aug/31" }, { "reference_url": "https://seclists.org/bugtraq/2019/Aug/43", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Aug/43" }, { "reference_url": "https://seclists.org/bugtraq/2019/Sep/18", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Sep/18" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190823-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20190823-0001" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190823-0004", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20190823-0004" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190823-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20190823-0005" }, { "reference_url": "https://support.f5.com/csp/article/K01988340", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://support.f5.com/csp/article/K01988340" }, { "reference_url": "https://support.f5.com/csp/article/K01988340?utm_source=f5support&utm_medium=RSS", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://support.f5.com/csp/article/K01988340?utm_source=f5support&utm_medium=RSS" }, { "reference_url": "https://usn.ubuntu.com/4308-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4308-1" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4503", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4503" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4508", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4508" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4520", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4520" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4669", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2020/dsa-4669" }, { "reference_url": "https://www.synology.com/security/advisory/Synology_SA_19_33", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.synology.com/security/advisory/Synology_SA_19_33" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/08/20/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2019/08/20/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/10/18/8", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2023/10/18/8" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1062667", "reference_id": "1062667", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1062667" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735744", "reference_id": "1735744", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735744" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934885", "reference_id": "934885", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934885" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934886", "reference_id": "934886", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934886" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934887", "reference_id": "934887", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934887" }, { "reference_url": "https://security.archlinux.org/ASA-201908-15", "reference_id": "ASA-201908-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201908-15" }, { "reference_url": "https://security.archlinux.org/AVG-1021", "reference_id": "AVG-1021", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1021" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2817", "reference_id": "RHSA-2019:2817", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2817" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0922", "reference_id": "RHSA-2020:0922", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0922" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0983", "reference_id": "RHSA-2020:0983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1445", "reference_id": "RHSA-2020:1445", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1445" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2067", "reference_id": "RHSA-2020:2067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2067" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2565", "reference_id": "RHSA-2020:2565", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2565" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3196", "reference_id": "RHSA-2020:3196", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3196" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3197", "reference_id": "RHSA-2020:3197", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3197" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5856", "reference_id": "RHSA-2024:5856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5856" }, { "reference_url": "https://usn.ubuntu.com/USN-4866-1/", "reference_id": "USN-USN-4866-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4866-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1038014?format=api", "purl": "pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2z1f-7jkw-17av" }, { "vulnerability": "VCID-53xm-8w84-93cx" }, { "vulnerability": "VCID-5cf7-va9h-h3gy" }, { "vulnerability": "VCID-7tpb-9zrz-e7e1" }, { "vulnerability": "VCID-8c4g-fjsa-nkhw" }, { "vulnerability": "VCID-9g7s-y7nq-xfbb" }, { "vulnerability": "VCID-9yq7-aba3-c7c3" }, { "vulnerability": "VCID-b54b-pd2b-bygm" }, { "vulnerability": "VCID-bx67-aud6-b3fa" }, { "vulnerability": "VCID-c8xz-v6h3-6ueb" }, { "vulnerability": "VCID-dfdy-vhdd-5kh4" }, { "vulnerability": "VCID-e18p-c3m9-2qgy" }, { "vulnerability": "VCID-e6gj-fe31-kkh5" }, { "vulnerability": "VCID-e7u5-356v-jbg7" }, { "vulnerability": "VCID-gwyr-ac4e-dqfa" }, { "vulnerability": "VCID-hnjv-fp2r-vqfq" }, { "vulnerability": "VCID-m5ae-uc68-d3g2" }, { "vulnerability": "VCID-m7rw-arzq-jba1" }, { "vulnerability": "VCID-ms5y-gp7v-2qay" }, { "vulnerability": "VCID-n91z-kugd-ebb5" }, { "vulnerability": "VCID-nenk-4cgd-fugv" }, { "vulnerability": "VCID-pqnn-ers1-3fec" }, { "vulnerability": "VCID-q8th-849w-bfhp" }, { "vulnerability": "VCID-tnhd-rr89-9udh" }, { "vulnerability": "VCID-vkvx-gxbu-3uau" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-wzcw-dd7m-zkaz" }, { "vulnerability": "VCID-xnzh-wpd4-63f9" }, { "vulnerability": "VCID-zj4d-e8r7-ufg3" }, { "vulnerability": "VCID-zstw-3wmu-u3c8" }, { "vulnerability": "VCID-ztt4-vnk7-7ycq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1" } ], "aliases": [ "CVE-2019-9514", "GHSA-39qc-96h7-956f" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n66u-b73u-zucb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48670?format=api", "vulnerability_id": "VCID-n91z-kugd-ebb5", "summary": "Multiple vulnerabilities have been found in NodeJS, the worst of\n which could result in the arbitrary execution of code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8201.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8201.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8201", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00632", "scoring_system": "epss", "scoring_elements": "0.70267", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00632", "scoring_system": "epss", "scoring_elements": "0.70279", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00632", "scoring_system": "epss", "scoring_elements": "0.70297", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00632", "scoring_system": "epss", "scoring_elements": "0.70273", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00632", "scoring_system": "epss", "scoring_elements": "0.70319", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00632", "scoring_system": "epss", "scoring_elements": "0.70333", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00632", "scoring_system": "epss", "scoring_elements": "0.70357", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00632", "scoring_system": "epss", "scoring_elements": "0.70342", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00632", "scoring_system": "epss", "scoring_elements": "0.70328", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00632", "scoring_system": "epss", "scoring_elements": "0.70372", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8201" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8201", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8201" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879311", "reference_id": "1879311", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879311" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4272", "reference_id": "RHSA-2020:4272", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4272" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4903", "reference_id": "RHSA-2020:4903", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4903" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5086", "reference_id": "RHSA-2020:5086", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5086" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994760?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-2z1f-7jkw-17av" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-9yq7-aba3-c7c3" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-bx67-aud6-b3fa" }, { "vulnerability": "VCID-c8xz-v6h3-6ueb" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-e6gj-fe31-kkh5" }, { "vulnerability": "VCID-e7u5-356v-jbg7" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-nenk-4cgd-fugv" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-vkvx-gxbu-3uau" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-zstw-3wmu-u3c8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4" } ], "aliases": [ "CVE-2020-8201" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n91z-kugd-ebb5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37580?format=api", "vulnerability_id": "VCID-nenk-4cgd-fugv", "summary": "Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27983.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27983.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-27983", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.75933", "scoring_system": "epss", "scoring_elements": "0.98917", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.75933", "scoring_system": "epss", "scoring_elements": "0.98907", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.75933", "scoring_system": "epss", "scoring_elements": "0.98909", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.75933", "scoring_system": "epss", "scoring_elements": "0.98911", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.75933", "scoring_system": "epss", "scoring_elements": "0.98912", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.75933", "scoring_system": "epss", "scoring_elements": "0.98914", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.75933", "scoring_system": "epss", "scoring_elements": "0.98915", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-27983" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27983", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27983" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068347", "reference_id": "1068347", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068347" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272764", "reference_id": "2272764", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272764" }, { "reference_url": "https://hackerone.com/reports/2319584", "reference_id": "2319584", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-09T19:14:56Z/" } ], "url": "https://hackerone.com/reports/2319584" }, { "reference_url": "https://security.archlinux.org/AVG-2852", "reference_id": "AVG-2852", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2852" }, { "reference_url": "https://security.archlinux.org/AVG-2853", "reference_id": "AVG-2853", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2853" }, { "reference_url": "https://security.gentoo.org/glsa/202505-11", "reference_id": "GLSA-202505-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-11" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDECX4BYZLMM4S4LALN4DPZ2HUTTPLKE/", "reference_id": "JDECX4BYZLMM4S4LALN4DPZ2HUTTPLKE", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-09T19:14:56Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDECX4BYZLMM4S4LALN4DPZ2HUTTPLKE/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240510-0002/", "reference_id": "ntap-20240510-0002", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-09T19:14:56Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240510-0002/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2778", "reference_id": "RHSA-2024:2778", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2778" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2779", "reference_id": "RHSA-2024:2779", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2779" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2780", "reference_id": "RHSA-2024:2780", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2780" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2853", "reference_id": "RHSA-2024:2853", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2853" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2910", "reference_id": "RHSA-2024:2910", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2910" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2937", "reference_id": "RHSA-2024:2937", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2937" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3472", "reference_id": "RHSA-2024:3472", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3472" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3544", "reference_id": "RHSA-2024:3544", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3544" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3545", "reference_id": "RHSA-2024:3545", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3545" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3553", "reference_id": "RHSA-2024:3553", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3553" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4353", "reference_id": "RHSA-2024:4353", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4353" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4824", "reference_id": "RHSA-2024:4824", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4824" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YDVFUH7ACZPYB3BS4SVILNOY7NQU73VW/", "reference_id": "YDVFUH7ACZPYB3BS4SVILNOY7NQU73VW", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-09T19:14:56Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YDVFUH7ACZPYB3BS4SVILNOY7NQU73VW/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994761?