Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/npm@11.12.1~ds1-2?distro=trixie
Typedeb
Namespacedebian
Namenpm
Version11.12.1~ds1-2
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version11.12.1~ds1-3
Latest_non_vulnerable_version11.12.1~ds1-4
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-1d95-8411-53f4
vulnerability_id VCID-1d95-8411-53f4
summary 
Incorrect Permission Assignment for Critical Resource
This vulnerability might allow local users to bypass intended filesystem access restrictions because ownerships of `/etc` and `/usr` directories are being changed unexpectedly, related to a `correctMkdir` issue.
references
0
reference_url http://blog.npmjs.org/post/171169301000/v571
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://blog.npmjs.org/post/171169301000/v571
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-7408
reference_id
reference_type
scores
0
value 0.00042
scoring_system epss
scoring_elements 0.12714
published_at 2026-04-12T12:55:00Z
1
value 0.00042
scoring_system epss
scoring_elements 0.12583
published_at 2026-04-18T12:55:00Z
2
value 0.00042
scoring_system epss
scoring_elements 0.12653
published_at 2026-04-07T12:55:00Z
3
value 0.00042
scoring_system epss
scoring_elements 0.12732
published_at 2026-04-08T12:55:00Z
4
value 0.00042
scoring_system epss
scoring_elements 0.12783
published_at 2026-04-09T12:55:00Z
5
value 0.00042
scoring_system epss
scoring_elements 0.12752
published_at 2026-04-11T12:55:00Z
6
value 0.00042
scoring_system epss
scoring_elements 0.12666
published_at 2026-04-13T12:55:00Z
7
value 0.00042
scoring_system epss
scoring_elements 0.12694
published_at 2026-04-01T12:55:00Z
8
value 0.00042
scoring_system epss
scoring_elements 0.12572
published_at 2026-04-16T12:55:00Z
9
value 0.00042
scoring_system epss
scoring_elements 0.12801
published_at 2026-04-02T12:55:00Z
10
value 0.00042
scoring_system epss
scoring_elements 0.12849
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-7408
2
reference_url https://github.com/npm/npm/commit/74e149da6efe6ed89477faa81fef08eee7999ad0
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/npm/npm/commit/74e149da6efe6ed89477faa81fef08eee7999ad0
3
reference_url https://github.com/npm/npm/issues/19883
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/npm/npm/issues/19883
4
reference_url https://security.archlinux.org/AVG-626
reference_id AVG-626
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-626
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-7408
reference_id CVE-2018-7408
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-7408
6
reference_url https://github.com/advisories/GHSA-ph34-pc88-72gc
reference_id GHSA-ph34-pc88-72gc
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-ph34-pc88-72gc
fixed_packages
0
url pkg:deb/debian/npm@0?distro=trixie
purl pkg:deb/debian/npm@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@0%3Fdistro=trixie
1
url pkg:deb/debian/npm@7.5.2%2Bds-2?distro=trixie
purl pkg:deb/debian/npm@7.5.2%2Bds-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-368z-yjtu-m3hc
1
vulnerability VCID-9vk1-2ysq-3ygd
2
vulnerability VCID-myru-vzn7-u7cf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@7.5.2%252Bds-2%3Fdistro=trixie
2
url pkg:deb/debian/npm@9.2.0~ds1-1?distro=trixie
purl pkg:deb/debian/npm@9.2.0~ds1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@9.2.0~ds1-1%3Fdistro=trixie
3
url pkg:deb/debian/npm@9.2.0~ds1-3?distro=trixie
purl pkg:deb/debian/npm@9.2.0~ds1-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@9.2.0~ds1-3%3Fdistro=trixie
4
url pkg:deb/debian/npm@9.2.0~ds3-1?distro=trixie
purl pkg:deb/debian/npm@9.2.0~ds3-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@9.2.0~ds3-1%3Fdistro=trixie
5
url pkg:deb/debian/npm@11.12.1~ds1-2?distro=trixie
purl pkg:deb/debian/npm@11.12.1~ds1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@11.12.1~ds1-2%3Fdistro=trixie
6
url pkg:deb/debian/npm@11.12.1~ds1-3?distro=trixie
purl pkg:deb/debian/npm@11.12.1~ds1-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@11.12.1~ds1-3%3Fdistro=trixie
7
url pkg:deb/debian/npm@11.12.1~ds1-4?distro=trixie
purl pkg:deb/debian/npm@11.12.1~ds1-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@11.12.1~ds1-4%3Fdistro=trixie
aliases CVE-2018-7408, GHSA-ph34-pc88-72gc
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1d95-8411-53f4
1
url VCID-368z-yjtu-m3hc
vulnerability_id VCID-368z-yjtu-m3hc
summary 
Insufficient Verification of Data Authenticity
This CVE has been marked as a False Positive as it only concerns the npm cli tool.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43616.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43616.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-43616
reference_id
reference_type
scores
0
value 0.01851
scoring_system epss
scoring_elements 0.82937
published_at 2026-04-01T12:55:00Z
1
value 0.01851
scoring_system epss
scoring_elements 0.83039
published_at 2026-04-18T12:55:00Z
2
value 0.01851
scoring_system epss
scoring_elements 0.83004
published_at 2026-04-12T12:55:00Z
3
value 0.01851
scoring_system epss
scoring_elements 0.83
published_at 2026-04-13T12:55:00Z
4
value 0.01851
scoring_system epss
scoring_elements 0.82953
published_at 2026-04-02T12:55:00Z
5
value 0.01851
scoring_system epss
scoring_elements 0.82965
published_at 2026-04-04T12:55:00Z
6
value 0.01851
scoring_system epss
scoring_elements 0.82963
published_at 2026-04-07T12:55:00Z
7
value 0.01851
scoring_system epss
scoring_elements 0.82987
published_at 2026-04-08T12:55:00Z
8
value 0.01851
scoring_system epss
scoring_elements 0.82995
published_at 2026-04-09T12:55:00Z
9
value 0.01851
scoring_system epss
scoring_elements 0.83011
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-43616
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43616
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43616
3
reference_url https://docs.npmjs.com/cli/v7/commands/npm-ci
reference_id
reference_type
scores
url https://docs.npmjs.com/cli/v7/commands/npm-ci
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/npm/cli/issues/2701
reference_id
reference_type
scores
url https://github.com/npm/cli/issues/2701
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2050282
reference_id 2050282