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1" } ], "aliases": [ "CVE-2024-27983" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nenk-4cgd-fugv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83609?format=api", "vulnerability_id": "VCID-nkas-113k-wkbu", "summary": "nodejs: HTTP parser allowed for spaces inside Content-Length header values", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7159.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7159.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7159", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0059", "scoring_system": "epss", "scoring_elements": "0.69108", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0059", "scoring_system": "epss", "scoring_elements": "0.69213", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0059", "scoring_system": "epss", "scoring_elements": "0.69217", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0059", "scoring_system": "epss", "scoring_elements": "0.69202", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0059", "scoring_system": "epss", "scoring_elements": "0.69174", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0059", "scoring_system": "epss", "scoring_elements": "0.69124", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0059", "scoring_system": "epss", "scoring_elements": "0.69145", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0059", "scoring_system": "epss", "scoring_elements": "0.69126", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0059", "scoring_system": "epss", "scoring_elements": "0.69176", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0059", "scoring_system": "epss", "scoring_elements": "0.69195", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7159" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7159", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7159" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/" }, { "reference_url": "https://support.f5.com/csp/article/K27228191?utm_source=f5support&%3Butm_medium=RSS", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.f5.com/csp/article/K27228191?utm_source=f5support&%3Butm_medium=RSS" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1561981", "reference_id": "1561981", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1561981" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7159", "reference_id": "CVE-2018-7159", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:P/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7159" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2949", "reference_id": "RHSA-2018:2949", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2949" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2258", "reference_id": "RHSA-2019:2258", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2258" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1038014?format=api", "purl": "pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2z1f-7jkw-17av" }, { "vulnerability": "VCID-53xm-8w84-93cx" }, { "vulnerability": "VCID-5cf7-va9h-h3gy" }, { "vulnerability": "VCID-7tpb-9zrz-e7e1" }, { "vulnerability": "VCID-8c4g-fjsa-nkhw" }, { "vulnerability": "VCID-9g7s-y7nq-xfbb" }, { "vulnerability": "VCID-9yq7-aba3-c7c3" }, { "vulnerability": "VCID-b54b-pd2b-bygm" }, { "vulnerability": "VCID-bx67-aud6-b3fa" }, { "vulnerability": "VCID-c8xz-v6h3-6ueb" }, { "vulnerability": "VCID-dfdy-vhdd-5kh4" }, { "vulnerability": "VCID-e18p-c3m9-2qgy" }, { "vulnerability": "VCID-e6gj-fe31-kkh5" }, { "vulnerability": "VCID-e7u5-356v-jbg7" }, { "vulnerability": "VCID-gwyr-ac4e-dqfa" }, { "vulnerability": "VCID-hnjv-fp2r-vqfq" }, { "vulnerability": "VCID-m5ae-uc68-d3g2" }, { "vulnerability": "VCID-m7rw-arzq-jba1" }, { "vulnerability": "VCID-ms5y-gp7v-2qay" }, { "vulnerability": "VCID-n91z-kugd-ebb5" }, { "vulnerability": "VCID-nenk-4cgd-fugv" }, { "vulnerability": "VCID-pqnn-ers1-3fec" }, { "vulnerability": "VCID-q8th-849w-bfhp" }, { "vulnerability": "VCID-tnhd-rr89-9udh" }, { "vulnerability": "VCID-vkvx-gxbu-3uau" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-wzcw-dd7m-zkaz" }, { "vulnerability": "VCID-xnzh-wpd4-63f9" }, { "vulnerability": "VCID-zj4d-e8r7-ufg3" }, { "vulnerability": "VCID-zstw-3wmu-u3c8" }, { "vulnerability": "VCID-ztt4-vnk7-7ycq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1" } ], "aliases": [ "CVE-2018-7159" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nkas-113k-wkbu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62472?format=api", "vulnerability_id": "VCID-pqnn-ers1-3fec", "summary": "Multiple vulnerabilities have been discovered in Node.js.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22884.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22884.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22884", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.5038", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50512", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50484", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50469", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50436", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50465", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50419", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50472", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50507", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22884" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22883", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22883" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22884", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22884" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932024", "reference_id": "1932024", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932024" }, { "reference_url": "https://security.archlinux.org/AVG-1604", "reference_id": "AVG-1604", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1604" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0734", "reference_id": "RHSA-2021:0734", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0734" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0735", "reference_id": "RHSA-2021:0735", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0735" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0738", "reference_id": "RHSA-2021:0738", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0738" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0739", "reference_id": "RHSA-2021:0739", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0739" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0740", "reference_id": "RHSA-2021:0740", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0740" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0741", "reference_id": "RHSA-2021:0741", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0741" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0744", "reference_id": "RHSA-2021:0744", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0744" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0827", "reference_id": "RHSA-2021:0827", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0827" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0830", "reference_id": "RHSA-2021:0830", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0830" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0831", "reference_id": "RHSA-2021:0831", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0831" }, { "reference_url": "https://usn.ubuntu.com/6418-1/", "reference_id": "USN-6418-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6418-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1038014?format=api", "purl": "pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2z1f-7jkw-17av" }, { "vulnerability": "VCID-53xm-8w84-93cx" }, { "vulnerability": "VCID-5cf7-va9h-h3gy" }, { "vulnerability": "VCID-7tpb-9zrz-e7e1" }, { "vulnerability": "VCID-8c4g-fjsa-nkhw" }, { "vulnerability": "VCID-9g7s-y7nq-xfbb" }, { "vulnerability": "VCID-9yq7-aba3-c7c3" }, { "vulnerability": "VCID-b54b-pd2b-bygm" }, { "vulnerability": "VCID-bx67-aud6-b3fa" }, { "vulnerability": "VCID-c8xz-v6h3-6ueb" }, { "vulnerability": "VCID-dfdy-vhdd-5kh4" }, { "vulnerability": "VCID-e18p-c3m9-2qgy" }, { "vulnerability": "VCID-e6gj-fe31-kkh5" }, { "vulnerability": "VCID-e7u5-356v-jbg7" }, { "vulnerability": "VCID-gwyr-ac4e-dqfa" }, { "vulnerability": "VCID-hnjv-fp2r-vqfq" }, { "vulnerability": "VCID-m5ae-uc68-d3g2" }, { "vulnerability": "VCID-m7rw-arzq-jba1" }, { "vulnerability": "VCID-ms5y-gp7v-2qay" }, { "vulnerability": "VCID-n91z-kugd-ebb5" }, { "vulnerability": "VCID-nenk-4cgd-fugv" }, { "vulnerability": "VCID-pqnn-ers1-3fec" }, { "vulnerability": "VCID-q8th-849w-bfhp" }, { "vulnerability": "VCID-tnhd-rr89-9udh" }, { "vulnerability": "VCID-vkvx-gxbu-3uau" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-wzcw-dd7m-zkaz" }, { "vulnerability": "VCID-xnzh-wpd4-63f9" }, { "vulnerability": "VCID-zj4d-e8r7-ufg3" }, { "vulnerability": "VCID-zstw-3wmu-u3c8" }, { "vulnerability": "VCID-ztt4-vnk7-7ycq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/994760?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-2z1f-7jkw-17av" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-9yq7-aba3-c7c3" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-bx67-aud6-b3fa" }, { "vulnerability": "VCID-c8xz-v6h3-6ueb" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-e6gj-fe31-kkh5" }, { "vulnerability": "VCID-e7u5-356v-jbg7" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-nenk-4cgd-fugv" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-vkvx-gxbu-3uau" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-zstw-3wmu-u3c8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4" } ], "aliases": [ "CVE-2021-22884" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pqnn-ers1-3fec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62471?format=api", "vulnerability_id": "VCID-q8th-849w-bfhp", "summary": "Multiple vulnerabilities have been discovered in Node.js.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22883.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22883.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22883", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.89427", "scoring_system": "epss", "scoring_elements": "0.99544", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.89427", "scoring_system": "epss", "scoring_elements": "0.9955", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.89427", "scoring_system": "epss", "scoring_elements": "0.99547", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.89427", "scoring_system": "epss", "scoring_elements": "0.99548", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.89427", "scoring_system": "epss", "scoring_elements": "0.99545", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.89427", "scoring_system": "epss", "scoring_elements": "0.99546", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22883" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22883", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22883" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22884", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22884" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932014", "reference_id": "1932014", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932014" }, { "reference_url": "https://security.archlinux.org/AVG-1604", "reference_id": "AVG-1604", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1604" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0734", "reference_id": "RHSA-2021:0734", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0734" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0735", "reference_id": "RHSA-2021:0735", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0735" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0738", "reference_id": "RHSA-2021:0738", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0738" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0739", "reference_id": "RHSA-2021:0739", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0739" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0740", "reference_id": "RHSA-2021:0740", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0740" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0741", "reference_id": "RHSA-2021:0741", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0741" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0744", "reference_id": "RHSA-2021:0744", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0744" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0827", "reference_id": "RHSA-2021:0827", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0827" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0830", "reference_id": "RHSA-2021:0830", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0830" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0831", "reference_id": "RHSA-2021:0831", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0831" }, { "reference_url": "https://usn.ubuntu.com/6418-1/", "reference_id": "USN-6418-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6418-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1038014?format=api", "purl": "pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2z1f-7jkw-17av" }, { "vulnerability": "VCID-53xm-8w84-93cx" }, { "vulnerability": "VCID-5cf7-va9h-h3gy" }, { "vulnerability": "VCID-7tpb-9zrz-e7e1" }, { "vulnerability": "VCID-8c4g-fjsa-nkhw" }, { "vulnerability": "VCID-9g7s-y7nq-xfbb" }, { "vulnerability": "VCID-9yq7-aba3-c7c3" }, { "vulnerability": "VCID-b54b-pd2b-bygm" }, { "vulnerability": "VCID-bx67-aud6-b3fa" }, { "vulnerability": "VCID-c8xz-v6h3-6ueb" }, { "vulnerability": "VCID-dfdy-vhdd-5kh4" }, { "vulnerability": "VCID-e18p-c3m9-2qgy" }, { "vulnerability": "VCID-e6gj-fe31-kkh5" }, { "vulnerability": "VCID-e7u5-356v-jbg7" }, { "vulnerability": "VCID-gwyr-ac4e-dqfa" }, { "vulnerability": "VCID-hnjv-fp2r-vqfq" }, { "vulnerability": "VCID-m5ae-uc68-d3g2" }, { "vulnerability": "VCID-m7rw-arzq-jba1" }, { "vulnerability": "VCID-ms5y-gp7v-2qay" }, { "vulnerability": "VCID-n91z-kugd-ebb5" }, { "vulnerability": "VCID-nenk-4cgd-fugv" }, { "vulnerability": "VCID-pqnn-ers1-3fec" }, { "vulnerability": "VCID-q8th-849w-bfhp" }, { "vulnerability": "VCID-tnhd-rr89-9udh" }, { "vulnerability": "VCID-vkvx-gxbu-3uau" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-wzcw-dd7m-zkaz" }, { "vulnerability": "VCID-xnzh-wpd4-63f9" }, { "vulnerability": "VCID-zj4d-e8r7-ufg3" }, { "vulnerability": "VCID-zstw-3wmu-u3c8" }, { "vulnerability": "VCID-ztt4-vnk7-7ycq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/994760?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-2z1f-7jkw-17av" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-9yq7-aba3-c7c3" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-bx67-aud6-b3fa" }, { "vulnerability": "VCID-c8xz-v6h3-6ueb" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-e6gj-fe31-kkh5" }, { "vulnerability": "VCID-e7u5-356v-jbg7" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-nenk-4cgd-fugv" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-vkvx-gxbu-3uau" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-zstw-3wmu-u3c8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4" } ], "aliases": [ "CVE-2021-22883" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q8th-849w-bfhp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57386?format=api", "vulnerability_id": "VCID-r8jj-tkxd-5qg8", "summary": "Multiple vulnerabilities have been found in Node.js, worst of which\n could allow remote attackers to write arbitrary files.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7162.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7162.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7162", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01017", "scoring_system": "epss", "scoring_elements": "0.77114", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01017", "scoring_system": "epss", "scoring_elements": "0.77215", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01017", "scoring_system": "epss", "scoring_elements": "0.77179", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01017", "scoring_system": "epss", "scoring_elements": "0.77175", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01017", "scoring_system": "epss", "scoring_elements": "0.7712", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01017", "scoring_system": "epss", "scoring_elements": "0.77149", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01017", "scoring_system": "epss", "scoring_elements": "0.77131", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01017", "scoring_system": "epss", "scoring_elements": "0.77164", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01017", "scoring_system": "epss", "scoring_elements": "0.77173", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01017", "scoring_system": "epss", "scoring_elements": "0.772", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7162" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7162", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7162" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/" }, { "reference_url": "https://security.gentoo.org/glsa/202003-48", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-48" }, { "reference_url": "http://www.securityfocus.com/bid/104468", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/104468" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591018", "reference_id": "1591018", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591018" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7162", "reference_id": "CVE-2018-7162", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:C" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7162" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1038014?format=api", "purl": "pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2z1f-7jkw-17av" }, { "vulnerability": "VCID-53xm-8w84-93cx" }, { "vulnerability": "VCID-5cf7-va9h-h3gy" }, { "vulnerability": "VCID-7tpb-9zrz-e7e1" }, { "vulnerability": "VCID-8c4g-fjsa-nkhw" }, { "vulnerability": "VCID-9g7s-y7nq-xfbb" }, { "vulnerability": "VCID-9yq7-aba3-c7c3" }, { "vulnerability": "VCID-b54b-pd2b-bygm" }, { "vulnerability": "VCID-bx67-aud6-b3fa" }, { "vulnerability": "VCID-c8xz-v6h3-6ueb" }, { "vulnerability": "VCID-dfdy-vhdd-5kh4" }, { "vulnerability": "VCID-e18p-c3m9-2qgy" }, { "vulnerability": "VCID-e6gj-fe31-kkh5" }, { "vulnerability": "VCID-e7u5-356v-jbg7" }, { "vulnerability": "VCID-gwyr-ac4e-dqfa" }, { "vulnerability": "VCID-hnjv-fp2r-vqfq" }, { "vulnerability": "VCID-m5ae-uc68-d3g2" }, { "vulnerability": "VCID-m7rw-arzq-jba1" }, { "vulnerability": "VCID-ms5y-gp7v-2qay" }, { "vulnerability": "VCID-n91z-kugd-ebb5" }, { "vulnerability": "VCID-nenk-4cgd-fugv" }, { "vulnerability": "VCID-pqnn-ers1-3fec" }, { "vulnerability": "VCID-q8th-849w-bfhp" }, { "vulnerability": "VCID-tnhd-rr89-9udh" }, { "vulnerability": "VCID-vkvx-gxbu-3uau" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-wzcw-dd7m-zkaz" }, { "vulnerability": "VCID-xnzh-wpd4-63f9" }, { "vulnerability": "VCID-zj4d-e8r7-ufg3" }, { "vulnerability": "VCID-zstw-3wmu-u3c8" }, { "vulnerability": "VCID-ztt4-vnk7-7ycq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1" } ], "aliases": [ "CVE-2018-7162" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r8jj-tkxd-5qg8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57388?format=api", "vulnerability_id": "VCID-rhxy-h93e-y3d4", "summary": "Multiple vulnerabilities have been found in Node.js, worst of which\n could allow remote attackers to write arbitrary files.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7167.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7167.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7167", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00756", "scoring_system": "epss", "scoring_elements": "0.73298", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00756", "scoring_system": "epss", "scoring_elements": "0.73283", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00756", "scoring_system": "epss", "scoring_elements": "0.73262", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00756", "scoring_system": "epss", "scoring_elements": "0.73255", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00815", "scoring_system": "epss", "scoring_elements": "0.74244", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00815", "scoring_system": "epss", "scoring_elements": "0.74271", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00815", "scoring_system": "epss", "scoring_elements": "0.74277", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00815", "scoring_system": "epss", "scoring_elements": "0.74292", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00815", "scoring_system": "epss", "scoring_elements": "0.74239", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7167" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7167", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7167" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/" }, { "reference_url": "https://security.gentoo.org/glsa/202003-48", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-48" }, { "reference_url": "http://www.securityfocus.com/bid/106363", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/106363" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591006", "reference_id": "1591006", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591006" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7167", "reference_id": "CVE-2018-7167", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7167" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2949", "reference_id": "RHSA-2018:2949", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2949" }, { "reference_url": "https://usn.ubuntu.com/USN-4796-1/", "reference_id": "USN-USN-4796-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4796-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1038014?format=api", "purl": "pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2z1f-7jkw-17av" }, { "vulnerability": "VCID-53xm-8w84-93cx" }, { "vulnerability": "VCID-5cf7-va9h-h3gy" }, { "vulnerability": "VCID-7tpb-9zrz-e7e1" }, { "vulnerability": "VCID-8c4g-fjsa-nkhw" }, { "vulnerability": "VCID-9g7s-y7nq-xfbb" }, { "vulnerability": "VCID-9yq7-aba3-c7c3" }, { "vulnerability": "VCID-b54b-pd2b-bygm" }, { "vulnerability": "VCID-bx67-aud6-b3fa" }, { "vulnerability": "VCID-c8xz-v6h3-6ueb" }, { "vulnerability": "VCID-dfdy-vhdd-5kh4" }, { "vulnerability": "VCID-e18p-c3m9-2qgy" }, { "vulnerability": "VCID-e6gj-fe31-kkh5" }, { "vulnerability": "VCID-e7u5-356v-jbg7" }, { "vulnerability": "VCID-gwyr-ac4e-dqfa" }, { "vulnerability": "VCID-hnjv-fp2r-vqfq" }, { "vulnerability": "VCID-m5ae-uc68-d3g2" }, { "vulnerability": "VCID-m7rw-arzq-jba1" }, { "vulnerability": "VCID-ms5y-gp7v-2qay" }, { "vulnerability": "VCID-n91z-kugd-ebb5" }, { "vulnerability": "VCID-nenk-4cgd-fugv" }, { "vulnerability": "VCID-pqnn-ers1-3fec" }, { "vulnerability": "VCID-q8th-849w-bfhp" }, { "vulnerability": "VCID-tnhd-rr89-9udh" }, { "vulnerability": "VCID-vkvx-gxbu-3uau" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-wzcw-dd7m-zkaz" }, { "vulnerability": "VCID-xnzh-wpd4-63f9" }, { "vulnerability": "VCID-zj4d-e8r7-ufg3" }, { "vulnerability": "VCID-zstw-3wmu-u3c8" }, { "vulnerability": "VCID-ztt4-vnk7-7ycq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1" } ], "aliases": [ "CVE-2018-7167" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rhxy-h93e-y3d4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11473?format=api", "vulnerability_id": "VCID-tnhd-rr89-9udh", "summary": "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')\nThe parse function in llhttp ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22960.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22960.