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2050282
7
reference_url https://security.archlinux.org/AVG-2554
reference_id AVG-2554
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2554
8
reference_url https://github.com/icatalina/CVE-2021-43616
reference_id CVE-2021-43616
reference_type
scores
url https://github.com/icatalina/CVE-2021-43616
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-43616
reference_id CVE-2021-43616
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-43616
10
reference_url https://access.redhat.com/errata/RHSA-2022:4796
reference_id RHSA-2022:4796
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4796
fixed_packages
0
url pkg:deb/debian/npm@8.4.1~ds-1?distro=trixie
purl pkg:deb/debian/npm@8.4.1~ds-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@8.4.1~ds-1%3Fdistro=trixie
1
url pkg:deb/debian/npm@9.2.0~ds1-1?distro=trixie
purl pkg:deb/debian/npm@9.2.0~ds1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@9.2.0~ds1-1%3Fdistro=trixie
2
url pkg:deb/debian/npm@9.2.0~ds1-3?distro=trixie
purl pkg:deb/debian/npm@9.2.0~ds1-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@9.2.0~ds1-3%3Fdistro=trixie
3
url pkg:deb/debian/npm@9.2.0~ds3-1?distro=trixie
purl pkg:deb/debian/npm@9.2.0~ds3-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@9.2.0~ds3-1%3Fdistro=trixie
4
url pkg:deb/debian/npm@11.12.1~ds1-2?distro=trixie
purl pkg:deb/debian/npm@11.12.1~ds1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@11.12.1~ds1-2%3Fdistro=trixie
5
url pkg:deb/debian/npm@11.12.1~ds1-3?distro=trixie
purl pkg:deb/debian/npm@11.12.1~ds1-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@11.12.1~ds1-3%3Fdistro=trixie
6
url pkg:deb/debian/npm@11.12.1~ds1-4?distro=trixie
purl pkg:deb/debian/npm@11.12.1~ds1-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@11.12.1~ds1-4%3Fdistro=trixie
aliases CVE-2021-43616
risk_score 3.6
exploitability 0.5
weighted_severity 7.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-368z-yjtu-m3hc
2
url VCID-9vk1-2ysq-3ygd
vulnerability_id VCID-9vk1-2ysq-3ygd
summary 
UNIX Symbolic Link (Symlink) Following
`@npmcli/arborist`, the library that calculates dependency trees and manages the node_modules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder. This is accomplished by extracting package contents into a project's `node_modules` folder. If the `node_modules` folder of the root project or any of its dependencies is somehow replaced with a symbolic link, it could allow Arborist to write package dependencies to any arbitrary location on the file system. Note that symbolic links contained within package artifact contents are filtered out, so another means of creating a `node_modules` symbolic link would have to be employed. A `preinstall` script could replace `node_modules` with a symlink. (This is prevented by using `--ignore-scripts`.) An attacker could supply the target with a git repository, instructing them to run `npm install --ignore-scripts` in the root. This may be successful, because `npm install --ignore-scripts` is typically not capable of making changes outside of the project directory, so it may be deemed safe. This is patched in @npmcli/arborist which is included in npm v7.20.7. For more information including workarounds please see the referenced GHSA-gmw6-94gg-2rc2.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39135.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39135.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39135
reference_id
reference_type
scores
0
value 0.00211
scoring_system epss
scoring_elements 0.43621
published_at 2026-04-18T12:55:00Z
1
value 0.00211
scoring_system epss
scoring_elements 0.43507
published_at 2026-04-01T12:55:00Z
2
value 0.00211
scoring_system epss
scoring_elements 0.43569
published_at 2026-04-02T12:55:00Z
3
value 0.00211
scoring_system epss
scoring_elements 0.43596
published_at 2026-04-04T12:55:00Z
4
value 0.00211
scoring_system epss
scoring_elements 0.43533
published_at 2026-04-07T12:55:00Z
5
value 0.00211
scoring_system epss
scoring_elements 0.43584
published_at 2026-04-08T12:55:00Z
6
value 0.00211
scoring_system epss
scoring_elements 0.43599
published_at 2026-04-09T12:55:00Z
7
value 0.00211
scoring_system epss
scoring_elements 0.43617
published_at 2026-04-11T12:55:00Z
8
value 0.00211
scoring_system epss
scoring_elements 0.43586
published_at 2026-04-12T12:55:00Z
9
value 0.00211
scoring_system epss
scoring_elements 0.43571
published_at 2026-04-13T12:55:00Z
10
value 0.00211
scoring_system epss
scoring_elements 0.43631
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39135
2
reference_url https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39135
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39135
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/npm/arborist
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/npm/arborist
6
reference_url https://www.npmjs.com/package/@npmcli/arborist
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/package/@npmcli/arborist
7
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1999745
reference_id 1999745
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1999745
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993405
reference_id 993405
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993405
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-39135
reference_id CVE-2021-39135
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-39135
11
reference_url https://github.com/advisories/GHSA-gmw6-94gg-2rc2
reference_id GHSA-gmw6-94gg-2rc2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gmw6-94gg-2rc2
12
reference_url https://github.com/npm/arborist/security/advisories/GHSA-gmw6-94gg-2rc2
reference_id GHSA-gmw6-94gg-2rc2
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/npm/arborist/security/advisories/GHSA-gmw6-94gg-2rc2
13
reference_url https://security.gentoo.org/glsa/202405-29
reference_id GLSA-202405-29
reference_type
scores
url https://security.gentoo.org/glsa/202405-29
fixed_packages
0
url pkg:deb/debian/npm@7.24.0%2Bds-2?distro=trixie
purl pkg:deb/debian/npm@7.24.0%2Bds-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@7.24.0%252Bds-2%3Fdistro=trixie
1
url pkg:deb/debian/npm@9.2.0~ds1-1?distro=trixie
purl pkg:deb/debian/npm@9.2.0~ds1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@9.2.0~ds1-1%3Fdistro=trixie
2
url pkg:deb/debian/npm@9.2.0~ds1-3?distro=trixie
purl pkg:deb/debian/npm@9.2.0~ds1-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@9.2.0~ds1-3%3Fdistro=trixie
3
url pkg:deb/debian/npm@9.2.0~ds3-1?distro=trixie
purl pkg:deb/debian/npm@9.2.0~ds3-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@9.2.0~ds3-1%3Fdistro=trixie
4
url pkg:deb/debian/npm@11.12.1~ds1-2?distro=trixie
purl pkg:deb/debian/npm@11.12.1~ds1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@11.12.1~ds1-2%3Fdistro=trixie
5
url pkg:deb/debian/npm@11.12.1~ds1-3?distro=trixie
purl pkg:deb/debian/npm@11.12.1~ds1-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@11.12.1~ds1-3%3Fdistro=trixie
6
url pkg:deb/debian/npm@11.12.1~ds1-4?distro=trixie
purl pkg:deb/debian/npm@11.12.1~ds1-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@11.12.1~ds1-4%3Fdistro=trixie
aliases CVE-2021-39135, GHSA-gmw6-94gg-2rc2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9vk1-2ysq-3ygd
3
url VCID-e2wc-na6c-c3cr
vulnerability_id VCID-e2wc-na6c-c3cr
summary 
npm CLI exposing sensitive information through logs
Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like `<protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>`. The password value is not redacted and is printed to stdout and also to any generated log files.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00011.html
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00011.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00015.html
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00015.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00023.html
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00023.html
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15095.json
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15095.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-15095
reference_id
reference_type
scores
0
value 0.001
scoring_system epss
scoring_elements 0.27686
published_at 2026-04-18T12:55:00Z
1
value 0.001
scoring_system epss
scoring_elements 0.27803
published_at 2026-04-01T12:55:00Z
2
value 0.001
scoring_system epss
scoring_elements 0.27853
published_at 2026-04-02T12:55:00Z
3
value 0.001
scoring_system epss
scoring_elements 0.27894
published_at 2026-04-04T12:55:00Z
4
value 0.001
scoring_system epss
scoring_elements 0.27685
published_at 2026-04-07T12:55:00Z
5
value 0.001
scoring_system epss
scoring_elements 0.27753
published_at 2026-04-08T12:55:00Z
6
value 0.001
scoring_system epss
scoring_elements 0.27796
published_at 2026-04-09T12:55:00Z
7
value 0.001
scoring_system epss
scoring_elements 0.27802
published_at 2026-04-11T12:55:00Z
8
value 0.001
scoring_system epss
scoring_elements 0.2776
published_at 2026-04-12T12:55:00Z
9
value 0.001
scoring_system epss
scoring_elements 0.27702
published_at 2026-04-13T12:55:00Z
10
value 0.001
scoring_system epss
scoring_elements 0.27712
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-15095
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15095
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15095
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://github.com/npm/cli/blob/66aab417f836a901f8afb265251f761bb0422463/CHANGELOG.md#6146-2020-07-07
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/npm/cli/blob/66aab417f836a901f8afb265251f761bb0422463/CHANGELOG.md#6146-2020-07-07
8
reference_url https://github.com/npm/cli/commit/a9857b8f6869451ff058789c4631fadfde5bbcbc
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/npm/cli/commit/a9857b8f6869451ff058789c4631fadfde5bbcbc
9
reference_url https://github.com/npm/cli/security/advisories/GHSA-93f3-23rq-pjfp
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/npm/cli/security/advisories/GHSA-93f3-23rq-pjfp
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-15095
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-15095
13
reference_url https://security.gentoo.org/glsa/202101-07
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202101-07
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1856875
reference_id 1856875
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1856875
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964746
reference_id 964746
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964746
16
reference_url https://github.com/advisories/GHSA-93f3-23rq-pjfp
reference_id GHSA-93f3-23rq-pjfp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-93f3-23rq-pjfp
17
reference_url https://access.redhat.com/errata/RHSA-2020:4272
reference_id RHSA-2020:4272
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4272
18
reference_url https://access.redhat.com/errata/RHSA-2020:4903
reference_id RHSA-2020:4903
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4903
19
reference_url https://access.redhat.com/errata/RHSA-2020:5086
reference_id RHSA-2020:5086
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5086
20
reference_url https://access.redhat.com/errata/RHSA-2021:0521
reference_id RHSA-2021:0521
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0521
21
reference_url https://access.redhat.com/errata/RHSA-2021:0548
reference_id RHSA-2021:0548
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0548
fixed_packages
0
url pkg:deb/debian/npm@6.14.6%2Bds-1?distro=trixie
purl pkg:deb/debian/npm@6.14.6%2Bds-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@6.14.6%252Bds-1%3Fdistro=trixie
1
url pkg:deb/debian/npm@7.5.2%2Bds-2?distro=trixie
purl pkg:deb/debian/npm@7.5.2%2Bds-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-368z-yjtu-m3hc
1
vulnerability VCID-9vk1-2ysq-3ygd
2
vulnerability VCID-myru-vzn7-u7cf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@7.5.2%252Bds-2%3Fdistro=trixie
2
url pkg:deb/debian/npm@9.2.0~ds1-1?distro=trixie
purl pkg:deb/debian/npm@9.2.0~ds1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@9.2.0~ds1-1%3Fdistro=trixie
3
url pkg:deb/debian/npm@9.2.0~ds1-3?distro=trixie
purl pkg:deb/debian/npm@9.2.0~ds1-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@9.2.0~ds1-3%3Fdistro=trixie
4
url pkg:deb/debian/npm@9.2.0~ds3-1?distro=trixie