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22960", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.45642", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.45779", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.45751", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.45721", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.45709", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.45729", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.45677", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.45733", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22960" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/1238099", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1238099" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2014059", "reference_id": "2014059", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2014059" }, { "reference_url": "https://security.archlinux.org/ASA-202110-4", "reference_id": "ASA-202110-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202110-4" }, { "reference_url": "https://security.archlinux.org/AVG-2460", "reference_id": "AVG-2460", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2460" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22960", "reference_id": "CVE-2021-22960", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22960" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5171", "reference_id": "RHSA-2021:5171", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5171" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0041", "reference_id": "RHSA-2022:0041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0246", "reference_id": "RHSA-2022:0246", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0246" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0350", "reference_id": "RHSA-2022:0350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:4914", "reference_id": "RHSA-2022:4914", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:4914" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994760?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-2z1f-7jkw-17av" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-9yq7-aba3-c7c3" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-bx67-aud6-b3fa" }, { "vulnerability": "VCID-c8xz-v6h3-6ueb" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-e6gj-fe31-kkh5" }, { "vulnerability": "VCID-e7u5-356v-jbg7" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-nenk-4cgd-fugv" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-vkvx-gxbu-3uau" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-zstw-3wmu-u3c8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4" } ], "aliases": [ "CVE-2021-22960" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tnhd-rr89-9udh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57380?format=api", "vulnerability_id": "VCID-tqg7-dw5d-z3et", "summary": "Multiple vulnerabilities have been found in Node.js, worst of which\n could allow remote attackers to write arbitrary files.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12115.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12115.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12115", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00797", "scoring_system": "epss", "scoring_elements": "0.73956", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00797", "scoring_system": "epss", "scoring_elements": "0.73963", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00797", "scoring_system": "epss", "scoring_elements": "0.73988", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00797", "scoring_system": "epss", "scoring_elements": "0.73959", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00797", "scoring_system": "epss", "scoring_elements": "0.73993", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00797", "scoring_system": "epss", "scoring_elements": "0.74007", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00797", "scoring_system": "epss", "scoring_elements": "0.74029", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00797", "scoring_system": "epss", "scoring_elements": "0.74011", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00797", "scoring_system": "epss", "scoring_elements": "0.74004", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00797", "scoring_system": "epss", "scoring_elements": "0.74043", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12115" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12115", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12115" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1620219", "reference_id": "1620219", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1620219" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2552", "reference_id": "RHSA-2018:2552", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2552" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2553", "reference_id": "RHSA-2018:2553", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2553" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2944", "reference_id": "RHSA-2018:2944", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2944" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2949", "reference_id": "RHSA-2018:2949", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2949" }, { "reference_url": "https://usn.ubuntu.com/USN-4796-1/", "reference_id": "USN-USN-4796-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4796-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1038014?format=api", "purl": "pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2z1f-7jkw-17av" }, { "vulnerability": "VCID-53xm-8w84-93cx" }, { "vulnerability": "VCID-5cf7-va9h-h3gy" }, { "vulnerability": "VCID-7tpb-9zrz-e7e1" }, { "vulnerability": "VCID-8c4g-fjsa-nkhw" }, { "vulnerability": "VCID-9g7s-y7nq-xfbb" }, { "vulnerability": "VCID-9yq7-aba3-c7c3" }, { "vulnerability": "VCID-b54b-pd2b-bygm" }, { "vulnerability": "VCID-bx67-aud6-b3fa" }, { "vulnerability": "VCID-c8xz-v6h3-6ueb" }, { "vulnerability": "VCID-dfdy-vhdd-5kh4" }, { "vulnerability": "VCID-e18p-c3m9-2qgy" }, { "vulnerability": "VCID-e6gj-fe31-kkh5" }, { "vulnerability": "VCID-e7u5-356v-jbg7" }, { "vulnerability": "VCID-gwyr-ac4e-dqfa" }, { "vulnerability": "VCID-hnjv-fp2r-vqfq" }, { "vulnerability": "VCID-m5ae-uc68-d3g2" }, { "vulnerability": "VCID-m7rw-arzq-jba1" }, { "vulnerability": "VCID-ms5y-gp7v-2qay" }, { "vulnerability": "VCID-n91z-kugd-ebb5" }, { "vulnerability": "VCID-nenk-4cgd-fugv" }, { "vulnerability": "VCID-pqnn-ers1-3fec" }, { "vulnerability": "VCID-q8th-849w-bfhp" }, { "vulnerability": "VCID-tnhd-rr89-9udh" }, { "vulnerability": "VCID-vkvx-gxbu-3uau" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-wzcw-dd7m-zkaz" }, { "vulnerability": "VCID-xnzh-wpd4-63f9" }, { "vulnerability": "VCID-zj4d-e8r7-ufg3" }, { "vulnerability": "VCID-zstw-3wmu-u3c8" }, { "vulnerability": "VCID-ztt4-vnk7-7ycq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1" } ], "aliases": [ "CVE-2018-12115" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tqg7-dw5d-z3et" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14481?format=api", "vulnerability_id": "VCID-u8pe-48f4-abc9", "summary": "Authentication Bypass by Spoofing\nThe Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7160.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7160.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7160", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01501", "scoring_system": "epss", "scoring_elements": "0.81177", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01501", "scoring_system": "epss", "scoring_elements": "0.81075", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01501", "scoring_system": "epss", "scoring_elements": "0.81084", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01501", "scoring_system": "epss", "scoring_elements": "0.81109", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01501", "scoring_system": "epss", "scoring_elements": "0.81108", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01501", "scoring_system": "epss", "scoring_elements": "0.81136", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01501", "scoring_system": "epss", "scoring_elements": "0.81142", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01501", "scoring_system": "epss", "scoring_elements": "0.8116", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01501", "scoring_system": "epss", "scoring_elements": "0.81147", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01501", "scoring_system": "epss", "scoring_elements": "0.8114", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7160" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7160", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7160" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/nodejs/node/commit/e3950d1a402b80e4098a40aacddd6a104da0cfa9", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/nodejs/node/commit/e3950d1a402b80e4098a40aacddd6a104da0cfa9" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/" }, { "reference_url": "https://support.f5.com/csp/article/K63025104?utm_source=f5support&%3Butm_medium=RSS", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.f5.com/csp/article/K63025104?utm_source=f5support&%3Butm_medium=RSS" }, { "reference_url": "https://support.f5.com/csp/article/K63025104?utm_source=f5support&utm_medium=RSS", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://support.f5.com/csp/article/K63025104?utm_source=f5support&utm_medium=RSS" }, { "reference_url": "https://www.oracle.com//security-alerts/cpujul2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1561979", "reference_id": "1561979", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1561979" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7160", "reference_id": "CVE-2018-7160", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7160" }, { "reference_url": "https://github.com/advisories/GHSA-wq4c-wm6x-jw44", "reference_id": "GHSA-wq4c-wm6x-jw44", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wq4c-wm6x-jw44" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2949", "reference_id": "RHSA-2018:2949", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2949" }, { "reference_url": "https://usn.ubuntu.com/USN-4796-1/", "reference_id": "USN-USN-4796-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4796-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1038014?format=api", "purl": "pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2z1f-7jkw-17av" }, { "vulnerability": "VCID-53xm-8w84-93cx" }, { "vulnerability": "VCID-5cf7-va9h-h3gy" }, { "vulnerability": "VCID-7tpb-9zrz-e7e1" }, { "vulnerability": "VCID-8c4g-fjsa-nkhw" }, { "vulnerability": "VCID-9g7s-y7nq-xfbb" }, { "vulnerability": "VCID-9yq7-aba3-c7c3" }, { "vulnerability": "VCID-b54b-pd2b-bygm" }, { "vulnerability": "VCID-bx67-aud6-b3fa" }, { "vulnerability": "VCID-c8xz-v6h3-6ueb" }, { "vulnerability": "VCID-dfdy-vhdd-5kh4" }, { "vulnerability": "VCID-e18p-c3m9-2qgy" }, { "vulnerability": "VCID-e6gj-fe31-kkh5" }, { "vulnerability": "VCID-e7u5-356v-jbg7" }, { "vulnerability": "VCID-gwyr-ac4e-dqfa" }, { "vulnerability": "VCID-hnjv-fp2r-vqfq" }, { "vulnerability": "VCID-m5ae-uc68-d3g2" }, { "vulnerability": "VCID-m7rw-arzq-jba1" }, { "vulnerability": "VCID-ms5y-gp7v-2qay" }, { "vulnerability": "VCID-n91z-kugd-ebb5" }, { "vulnerability": "VCID-nenk-4cgd-fugv" }, { "vulnerability": "VCID-pqnn-ers1-3fec" }, { "vulnerability": "VCID-q8th-849w-bfhp" }, { "vulnerability": "VCID-tnhd-rr89-9udh" }, { "vulnerability": "VCID-vkvx-gxbu-3uau" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-wzcw-dd7m-zkaz" }, { "vulnerability": "VCID-xnzh-wpd4-63f9" }, { "vulnerability": "VCID-zj4d-e8r7-ufg3" }, { "vulnerability": "VCID-zstw-3wmu-u3c8" }, { "vulnerability": "VCID-ztt4-vnk7-7ycq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1" } ], "aliases": [ "CVE-2018-7160", "GHSA-wq4c-wm6x-jw44" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u8pe-48f4-abc9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57392?format=api", "vulnerability_id": "VCID-us11-vy4j-pfd2", "summary": "Multiple vulnerabilities have been found in Node.js, worst of which\n could allow remote attackers to write arbitrary files.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00059.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00059.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1821", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1821" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5737.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5737.