purl pkg:deb/debian/npm@9.2.0~ds3-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@9.2.0~ds3-1%3Fdistro=trixie
5
url pkg:deb/debian/npm@11.12.1~ds1-2?distro=trixie
purl pkg:deb/debian/npm@11.12.1~ds1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@11.12.1~ds1-2%3Fdistro=trixie
6
url pkg:deb/debian/npm@11.12.1~ds1-3?distro=trixie
purl pkg:deb/debian/npm@11.12.1~ds1-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@11.12.1~ds1-3%3Fdistro=trixie
7
url pkg:deb/debian/npm@11.12.1~ds1-4?distro=trixie
purl pkg:deb/debian/npm@11.12.1~ds1-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@11.12.1~ds1-4%3Fdistro=trixie
aliases CVE-2020-15095, GHSA-93f3-23rq-pjfp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e2wc-na6c-c3cr
4
url VCID-fucn-8p7k-6qe8
vulnerability_id VCID-fucn-8p7k-6qe8
summary 
Predictable temp filenames allow overwrite of arbitrary files
npm allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4116.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4116.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-4116
reference_id
reference_type
scores
0
value 0.00104
scoring_system epss
scoring_elements 0.28362
published_at 2026-04-08T12:55:00Z
1
value 0.00104
scoring_system epss
scoring_elements 0.2832
published_at 2026-04-16T12:55:00Z
2
value 0.00104
scoring_system epss
scoring_elements 0.28308
published_at 2026-04-13T12:55:00Z
3
value 0.00104
scoring_system epss
scoring_elements 0.28367
published_at 2026-04-12T12:55:00Z
4
value 0.00104
scoring_system epss
scoring_elements 0.28409
published_at 2026-04-11T12:55:00Z
5
value 0.00104
scoring_system epss
scoring_elements 0.2839
published_at 2026-04-01T12:55:00Z
6
value 0.00104
scoring_system epss
scoring_elements 0.28465
published_at 2026-04-02T12:55:00Z
7
value 0.00104
scoring_system epss
scoring_elements 0.28507
published_at 2026-04-04T12:55:00Z
8
value 0.00104
scoring_system epss
scoring_elements 0.28298
published_at 2026-04-07T12:55:00Z
9
value 0.00104
scoring_system epss
scoring_elements 0.28406
published_at 2026-04-09T12:55:00Z
10
value 0.00104
scoring_system epss
scoring_elements 0.28299
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-4116
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=715325
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=715325
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=983917
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=983917
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4116
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4116
5
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/87141
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/87141
6
reference_url https://github.com/npm/npm
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/npm/npm
7
reference_url https://github.com/npm/npm/commit/f4d31693
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/npm/npm/commit/f4d31693
8
reference_url https://github.com/npm/npm/issues/3635
reference_id
reference_type
scores
0
value 3.2
scoring_system cvssv3
scoring_elements
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/npm/npm/issues/3635
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-4116
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-4116
10
reference_url https://www.npmjs.com/advisories/152
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/152
11
reference_url http://www.openwall.com/lists/oss-security/2013/07/10/17
reference_id
reference_type
scores
0
value 3.2
scoring_system cvssv3
scoring_elements
1
value LOW
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/07/10/17
12
reference_url http://www.openwall.com/lists/oss-security/2013/07/11/9
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/07/11/9
13
reference_url http://www.securityfocus.com/bid/61083
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/61083
14
reference_url https://github.com/nodejs/security-wg/blob/main/vuln/npm/152.json
reference_id 152
reference_type
scores
0
value 3.2
scoring_system cvssv3
scoring_elements
url https://github.com/nodejs/security-wg/blob/main/vuln/npm/152.json
15
reference_url https://github.com/advisories/GHSA-v3jv-wrf4-5845
reference_id GHSA-v3jv-wrf4-5845
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v3jv-wrf4-5845
fixed_packages
0
url pkg:deb/debian/npm@1.3.10~dfsg-1?distro=trixie
purl pkg:deb/debian/npm@1.3.10~dfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@1.3.10~dfsg-1%3Fdistro=trixie
1
url pkg:deb/debian/npm@7.5.2%2Bds-2?distro=trixie
purl pkg:deb/debian/npm@7.5.2%2Bds-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-368z-yjtu-m3hc
1
vulnerability VCID-9vk1-2ysq-3ygd
2
vulnerability VCID-myru-vzn7-u7cf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@7.5.2%252Bds-2%3Fdistro=trixie
2
url pkg:deb/debian/npm@9.2.0~ds1-1?distro=trixie
purl pkg:deb/debian/npm@9.2.0~ds1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@9.2.0~ds1-1%3Fdistro=trixie
3
url pkg:deb/debian/npm@9.2.0~ds1-3?distro=trixie
purl pkg:deb/debian/npm@9.2.0~ds1-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@9.2.0~ds1-3%3Fdistro=trixie
4
url pkg:deb/debian/npm@9.2.0~ds3-1?distro=trixie
purl pkg:deb/debian/npm@9.2.0~ds3-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@9.2.0~ds3-1%3Fdistro=trixie
5
url pkg:deb/debian/npm@11.12.1~ds1-2?distro=trixie
purl pkg:deb/debian/npm@11.12.1~ds1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@11.12.1~ds1-2%3Fdistro=trixie
6
url pkg:deb/debian/npm@11.12.1~ds1-3?distro=trixie
purl pkg:deb/debian/npm@11.12.1~ds1-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@11.12.1~ds1-3%3Fdistro=trixie
7
url pkg:deb/debian/npm@11.12.1~ds1-4?distro=trixie
purl pkg:deb/debian/npm@11.12.1~ds1-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@11.12.1~ds1-4%3Fdistro=trixie
aliases CVE-2013-4116, GHSA-v3jv-wrf4-5845
risk_score 1.4
exploitability 0.5
weighted_severity 2.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fucn-8p7k-6qe8
5
url VCID-k3gg-stck-7ydy
vulnerability_id VCID-k3gg-stck-7ydy
summary 
Arbitrary File Write in npm
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to create files on a user's system when the package is installed. It is only possible to affect files that the user running `npm install` has access to and it is not possible to over write files that already exist on disk.

This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.


## Recommendation

Upgrade to version 6.13.3 or later.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html
1
reference_url https://access.redhat.com/errata/RHEA-2020:0330
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHEA-2020:0330
2
reference_url https://access.redhat.com/errata/RHSA-2020:0573
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0573
3
reference_url https://access.redhat.com/errata/RHSA-2020:0579
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0579
4
reference_url https://access.redhat.com/errata/RHSA-2020:0597
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0597
5
reference_url https://access.redhat.com/errata/RHSA-2020:0602
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0602
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16775.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16775.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-16775
reference_id
reference_type
scores
0
value 0.00684
scoring_system epss
scoring_elements 0.717
published_at 2026-04-18T12:55:00Z
1
value 0.00684
scoring_system epss
scoring_elements 0.71614
published_at 2026-04-01T12:55:00Z
2
value 0.00684
scoring_system epss
scoring_elements 0.7162
published_at 2026-04-02T12:55:00Z
3
value 0.00684
scoring_system epss
scoring_elements 0.71638
published_at 2026-04-04T12:55:00Z
4
value 0.00684
scoring_system epss
scoring_elements 0.71611
published_at 2026-04-07T12:55:00Z
5
value 0.00684
scoring_system epss
scoring_elements 0.71651
published_at 2026-04-08T12:55:00Z
6
value 0.00684
scoring_system epss
scoring_elements 0.71662
published_at 2026-04-09T12:55:00Z
7
value 0.00684
scoring_system epss
scoring_elements 0.71685
published_at 2026-04-11T12:55:00Z
8
value 0.00684
scoring_system epss
scoring_elements 0.71668
published_at 2026-04-12T12:55:00Z
9
value 0.00684
scoring_system epss
scoring_elements 0.7165
published_at 2026-04-13T12:55:00Z
10
value 0.00684
scoring_system epss
scoring_elements 0.71694
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-16775
8
reference_url https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16775
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16775
10
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
11
reference_url https://github.com/advisories/GHSA-m6cx-g6qm-p2cx
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-m6cx-g6qm-p2cx
12
reference_url https://github.com/npm/cli
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/npm/cli
13
reference_url https://github.com/npm/cli/security/advisories/GHSA-m6cx-g6qm-p2cx
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/npm/cli/security/advisories/GHSA-m6cx-g6qm-p2cx
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP/
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-16775
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-16775
17
reference_url https://www.npmjs.com/advisories/1434
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/1434
18
reference_url https://www.oracle.com/security-alerts/cpujan2020.html
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2020.html
19
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
20
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1788305
reference_id 1788305
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1788305
21
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947127
reference_id 947127
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947127
22
reference_url https://security.archlinux.org/AVG-1082
reference_id AVG-1082
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1082
23
reference_url https://access.redhat.com/errata/RHSA-2020:2625
reference_id RHSA-2020:2625
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2625
fixed_packages
0
url pkg:deb/debian/npm@6.13.4%2Bds-2?distro=trixie
purl pkg:deb/debian/npm@6.13.4%2Bds-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@6.13.4%252Bds-2%3Fdistro=trixie
1
url pkg:deb/debian/npm@7.5.2%2Bds-2?distro=trixie
purl pkg:deb/debian/npm@7.5.2%2Bds-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-368z-yjtu-m3hc
1
vulnerability VCID-9vk1-2ysq-3ygd
2
vulnerability VCID-myru-vzn7-u7cf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@7.5.2%252Bds-2%3Fdistro=trixie
2
url pkg:deb/debian/npm@9.2.0~ds1-1?distro=trixie
purl pkg:deb/debian/npm@9.2.0~ds1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@9.2.0~ds1-1%3Fdistro=trixie
3
url pkg:deb/debian/npm@9.2.0~ds1-3?distro=trixie
purl pkg:deb/debian/npm@9.2.0~ds1-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@9.2.0~ds1-3%3Fdistro=trixie
4
url pkg:deb/debian/npm@9.2.0~ds3-1?distro=trixie
purl pkg:deb/debian/npm@9.2.0~ds3-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@9.2.0~ds3-1%3Fdistro=trixie
5
url pkg:deb/debian/npm@11.12.1~ds1-2?distro=trixie
purl pkg:deb/debian/npm@11.12.1~ds1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@11.12.1~ds1-2%3Fdistro=trixie
6
url pkg:deb/debian/npm@11.12.1~ds1-3?distro=trixie
purl pkg:deb/debian/npm@11.12.1~ds1-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@11.12.1~ds1-3%3Fdistro=trixie
7
url pkg:deb/debian/npm@11.12.1~ds1-4?distro=trixie
purl pkg:deb/debian/npm@11.12.1~ds1-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@11.12.1~ds1-4%3Fdistro=trixie
aliases CVE-2019-16775, GHSA-m6cx-g6qm-p2cx
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k3gg-stck-7ydy
6
url VCID-myru-vzn7-u7cf
vulnerability_id VCID-myru-vzn7-u7cf
summary 
UNIX Symbolic Link (Symlink) Following
`@npmcli/arborist`, the library that calculates dependency trees and manages the `node_modules` folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39134.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39134.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39134
reference_id
reference_type
scores
0
value 0.00718
scoring_system epss
scoring_elements 0.72483
published_at 2026-04-18T12:55:00Z
1
value 0.00718
scoring_system epss
scoring_elements 0.72386
published_at 2026-04-01T12:55:00Z
2
value 0.00718
scoring_system epss
scoring_elements 0.72391
published_at 2026-04-02T12:55:00Z
3
value 0.00718
scoring_system epss
scoring_elements 0.72409
published_at 2026-04-04T12:55:00Z
4
value 0.00718
scoring_system epss
scoring_elements 0.72387
published_at 2026-04-07T12:55:00Z
5
value 0.00718
scoring_system epss
scoring_elements 0.72425
published_at 2026-04-08T12:55:00Z
6
value 0.00718
scoring_system epss
scoring_elements 0.72437
published_at 2026-04-09T12:55:00Z
7
value 0.00718
scoring_system epss
scoring_elements 0.7246
published_at 2026-04-11T12:55:00Z
8
value 0.00718
scoring_system epss
scoring_elements 0.72443
published_at 2026-04-12T12:55:00Z
9
value 0.00718
scoring_system epss
scoring_elements 0.72433
published_at 2026-04-13T12:55:00Z
10
value 0.00718
scoring_system epss
scoring_elements 0.72474
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39134
2
reference_url https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39134
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39134
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/npm/arborist
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/npm/arborist
6
reference_url https://www.npmjs.com/package/@npmcli/arborist
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/package/@npmcli/arborist
7
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1999744
reference_id 1999744
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1999744
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993407
reference_id 993407
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993407
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-39134
reference_id CVE-2021-39134
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-39134
11
reference_url https://github.com/advisories/GHSA-2h3h-q99f-3fhc
reference_id GHSA-2h3h-q99f-3fhc
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2h3h-q99f-3fhc
12
reference_url https://github.com/npm/arborist/security/advisories/GHSA-2h3h-q99f-3fhc
reference_id GHSA-2h3h-q99f-3fhc
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/npm/arborist/security/advisories/GHSA-2h3h-q99f-3fhc
13
reference_url https://security.gentoo.org/glsa/202405-29
reference_id GLSA-202405-29
reference_type
scores
url https://security.gentoo.org/glsa/202405-29
fixed_packages
0
url pkg:deb/debian/npm@7.24.0%2Bds-2?distro=trixie
purl pkg:deb/debian/npm@7.24.0%2Bds-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@7.24.0%252Bds-2%3Fdistro=trixie