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5737", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.26351", "scoring_system": "epss", "scoring_elements": "0.96272", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.26351", "scoring_system": "epss", "scoring_elements": "0.96319", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.26351", "scoring_system": "epss", "scoring_elements": "0.96303", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.26351", "scoring_system": "epss", "scoring_elements": "0.96307", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.26351", "scoring_system": "epss", "scoring_elements": "0.9631", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.26351", "scoring_system": "epss", "scoring_elements": "0.96279", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.26351", "scoring_system": "epss", "scoring_elements": "0.96287", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.26351", "scoring_system": "epss", "scoring_elements": "0.96291", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.26351", "scoring_system": "epss", "scoring_elements": "0.963", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5737" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5737", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5737" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/" }, { "reference_url": "https://security.gentoo.org/glsa/202003-48", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-48" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190502-0008/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20190502-0008/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1690808", "reference_id": "1690808", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1690808" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5737", "reference_id": "CVE-2019-5737", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5737" }, { "reference_url": "https://usn.ubuntu.com/USN-4796-1/", "reference_id": "USN-USN-4796-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4796-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1038014?format=api", "purl": "pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2z1f-7jkw-17av" }, { "vulnerability": "VCID-53xm-8w84-93cx" }, { "vulnerability": "VCID-5cf7-va9h-h3gy" }, { "vulnerability": "VCID-7tpb-9zrz-e7e1" }, { "vulnerability": "VCID-8c4g-fjsa-nkhw" }, { "vulnerability": "VCID-9g7s-y7nq-xfbb" }, { "vulnerability": "VCID-9yq7-aba3-c7c3" }, { "vulnerability": "VCID-b54b-pd2b-bygm" }, { "vulnerability": "VCID-bx67-aud6-b3fa" }, { "vulnerability": "VCID-c8xz-v6h3-6ueb" }, { "vulnerability": "VCID-dfdy-vhdd-5kh4" }, { "vulnerability": "VCID-e18p-c3m9-2qgy" }, { "vulnerability": "VCID-e6gj-fe31-kkh5" }, { "vulnerability": "VCID-e7u5-356v-jbg7" }, { "vulnerability": "VCID-gwyr-ac4e-dqfa" }, { "vulnerability": "VCID-hnjv-fp2r-vqfq" }, { "vulnerability": "VCID-m5ae-uc68-d3g2" }, { "vulnerability": "VCID-m7rw-arzq-jba1" }, { "vulnerability": "VCID-ms5y-gp7v-2qay" }, { "vulnerability": "VCID-n91z-kugd-ebb5" }, { "vulnerability": "VCID-nenk-4cgd-fugv" }, { "vulnerability": "VCID-pqnn-ers1-3fec" }, { "vulnerability": "VCID-q8th-849w-bfhp" }, { "vulnerability": "VCID-tnhd-rr89-9udh" }, { "vulnerability": "VCID-vkvx-gxbu-3uau" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-wzcw-dd7m-zkaz" }, { "vulnerability": "VCID-xnzh-wpd4-63f9" }, { "vulnerability": "VCID-zj4d-e8r7-ufg3" }, { "vulnerability": "VCID-zstw-3wmu-u3c8" }, { "vulnerability": "VCID-ztt4-vnk7-7ycq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1" } ], "aliases": [ "CVE-2019-5737" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-us11-vy4j-pfd2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83608?format=api", "vulnerability_id": "VCID-usab-z8q8-7qd8", "summary": "nodejs: path module regular expression denial of service", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7158.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7158.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7158", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01264", "scoring_system": "epss", "scoring_elements": "0.79394", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01264", "scoring_system": "epss", "scoring_elements": "0.79474", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01264", "scoring_system": "epss", "scoring_elements": "0.7947", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01264", "scoring_system": "epss", "scoring_elements": "0.79454", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01264", "scoring_system": "epss", "scoring_elements": "0.79443", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01264", "scoring_system": "epss", "scoring_elements": "0.79401", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01264", "scoring_system": "epss", "scoring_elements": "0.79424", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01264", "scoring_system": "epss", "scoring_elements": "0.79411", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01264", "scoring_system": "epss", "scoring_elements": "0.79438", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01264", "scoring_system": "epss", "scoring_elements": "0.79447", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7158" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7158", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7158" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1561980", "reference_id": "1561980", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1561980" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7158", "reference_id": "CVE-2018-7158", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7158" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1038014?format=api", "purl": "pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2z1f-7jkw-17av" }, { "vulnerability": "VCID-53xm-8w84-93cx" }, { "vulnerability": "VCID-5cf7-va9h-h3gy" }, { "vulnerability": "VCID-7tpb-9zrz-e7e1" }, { "vulnerability": "VCID-8c4g-fjsa-nkhw" }, { "vulnerability": "VCID-9g7s-y7nq-xfbb" }, { "vulnerability": "VCID-9yq7-aba3-c7c3" }, { "vulnerability": "VCID-b54b-pd2b-bygm" }, { "vulnerability": "VCID-bx67-aud6-b3fa" }, { "vulnerability": "VCID-c8xz-v6h3-6ueb" }, { "vulnerability": "VCID-dfdy-vhdd-5kh4" }, { "vulnerability": "VCID-e18p-c3m9-2qgy" }, { "vulnerability": "VCID-e6gj-fe31-kkh5" }, { "vulnerability": "VCID-e7u5-356v-jbg7" }, { "vulnerability": "VCID-gwyr-ac4e-dqfa" }, { "vulnerability": "VCID-hnjv-fp2r-vqfq" }, { "vulnerability": "VCID-m5ae-uc68-d3g2" }, { "vulnerability": "VCID-m7rw-arzq-jba1" }, { "vulnerability": "VCID-ms5y-gp7v-2qay" }, { "vulnerability": "VCID-n91z-kugd-ebb5" }, { "vulnerability": "VCID-nenk-4cgd-fugv" }, { "vulnerability": "VCID-pqnn-ers1-3fec" }, { "vulnerability": "VCID-q8th-849w-bfhp" }, { "vulnerability": "VCID-tnhd-rr89-9udh" }, { "vulnerability": "VCID-vkvx-gxbu-3uau" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-wzcw-dd7m-zkaz" }, { "vulnerability": "VCID-xnzh-wpd4-63f9" }, { "vulnerability": "VCID-zj4d-e8r7-ufg3" }, { "vulnerability": "VCID-zstw-3wmu-u3c8" }, { "vulnerability": "VCID-ztt4-vnk7-7ycq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1" } ], "aliases": [ "CVE-2018-7158" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-usab-z8q8-7qd8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37562?format=api", "vulnerability_id": "VCID-vkvx-gxbu-3uau", "summary": "Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-22019.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-22019.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22019", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0038", "scoring_system": "epss", "scoring_elements": "0.59524", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0038", "scoring_system": "epss", "scoring_elements": "0.59475", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0038", "scoring_system": "epss", "scoring_elements": "0.59442", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0038", "scoring_system": "epss", "scoring_elements": "0.59493", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0038", "scoring_system": "epss", "scoring_elements": "0.59506", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0038", "scoring_system": "epss", "scoring_elements": "0.59525", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0038", "scoring_system": "epss", "scoring_elements": "0.59509", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0038", "scoring_system": "epss", "scoring_elements": "0.5949", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0038", "scoring_system": "epss", "scoring_elements": "0.5945", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22019" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22019", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22019" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064055", "reference_id": "1064055", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064055" }, { "reference_url": "https://hackerone.com/reports/2233486", "reference_id": "2233486", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T21:15:49Z/" } ], "url": "https://hackerone.com/reports/2233486" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264574", "reference_id": "2264574", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264574" }, { "reference_url": "https://security.gentoo.org/glsa/202505-11", "reference_id": "GLSA-202505-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-11" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240315-0004/", "reference_id": "ntap-20240315-0004", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T21:15:49Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240315-0004/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1354", "reference_id": "RHSA-2024:1354", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1354" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1424", "reference_id": "RHSA-2024:1424", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1424" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1438", "reference_id": "RHSA-2024:1438", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1438" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1444", "reference_id": "RHSA-2024:1444", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1444" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1503", "reference_id": "RHSA-2024:1503", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1503" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1510", "reference_id": "RHSA-2024:1510", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1510" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1678", "reference_id": "RHSA-2024:1678", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1678" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1687", "reference_id": "RHSA-2024:1687", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1687" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1688", "reference_id": "RHSA-2024:1688", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1688" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1880", "reference_id": "RHSA-2024:1880", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1880" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1932", "reference_id": "RHSA-2024:1932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2651", "reference_id": "RHSA-2024:2651", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2651" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2793", "reference_id": "RHSA-2024:2793", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2793" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994761?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1" } ], "aliases": [ "CVE-2024-22019" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vkvx-gxbu-3uau" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31261?format=api", "vulnerability_id": "VCID-wf5t-3pwz-c7d7", "summary": "Multiple vulnerabilities have been discovered in Node.js, the worst of which can lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-23085.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-23085.