1
url pkg:deb/debian/npm@9.2.0~ds1-1?distro=trixie
purl pkg:deb/debian/npm@9.2.0~ds1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@9.2.0~ds1-1%3Fdistro=trixie
2
url pkg:deb/debian/npm@9.2.0~ds1-3?distro=trixie
purl pkg:deb/debian/npm@9.2.0~ds1-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@9.2.0~ds1-3%3Fdistro=trixie
3
url pkg:deb/debian/npm@9.2.0~ds3-1?distro=trixie
purl pkg:deb/debian/npm@9.2.0~ds3-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@9.2.0~ds3-1%3Fdistro=trixie
4
url pkg:deb/debian/npm@11.12.1~ds1-2?distro=trixie
purl pkg:deb/debian/npm@11.12.1~ds1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@11.12.1~ds1-2%3Fdistro=trixie
5
url pkg:deb/debian/npm@11.12.1~ds1-3?distro=trixie
purl pkg:deb/debian/npm@11.12.1~ds1-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@11.12.1~ds1-3%3Fdistro=trixie
6
url pkg:deb/debian/npm@11.12.1~ds1-4?distro=trixie
purl pkg:deb/debian/npm@11.12.1~ds1-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@11.12.1~ds1-4%3Fdistro=trixie
aliases CVE-2021-39134, GHSA-2h3h-q99f-3fhc
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-myru-vzn7-u7cf
7
url VCID-sz3c-y3nq-1qdc
vulnerability_id VCID-sz3c-y3nq-1qdc
summary 
Exposure of Sensitive Information to an Unauthorized Actor
The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers.
references
0
reference_url http://blog.npmjs.org/post/142036323955/fixing-a-bearer-token-vulnerability
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://blog.npmjs.org/post/142036323955/fixing-a-bearer-token-vulnerability
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3956.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3956.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-3956
reference_id
reference_type
scores
0
value 0.03208
scoring_system epss
scoring_elements 0.87039
published_at 2026-04-18T12:55:00Z
1
value 0.03208
scoring_system epss
scoring_elements 0.86967
published_at 2026-04-01T12:55:00Z
2
value 0.03208
scoring_system epss
scoring_elements 0.86977
published_at 2026-04-02T12:55:00Z
3
value 0.03208
scoring_system epss
scoring_elements 0.86996
published_at 2026-04-04T12:55:00Z
4
value 0.03208
scoring_system epss
scoring_elements 0.86989
published_at 2026-04-07T12:55:00Z
5
value 0.03208
scoring_system epss
scoring_elements 0.87009
published_at 2026-04-08T12:55:00Z
6
value 0.03208
scoring_system epss
scoring_elements 0.87017
published_at 2026-04-09T12:55:00Z
7
value 0.03208
scoring_system epss
scoring_elements 0.8703
published_at 2026-04-11T12:55:00Z
8
value 0.03208
scoring_system epss
scoring_elements 0.87025
published_at 2026-04-12T12:55:00Z
9
value 0.03208
scoring_system epss
scoring_elements 0.87019
published_at 2026-04-13T12:55:00Z
10
value 0.03208
scoring_system epss
scoring_elements 0.87035
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-3956
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3956
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3956
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:P/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/npm/npm/commit/f67ecad59e99a03e5aad8e93cd1a086ae087cb29
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/npm/npm/commit/f67ecad59e99a03e5aad8e93cd1a086ae087cb29
6
reference_url https://github.com/npm/npm/commit/fea8cc92cee02c720b58f95f14d315507ccad401
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/npm/npm/commit/fea8cc92cee02c720b58f95f14d315507ccad401
7
reference_url https://github.com/npm/npm/issues/8380
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/npm/npm/issues/8380
8
reference_url https://nodejs.org/en/blog/vulnerability/npm-tokens-leak-march-2016
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nodejs.org/en/blog/vulnerability/npm-tokens-leak-march-2016
9
reference_url https://nodejs.org/en/blog/vulnerability/npm-tokens-leak-march-2016/
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements
url https://nodejs.org/en/blog/vulnerability/npm-tokens-leak-march-2016/
10
reference_url https://www.npmjs.com/advisories/98
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/98
11
reference_url http://www-01.ibm.com/support/docview.wss?uid=swg21980827
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www-01.ibm.com/support/docview.wss?uid=swg21980827
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1328413
reference_id 1328413
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1328413
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850322
reference_id 850322
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850322
14
reference_url https://github.com/nodejs/security-wg/blob/main/vuln/npm/98.json
reference_id 98
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements
url https://github.com/nodejs/security-wg/blob/main/vuln/npm/98.json
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:sdk:*:*:*:*:*:nodejs:*:*
reference_id cpe:2.3:a:ibm:sdk:*:*:*:*:*:nodejs:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:sdk:*:*:*:*:*:nodejs:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.0:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.1:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.10:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.10:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.10:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.11:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.11:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.11:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.12:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.12:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.12:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.13:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.13:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.13:*:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.14:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.14:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.14:*:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.15:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.15:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.15:*:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.16:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.16:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.16:*:*:*:*:*:*:*
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.16-isaacs-manual:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.16-isaacs-manual:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.16-isaacs-manual:*:*:*:*:*:*:*
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.17:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.17:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.17:*:*:*:*:*:*:*
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.18:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.18:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.18:*:*:*:*:*:*:*
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.19:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.19:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.19:*:*:*:*:*:*:*
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.2:*:*:*:*:*:*:*
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.20:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.20:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.20:*:*:*:*:*:*:*
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.21:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.21:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.21:*:*:*:*:*:*:*
32
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.22:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.22:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.22:*:*:*:*:*:*:*
33
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.23:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.23:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.23:*:*:*:*:*:*:*
34
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.24:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.24:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.24:*:*:*:*:*:*:*
35
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.25:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.25:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.25:*:*:*:*:*:*:*
36
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.26:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.26:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.26:*:*:*:*:*:*:*
37