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-23085", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37451", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.3744", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37452", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37466", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37431", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37404", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38175", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38197", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38068", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-23085" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23085", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23085" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094134", "reference_id": "1094134", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094134" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342618", "reference_id": "2342618", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342618" }, { "reference_url": "https://security.gentoo.org/glsa/202506-08", "reference_id": "GLSA-202506-08", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202506-08" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/january-2025-security-releases", "reference_id": "january-2025-security-releases", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-07T15:50:24Z/" } ], "url": "https://nodejs.org/en/blog/vulnerability/january-2025-security-releases" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1351", "reference_id": "RHSA-2025:1351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1351" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1443", "reference_id": "RHSA-2025:1443", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1443" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1446", "reference_id": "RHSA-2025:1446", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1446" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1582", "reference_id": "RHSA-2025:1582", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1582" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1611", "reference_id": "RHSA-2025:1611", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1611" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1613", "reference_id": "RHSA-2025:1613", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1613" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994761?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/994766?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1" } ], "aliases": [ "CVE-2025-23085" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wf5t-3pwz-c7d7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57391?format=api", "vulnerability_id": "VCID-wpfq-sq11-fqa9", "summary": "Multiple vulnerabilities have been found in Node.js, worst of which\n could allow remote attackers to write arbitrary files.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15606.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15606.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15606", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01338", "scoring_system": "epss", "scoring_elements": "0.79948", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01338", "scoring_system": "epss", "scoring_elements": "0.79955", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01338", "scoring_system": "epss", "scoring_elements": "0.79976", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01338", "scoring_system": "epss", "scoring_elements": "0.79965", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01338", "scoring_system": "epss", "scoring_elements": "0.79993", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01338", "scoring_system": "epss", "scoring_elements": "0.80002", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01338", "scoring_system": "epss", "scoring_elements": "0.80022", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01338", "scoring_system": "epss", "scoring_elements": "0.80006", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01338", "scoring_system": "epss", "scoring_elements": "0.79998", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01338", "scoring_system": "epss", "scoring_elements": "0.80027", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15606" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800366", "reference_id": "1800366", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800366" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0598", "reference_id": "RHSA-2020:0598", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0598" }, { "reference_url": "https://usn.ubuntu.com/6380-1/", "reference_id": "USN-6380-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6380-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1038014?format=api", "purl": "pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2z1f-7jkw-17av" }, { "vulnerability": "VCID-53xm-8w84-93cx" }, { "vulnerability": "VCID-5cf7-va9h-h3gy" }, { "vulnerability": "VCID-7tpb-9zrz-e7e1" }, { "vulnerability": "VCID-8c4g-fjsa-nkhw" }, { "vulnerability": "VCID-9g7s-y7nq-xfbb" }, { "vulnerability": "VCID-9yq7-aba3-c7c3" }, { "vulnerability": "VCID-b54b-pd2b-bygm" }, { "vulnerability": "VCID-bx67-aud6-b3fa" }, { "vulnerability": "VCID-c8xz-v6h3-6ueb" }, { "vulnerability": "VCID-dfdy-vhdd-5kh4" }, { "vulnerability": "VCID-e18p-c3m9-2qgy" }, { "vulnerability": "VCID-e6gj-fe31-kkh5" }, { "vulnerability": "VCID-e7u5-356v-jbg7" }, { "vulnerability": "VCID-gwyr-ac4e-dqfa" }, { "vulnerability": "VCID-hnjv-fp2r-vqfq" }, { "vulnerability": "VCID-m5ae-uc68-d3g2" }, { "vulnerability": "VCID-m7rw-arzq-jba1" }, { "vulnerability": "VCID-ms5y-gp7v-2qay" }, { "vulnerability": "VCID-n91z-kugd-ebb5" }, { "vulnerability": "VCID-nenk-4cgd-fugv" }, { "vulnerability": "VCID-pqnn-ers1-3fec" }, { "vulnerability": "VCID-q8th-849w-bfhp" }, { "vulnerability": "VCID-tnhd-rr89-9udh" }, { "vulnerability": "VCID-vkvx-gxbu-3uau" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-wzcw-dd7m-zkaz" }, { "vulnerability": "VCID-xnzh-wpd4-63f9" }, { "vulnerability": "VCID-zj4d-e8r7-ufg3" }, { "vulnerability": "VCID-zstw-3wmu-u3c8" }, { "vulnerability": "VCID-ztt4-vnk7-7ycq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1" } ], "aliases": [ "CVE-2019-15606" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wpfq-sq11-fqa9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62476?format=api", "vulnerability_id": "VCID-wzcw-dd7m-zkaz", "summary": "Multiple vulnerabilities have been discovered in Node.js.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32215.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32215.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-32215", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.87391", "scoring_system": "epss", "scoring_elements": "0.99459", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.88764", "scoring_system": "epss", "scoring_elements": "0.99508", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.88764", "scoring_system": "epss", "scoring_elements": "0.9951", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.88764", "scoring_system": "epss", "scoring_elements": "0.99511", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.88764", "scoring_system": "epss", "scoring_elements": "0.99512", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.88764", "scoring_system": "epss", "scoring_elements": "0.99513", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-32215" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/1501679", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1501679" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105426", "reference_id": "2105426", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105426" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32215", "reference_id": "CVE-2022-32215", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32215" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6389", "reference_id": "RHSA-2022:6389", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6389" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6448", "reference_id": "RHSA-2022:6448", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6448" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6449", "reference_id": "RHSA-2022:6449", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6449" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6595", "reference_id": "RHSA-2022:6595", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6595" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6985", "reference_id": "RHSA-2022:6985", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6985" }, { "reference_url": "https://usn.ubuntu.com/6491-1/", "reference_id": "USN-6491-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6491-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994760?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-2z1f-7jkw-17av" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-9yq7-aba3-c7c3" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-bx67-aud6-b3fa" }, { "vulnerability": "VCID-c8xz-v6h3-6ueb" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-e6gj-fe31-kkh5" }, { "vulnerability": "VCID-e7u5-356v-jbg7" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-nenk-4cgd-fugv" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-vkvx-gxbu-3uau" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-zstw-3wmu-u3c8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4" } ], "aliases": [ "CVE-2022-32215" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wzcw-dd7m-zkaz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48668?format=api", "vulnerability_id": "VCID-xeay-8ec9-4bdd", "summary": "Multiple vulnerabilities have been found in NodeJS, the worst of\n which could result in the arbitrary execution of code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8174.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8174.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8174", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01491", "scoring_system": "epss", "scoring_elements": "0.80994", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01491", "scoring_system": "epss", "scoring_elements": "0.81003", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01491", "scoring_system": "epss", "scoring_elements": "0.81027", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01491", "scoring_system": "epss", "scoring_elements": "0.81025", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01491", "scoring_system": "epss", "scoring_elements": "0.81053", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01491", "scoring_system": "epss", "scoring_elements": "0.8106", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01491", "scoring_system": "epss", "scoring_elements": "0.81078", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01491", "scoring_system": "epss", "scoring_elements": "0.81064", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01491", "scoring_system": "epss", "scoring_elements": "0.81056", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01491", "scoring_system": "epss", "scoring_elements": "0.81094", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8174" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11080", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11080" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8174", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8174" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1845256", "reference_id": "1845256", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1845256" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962145", "reference_id": "962145", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962145" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2847", "reference_id": "RHSA-2020:2847", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2847" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2848", "reference_id": "RHSA-2020:2848", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2848" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2849", "reference_id": "RHSA-2020:2849", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2849" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2852", "reference_id": "RHSA-2020:2852", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2852" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2895", "reference_id": "RHSA-2020:2895", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2895" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3042", "reference_id": "RHSA-2020:3042", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3042" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3084", "reference_id": "RHSA-2020:3084", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3084" }, { "reference_url": "https://usn.ubuntu.com/6380-1/", "reference_id": "USN-6380-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6380-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1038014?format=api", "purl": "pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2z1f-7jkw-17av" }, { "vulnerability": "VCID-53xm-8w84-93cx" }, { "vulnerability": "VCID-5cf7-va9h-h3gy" }, { "vulnerability": "VCID-7tpb-9zrz-e7e1" }, { "vulnerability": "VCID-8c4g-fjsa-nkhw" }, { "vulnerability": "VCID-9g7s-y7nq-xfbb" }, { "vulnerability": "VCID-9yq7-aba3-c7c3" }, { "vulnerability": "VCID-b54b-pd2b-bygm" }, { "vulnerability": "VCID-bx67-aud6-b3fa" }, { "vulnerability": "VCID-c8xz-v6h3-6ueb" }, { "vulnerability": "VCID-dfdy-vhdd-5kh4" }, { "vulnerability": "VCID-e18p-c3m9-2qgy" }, { "vulnerability": "VCID-e6gj-fe31-kkh5" }, { "vulnerability": "VCID-e7u5-356v-jbg7" }, { "vulnerability": "VCID-gwyr-ac4e-dqfa" }, { "vulnerability": "VCID-hnjv-fp2r-vqfq" }, { "vulnerability": "VCID-m5ae-uc68-d3g2" }, { "vulnerability": "VCID-m7rw-arzq-jba1" }, { "vulnerability": "VCID-ms5y-gp7v-2qay" }, { "vulnerability": "VCID-n91z-kugd-ebb5" }, { "vulnerability": "VCID-nenk-4cgd-fugv" }, { "vulnerability": "VCID-pqnn-ers1-3fec" }, { "vulnerability": "VCID-q8th-849w-bfhp" }, { "vulnerability": "VCID-tnhd-rr89-9udh" }, { "vulnerability": "VCID-vkvx-gxbu-3uau" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-wzcw-dd7m-zkaz" }, { "vulnerability": "VCID-xnzh-wpd4-63f9" }, { "vulnerability": "VCID-zj4d-e8r7-ufg3" }, { "vulnerability": "VCID-zstw-3wmu-u3c8" }, { "vulnerability": "VCID-ztt4-vnk7-7ycq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1" } ], "aliases": [ "CVE-2020-8174" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xeay-8ec9-4bdd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62478?format=api", "vulnerability_id": "VCID-xnzh-wpd4-63f9", "summary": "Multiple vulnerabilities have been discovered in Node.js.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35255.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35255.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35255", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01191", "scoring_system": "epss", "scoring_elements": "0.78851", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01191", "scoring_system": "epss", "scoring_elements": "0.78841", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01191", "scoring_system": "epss", "scoring_elements": "0.78829", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01191", "scoring_system": "epss", "scoring_elements": "0.78812", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01191", "scoring_system": "epss", "scoring_elements": "0.78838", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01191", "scoring_system": "epss", "scoring_elements": "0.78844", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01191", "scoring_system": "epss", "scoring_elements": "0.78868", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01191", "scoring_system": "epss", "scoring_elements": "0.788", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01191", "scoring_system": "epss", "scoring_elements": "0.78869", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35255" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/1690000", "reference_id": "1690000", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-24T13:23:49Z/" } ], "url": "https://hackerone.com/reports/1690000" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130517", "reference_id": "2130517", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130517" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230113-0002/", "reference_id": "ntap-20230113-0002", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-24T13:23:49Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230113-0002/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6963", "reference_id": "RHSA-2022:6963", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6963" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6964", "reference_id": "RHSA-2022:6964", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6964" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7821", "reference_id": "RHSA-2022:7821", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7821" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994760?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-2z1f-7jkw-17av" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-9yq7-aba3-c7c3" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-bx67-aud6-b3fa" }, { "vulnerability": "VCID-c8xz-v6h3-6ueb" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-e6gj-fe31-kkh5" }, { "vulnerability": "VCID-e7u5-356v-jbg7" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-nenk-4cgd-fugv" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-vkvx-gxbu-3uau" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-zstw-3wmu-u3c8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4" } ], "aliases": [ "CVE-2022-35255" ], "risk_score": 4.1, "exploitability": "0.5", "weighted_severity": "8.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xnzh-wpd4-63f9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48673?format=api", "vulnerability_id": "VCID-zj4d-e8r7-ufg3", "summary": "Multiple vulnerabilities have been found in NodeJS, the worst of\n which could result in the arbitrary execution of code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8287.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8287.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8287", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11865", "scoring_system": "epss", "scoring_elements": "0.93694", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.11865", "scoring_system": "epss", "scoring_elements": "0.9375", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.11865", "scoring_system": "epss", "scoring_elements": "0.93727", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.11865", "scoring_system": "epss", "scoring_elements": "0.93732", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.11865", "scoring_system": "epss", "scoring_elements": "0.93704", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.11865", "scoring_system": "epss", "scoring_elements": "0.93714", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.11865", "scoring_system": "epss", "scoring_elements": "0.93717", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.11865", "scoring_system": "epss", "scoring_elements": "0.93726", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8287" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8265", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8265" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8287", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8287" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016690", "reference_id": "1016690", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016690" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1912863", "reference_id": "1912863", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1912863" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979364", "reference_id": "979364", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979364" }, { "reference_url": "https://security.archlinux.org/ASA-202101-16", "reference_id": "ASA-202101-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202101-16" }, { "reference_url": "https://security.archlinux.org/AVG-1400", "reference_id": "AVG-1400", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1400" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0421", "reference_id": "RHSA-2021:0421", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0421" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0485", "reference_id": "RHSA-2021:0485", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0485" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0521", "reference_id": "RHSA-2021:0521", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0521" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0548", "reference_id": "RHSA-2021:0548", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0548" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0549", "reference_id": "RHSA-2021:0549", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0549" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0551", "reference_id": "RHSA-2021:0551", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0551" }, { "reference_url": "https://usn.ubuntu.com/5563-1/", "reference_id": "USN-5563-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5563-1/" }, { "reference_url": "https://usn.ubuntu.com/6380-1/", "reference_id": "USN-6380-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6380-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1038014?format=api", "purl": "pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2z1f-7jkw-17av" }, { "vulnerability": "VCID-53xm-8w84-93cx" }, { "vulnerability": "VCID-5cf7-va9h-h3gy" }, { "vulnerability": "VCID-7tpb-9zrz-e7e1" }, { "vulnerability": "VCID-8c4g-fjsa-nkhw" }, { "vulnerability": "VCID-9g7s-y7nq-xfbb" }, { "vulnerability": "VCID-9yq7-aba3-c7c3" }, { "vulnerability": "VCID-b54b-pd2b-bygm" }, { "vulnerability": "VCID-bx67-aud6-b3fa" }, { "vulnerability": "VCID-c8xz-v6h3-6ueb" }, { "vulnerability": "VCID-dfdy-vhdd-5kh4" }, { "vulnerability": "VCID-e18p-c3m9-2qgy" }, { "vulnerability": "VCID-e6gj-fe31-kkh5" }, { "vulnerability": "VCID-e7u5-356v-jbg7" }, { "vulnerability": "VCID-gwyr-ac4e-dqfa" }, { "vulnerability": "VCID-hnjv-fp2r-vqfq" }, { "vulnerability": "VCID-m5ae-uc68-d3g2" }, { "vulnerability": "VCID-m7rw-arzq-jba1" }, { "vulnerability": "VCID-ms5y-gp7v-2qay" }, { "vulnerability": "VCID-n91z-kugd-ebb5" }, { "vulnerability": "VCID-nenk-4cgd-fugv" }, { "vulnerability": "VCID-pqnn-ers1-3fec" }, { "vulnerability": "VCID-q8th-849w-bfhp" }, { "vulnerability": "VCID-tnhd-rr89-9udh" }, { "vulnerability": "VCID-vkvx-gxbu-3uau" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-wzcw-dd7m-zkaz" }, { "vulnerability": "VCID-xnzh-wpd4-63f9" }, { "vulnerability": "VCID-zj4d-e8r7-ufg3" }, { "vulnerability": "VCID-zstw-3wmu-u3c8" }, { "vulnerability": "VCID-ztt4-vnk7-7ycq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/994760?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-2z1f-7jkw-17av" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-9yq7-aba3-c7c3" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-bx67-aud6-b3fa" }, { "vulnerability": "VCID-c8xz-v6h3-6ueb" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-e6gj-fe31-kkh5" }, { "vulnerability": "VCID-e7u5-356v-jbg7" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-nenk-4cgd-fugv" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-vkvx-gxbu-3uau" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-zstw-3wmu-u3c8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4" } ], "aliases": [ "CVE-2020-8287" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zj4d-e8r7-ufg3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57382?format=api", "vulnerability_id": "VCID-zrbm-htvv-eke9", "summary": "Multiple vulnerabilities have been found in Node.js, worst of which\n could allow remote attackers to write arbitrary files.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12121.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12121.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12121", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06647", "scoring_system": "epss", "scoring_elements": "0.91228", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.08466", "scoring_system": "epss", "scoring_elements": "0.92321", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.08466", "scoring_system": "epss", "scoring_elements": "0.92328", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.08466", "scoring_system": "epss", "scoring_elements": "0.92334", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.08466", "scoring_system": "epss", "scoring_elements": "0.92338", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.08466", "scoring_system": "epss", "scoring_elements": "0.92349", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.08466", "scoring_system": "epss", "scoring_elements": "0.92354", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.08466", "scoring_system": "epss", "scoring_elements": "0.92359", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.08466", "scoring_system": "epss", "scoring_elements": "0.92361", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12121" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12121", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12121" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1661002", "reference_id": "1661002", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1661002" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2258", "reference_id": "RHSA-2019:2258", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2258" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3497", "reference_id": "RHSA-2019:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3497" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1038014?format=api", "purl": "pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2z1f-7jkw-17av" }, { "vulnerability": "VCID-53xm-8w84-93cx" }, { "vulnerability": "VCID-5cf7-va9h-h3gy" }, { "vulnerability": "VCID-7tpb-9zrz-e7e1" }, { "vulnerability": "VCID-8c4g-fjsa-nkhw" }, { "vulnerability": "VCID-9g7s-y7nq-xfbb" }, { "vulnerability": "VCID-9yq7-aba3-c7c3" }, { "vulnerability": "VCID-b54b-pd2b-bygm" }, { "vulnerability": "VCID-bx67-aud6-b3fa" }, { "vulnerability": "VCID-c8xz-v6h3-6ueb" }, { "vulnerability": "VCID-dfdy-vhdd-5kh4" }, { "vulnerability": "VCID-e18p-c3m9-2qgy" }, { "vulnerability": "VCID-e6gj-fe31-kkh5" }, { "vulnerability": "VCID-e7u5-356v-jbg7" }, { "vulnerability": "VCID-gwyr-ac4e-dqfa" }, { "vulnerability": "VCID-hnjv-fp2r-vqfq" }, { "vulnerability": "VCID-m5ae-uc68-d3g2" }, { "vulnerability": "VCID-m7rw-arzq-jba1" }, { "vulnerability": "VCID-ms5y-gp7v-2qay" }, { "vulnerability": "VCID-n91z-kugd-ebb5" }, { "vulnerability": "VCID-nenk-4cgd-fugv" }, { "vulnerability": "VCID-pqnn-ers1-3fec" }, { "vulnerability": "VCID-q8th-849w-bfhp" }, { "vulnerability": "VCID-tnhd-rr89-9udh" }, { "vulnerability": "VCID-vkvx-gxbu-3uau" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-wzcw-dd7m-zkaz" }, { "vulnerability": "VCID-xnzh-wpd4-63f9" }, { "vulnerability": "VCID-zj4d-e8r7-ufg3" }, { "vulnerability": "VCID-zstw-3wmu-u3c8" }, { "vulnerability": "VCID-ztt4-vnk7-7ycq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1" } ], "aliases": [ "CVE-2018-12121" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zrbm-htvv-eke9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18167?format=api", "vulnerability_id": "VCID-zstw-3wmu-u3c8", "summary": "llhttp vulnerable to HTTP request smuggling\nThe llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).