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.27:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.27:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.27:*:*:*:*:*:*:*
38
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.28:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.28:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.28:*:*:*:*:*:*:*
39
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.29:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.29:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.29:*:*:*:*:*:*:*
40
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.3:*:*:*:*:*:*:*
41
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.30:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.30:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.30:*:*:*:*:*:*:*
42
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.31:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.31:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.31:*:*:*:*:*:*:*
43
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.32:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.32:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.32:*:*:*:*:*:*:*
44
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.33:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.33:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.33:*:*:*:*:*:*:*
45
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.34:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.34:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.34:*:*:*:*:*:*:*
46
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.35:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.35:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.35:*:*:*:*:*:*:*
47
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.36:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.36:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.36:*:*:*:*:*:*:*
48
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.37:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.37:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.37:*:*:*:*:*:*:*
49
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.38:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.38:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.38:*:*:*:*:*:*:*
50
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.39:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.39:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.39:*:*:*:*:*:*:*
51
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.4:*:*:*:*:*:*:*
52
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.40:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.40:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.40:*:*:*:*:*:*:*
53
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.41:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.41:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.41:*:*:*:*:*:*:*
54
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.5:*:*:*:*:*:*:*
55
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.6:*:*:*:*:*:*:*
56
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.7:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.7:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.7:*:*:*:*:*:*:*
57
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.8:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.8:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.8:*:*:*:*:*:*:*
58
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.9:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.9:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.9:*:*:*:*:*:*:*
59
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.12.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.0:*:*:*:*:*:*:*
60
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.12.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.1:*:*:*:*:*:*:*
61
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.12.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.2:*:*:*:*:*:*:*
62
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.12.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.3:*:*:*:*:*:*:*
63
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.12.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.4:*:*:*:*:*:*:*
64
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.12.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.5:*:*:*:*:*:*:*
65
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.12.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.6:*:*:*:*:*:*:*
66
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.7:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.12.7:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.7:*:*:*:*:*:*:*
67
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.8:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.12.8:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.8:*:*:*:*:*:*:*
68
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.9:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.12.9:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.9:*:*:*:*:*:*:*
69
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:4.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.0.0:*:*:*:*:*:*:*
70
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.1.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:4.1.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.1.0:*:*:*:*:*:*:*
71
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.1.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:4.1.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.1.1:*:*:*:*:*:*:*
72
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.1.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:4.1.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.1.2:*:*:*:*:*:*:*
73
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:4.2.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.0:*:*:*:*:*:*:*
74
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:4.2.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.1:*:*:*:*:*:*:*
75
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:4.2.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.2:*:*:*:*:*:*:*
76
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:4.2.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.3:*:*:*:*:*:*:*
77
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:4.2.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.4:*:*:*:*:*:*:*
78
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:4.2.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.5:*:*:*:*:*:*:*
79
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:4.2.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.6:*:*:*:*:*:*:*
80
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.3.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:4.3.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.3.0:*:*:*:*:*:*:*
81
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.3.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:4.3.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.3.1:*:*:*:*:*:*:*
82
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.3.1:rc.1:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:4.3.1:rc.1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.3.1:rc.1:*:*:*:*:*:*
83
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.3.1:rc.2:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:4.3.1:rc.2:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.3.1:rc.2:*:*:*:*:*:*
84
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.3.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:4.3.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.3.2:*:*:*:*:*:*:*
85
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.4.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:4.4.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.4.0:*:*:*:*:*:*:*
86
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.4.0:rc.1:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:4.4.0:rc.1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.4.0:rc.1:*:*:*:*:*:*
87
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.4.0:rc.2:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:4.4.0:rc.2:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.4.0:rc.2:*:*:*:*:*:*
88
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.4.0:rc.3:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:4.4.0:rc.3:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.4.0:rc.3:*:*:*:*:*:*