\n\nThe CR character (without LF) is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only the CRLF sequence should delimit each header-field. This impacts all Node.js active versions: v16, v18, and, v20", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30589.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30589.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30589", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01916", "scoring_system": "epss", "scoring_elements": "0.83348", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01916", "scoring_system": "epss", "scoring_elements": "0.83313", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01916", "scoring_system": "epss", "scoring_elements": "0.83323", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01916", "scoring_system": "epss", "scoring_elements": "0.83317", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01916", "scoring_system": "epss", "scoring_elements": "0.83261", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01916", "scoring_system": "epss", "scoring_elements": "0.83276", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01916", "scoring_system": "epss", "scoring_elements": "0.83275", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01916", "scoring_system": "epss", "scoring_elements": "0.83299", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01916", "scoring_system": "epss", "scoring_elements": "0.83308", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30589" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30589", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30589" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/nodejs/llhttp", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/nodejs/llhttp" }, { "reference_url": "https://github.com/nodejs/llhttp/releases/tag/release%2Fv8.1.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/nodejs/llhttp/releases/tag/release%2Fv8.1.1" }, { "reference_url": "https://hackerone.com/reports/2001873", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/2001873" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00029.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00029.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HMEELCREWMRT6NS7HWXLA6XFLLMO36HE", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HMEELCREWMRT6NS7HWXLA6XFLLMO36HE" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IV326O2X4BE3SINX5FJHMAKVHUAA4ZYF", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IV326O2X4BE3SINX5FJHMAKVHUAA4ZYF" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UEJWL67XR67JAGEL2ZK22NA3BRKNMZNY", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UEJWL67XR67JAGEL2ZK22NA3BRKNMZNY" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCVG4TQRGTK4LKAZKVEQAUEJM7DUACYE", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCVG4TQRGTK4LKAZKVEQAUEJM7DUACYE" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VEEQIN5242K5NBE2CZ4DYTNA5B4YTYE5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VEEQIN5242K5NBE2CZ4DYTNA5B4YTYE5" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKFMKD4MJZIKFQJAAJ4VZ2FHIJ764A76", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKFMKD4MJZIKFQJAAJ4VZ2FHIJ764A76" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230803-0009", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20230803-0009" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240621-0006", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20240621-0006" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039990", "reference_id": "1039990", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039990" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219841", "reference_id": "2219841", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219841" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30589", "reference_id": "CVE-2023-30589", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30589" }, { "reference_url": "https://github.com/advisories/GHSA-cggh-pq45-6h9x", "reference_id": "GHSA-cggh-pq45-6h9x", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cggh-pq45-6h9x" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4330", "reference_id": "RHSA-2023:4330", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4330" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4331", "reference_id": "RHSA-2023:4331", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4331" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4536", "reference_id": "RHSA-2023:4536", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4536" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4537", "reference_id": "RHSA-2023:4537", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4537" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5361", "reference_id": "RHSA-2023:5361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5533", "reference_id": "RHSA-2023:5533", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5533" }, { "reference_url": "https://usn.ubuntu.com/6735-1/", "reference_id": "USN-6735-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6735-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994761?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1" } ], "aliases": [ "CVE-2023-30589", "GHSA-cggh-pq45-6h9x" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zstw-3wmu-u3c8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48672?format=api", "vulnerability_id": "VCID-ztt4-vnk7-7ycq", "summary": "Multiple vulnerabilities have been found in NodeJS, the worst of\n which could result in the arbitrary execution of code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8265.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8265.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8265", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00755", "scoring_system": "epss", "scoring_elements": "0.73197", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00755", "scoring_system": "epss", "scoring_elements": "0.73291", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00755", "scoring_system": "epss", "scoring_elements": "0.73255", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00755", "scoring_system": "epss", "scoring_elements": "0.73248", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00755", "scoring_system": "epss", "scoring_elements": "0.73207", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00755", "scoring_system": "epss", "scoring_elements": "0.73228", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00755", "scoring_system": "epss", "scoring_elements": "0.73201", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00755", "scoring_system": "epss", "scoring_elements": "0.73238", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00755", "scoring_system": "epss", "scoring_elements": "0.73251", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00755", "scoring_system": "epss", "scoring_elements": "0.73276", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8265" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8265", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8265" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8287", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8287" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1912854", "reference_id": "1912854", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1912854" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979364", "reference_id": "979364", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979364" }, { "reference_url": "https://security.archlinux.org/ASA-202101-16", "reference_id": "ASA-202101-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202101-16" }, { "reference_url": "https://security.archlinux.org/AVG-1400", "reference_id": "AVG-1400", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1400" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0421", "reference_id": "RHSA-2021:0421", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0421" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0485", "reference_id": "RHSA-2021:0485", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0485" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0521", "reference_id": "RHSA-2021:0521", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0521" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0548", "reference_id": "RHSA-2021:0548", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0548" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0549", "reference_id": "RHSA-2021:0549", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0549" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0551", "reference_id": "RHSA-2021:0551", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0551" }, { "reference_url": "https://usn.ubuntu.com/6380-1/", "reference_id": "USN-6380-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6380-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1038014?format=api", "purl": "pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2z1f-7jkw-17av" }, { "vulnerability": "VCID-53xm-8w84-93cx" }, { "vulnerability": "VCID-5cf7-va9h-h3gy" }, { "vulnerability": "VCID-7tpb-9zrz-e7e1" }, { "vulnerability": "VCID-8c4g-fjsa-nkhw" }, { "vulnerability": "VCID-9g7s-y7nq-xfbb" }, { "vulnerability": "VCID-9yq7-aba3-c7c3" }, { "vulnerability": "VCID-b54b-pd2b-bygm" }, { "vulnerability": "VCID-bx67-aud6-b3fa" }, { "vulnerability": "VCID-c8xz-v6h3-6ueb" }, { "vulnerability": "VCID-dfdy-vhdd-5kh4" }, { "vulnerability": "VCID-e18p-c3m9-2qgy" }, { "vulnerability": "VCID-e6gj-fe31-kkh5" }, { "vulnerability": "VCID-e7u5-356v-jbg7" }, { "vulnerability": "VCID-gwyr-ac4e-dqfa" }, { "vulnerability": "VCID-hnjv-fp2r-vqfq" }, { "vulnerability": "VCID-m5ae-uc68-d3g2" }, { "vulnerability": "VCID-m7rw-arzq-jba1" }, { "vulnerability": "VCID-ms5y-gp7v-2qay" }, { "vulnerability": "VCID-n91z-kugd-ebb5" }, { "vulnerability": "VCID-nenk-4cgd-fugv" }, { "vulnerability": "VCID-pqnn-ers1-3fec" }, { "vulnerability": "VCID-q8th-849w-bfhp" }, { "vulnerability": "VCID-tnhd-rr89-9udh" }, { "vulnerability": "VCID-vkvx-gxbu-3uau" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-wzcw-dd7m-zkaz" }, { "vulnerability": "VCID-xnzh-wpd4-63f9" }, { "vulnerability": "VCID-zj4d-e8r7-ufg3" }, { "vulnerability": "VCID-zstw-3wmu-u3c8" }, { "vulnerability": "VCID-ztt4-vnk7-7ycq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/994760?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-2z1f-7jkw-17av" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-9yq7-aba3-c7c3" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-bx67-aud6-b3fa" }, { "vulnerability": "VCID-c8xz-v6h3-6ueb" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-e6gj-fe31-kkh5" }, { "vulnerability": "VCID-e7u5-356v-jbg7" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-nenk-4cgd-fugv" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-vkvx-gxbu-3uau" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-zstw-3wmu-u3c8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4" } ], "aliases": [ "CVE-2020-8265" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ztt4-vnk7-7ycq" } ], "fixing_vulnerabilities": [], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@4.8.2~dfsg-1~bpo8%252B1" }