89
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.4.0:rc.4:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:4.4.0:rc.4:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.4.0:rc.4:*:*:*:*:*:*
90
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.4.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:4.4.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.4.1:*:*:*:*:*:*:*
91
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:5.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.0.0:*:*:*:*:*:*:*
92
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.1.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:5.1.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.1.0:*:*:*:*:*:*:*
93
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.1.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:5.1.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.1.1:*:*:*:*:*:*:*
94
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.2.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:5.2.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.2.0:*:*:*:*:*:*:*
95
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.3.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:5.3.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.3.0:*:*:*:*:*:*:*
96
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.4.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:5.4.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.4.0:*:*:*:*:*:*:*
97
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.4.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:5.4.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.4.1:*:*:*:*:*:*:*
98
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.5.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:5.5.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.5.0:*:*:*:*:*:*:*
99
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.6.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:5.6.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.6.0:*:*:*:*:*:*:*
100
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.7.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:5.7.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.7.0:*:*:*:*:*:*:*
101
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.7.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:5.7.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.7.1:*:*:*:*:*:*:*
102
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:5.8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.8.0:*:*:*:*:*:*:*
103
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.8.1:rc.1:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:5.8.1:rc.1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.8.1:rc.1:*:*:*:*:*:*
104
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.9.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:5.9.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.9.0:*:*:*:*:*:*:*
105
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.9.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:5.9.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.9.1:*:*:*:*:*:*:*
106
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:npmjs:npm:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:npmjs:npm:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:npmjs:npm:*:*:*:*:*:*:*:*
107
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-3956
reference_id CVE-2016-3956
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-3956
108
reference_url https://github.com/advisories/GHSA-m5h6-hr3q-22h5
reference_id GHSA-m5h6-hr3q-22h5
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-m5h6-hr3q-22h5
109
reference_url https://usn.ubuntu.com/USN-4785-1/
reference_id USN-USN-4785-1
reference_type
scores
url https://usn.ubuntu.com/USN-4785-1/
fixed_packages
0
url pkg:deb/debian/npm@5.8.0%2Bds-2?distro=trixie
purl pkg:deb/debian/npm@5.8.0%2Bds-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@5.8.0%252Bds-2%3Fdistro=trixie
1
url pkg:deb/debian/npm@7.5.2%2Bds-2?distro=trixie
purl pkg:deb/debian/npm@7.5.2%2Bds-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-368z-yjtu-m3hc
1
vulnerability VCID-9vk1-2ysq-3ygd
2
vulnerability VCID-myru-vzn7-u7cf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@7.5.2%252Bds-2%3Fdistro=trixie
2
url pkg:deb/debian/npm@9.2.0~ds1-1?distro=trixie
purl pkg:deb/debian/npm@9.2.0~ds1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@9.2.0~ds1-1%3Fdistro=trixie
3
url pkg:deb/debian/npm@9.2.0~ds1-3?distro=trixie
purl pkg:deb/debian/npm@9.2.0~ds1-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@9.2.0~ds1-3%3Fdistro=trixie
4
url pkg:deb/debian/npm@9.2.0~ds3-1?distro=trixie
purl pkg:deb/debian/npm@9.2.0~ds3-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@9.2.0~ds3-1%3Fdistro=trixie
5
url pkg:deb/debian/npm@11.12.1~ds1-2?distro=trixie
purl pkg:deb/debian/npm@11.12.1~ds1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@11.12.1~ds1-2%3Fdistro=trixie
6
url pkg:deb/debian/npm@11.12.1~ds1-3?distro=trixie
purl pkg:deb/debian/npm@11.12.1~ds1-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@11.12.1~ds1-3%3Fdistro=trixie
7
url pkg:deb/debian/npm@11.12.1~ds1-4?distro=trixie
purl pkg:deb/debian/npm@11.12.1~ds1-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@11.12.1~ds1-4%3Fdistro=trixie
aliases CVE-2016-3956, GHSA-m5h6-hr3q-22h5
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sz3c-y3nq-1qdc
8
url VCID-wb61-6cxb-5kfa
vulnerability_id VCID-wb61-6cxb-5kfa
summary 
npm symlink reference outside of node_modules
Versions of the npm CLI prior to 6.13.3 are vulnerable to a symlink reference outside of node_modules. It is possible for packages to create symlinks to files outside of the`node_modules` folder through the `bin` field upon installation. A properly constructed entry in the package.json bin field would allow a package publisher to create a symlink pointing to arbitrary files on a user’s system when the package is installed. Only files accessible by the user running the `npm install` are affected.  

This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.


## Recommendation

Upgrade to version 6.13.3 or later.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html
1
reference_url https://access.redhat.com/errata/RHEA-2020:0330
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHEA-2020:0330
2
reference_url https://access.redhat.com/errata/RHSA-2020:0573
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0573
3
reference_url https://access.redhat.com/errata/RHSA-2020:0579
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0579
4
reference_url https://access.redhat.com/errata/RHSA-2020:0597
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0597
5
reference_url https://access.redhat.com/errata/RHSA-2020:0602
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0602
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16776.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16776.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-16776
reference_id
reference_type
scores
0
value 0.00783
scoring_system epss
scoring_elements 0.73698
published_at 2026-04-02T12:55:00Z
1
value 0.00783
scoring_system epss
scoring_elements 0.73787
published_at 2026-04-18T12:55:00Z
2
value 0.00783
scoring_system epss
scoring_elements 0.73779
published_at 2026-04-16T12:55:00Z
3
value 0.00783
scoring_system epss
scoring_elements 0.73689
published_at 2026-04-01T12:55:00Z
4
value 0.00783
scoring_system epss
scoring_elements 0.73737
published_at 2026-04-13T12:55:00Z
5
value 0.00783
scoring_system epss
scoring_elements 0.73746
published_at 2026-04-12T12:55:00Z
6
value 0.00783
scoring_system epss
scoring_elements 0.73764
published_at 2026-04-11T12:55:00Z
7
value 0.00783
scoring_system epss
scoring_elements 0.73742
published_at 2026-04-09T12:55:00Z
8
value 0.00783
scoring_system epss
scoring_elements 0.73729
published_at 2026-04-08T12:55:00Z
9
value 0.00783
scoring_system epss
scoring_elements 0.73694
published_at 2026-04-07T12:55:00Z
10
value 0.00783
scoring_system epss
scoring_elements 0.73722
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-16776
8
reference_url https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16776
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16776
10
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
11
reference_url https://github.com/advisories/GHSA-x8qc-rrcw-4r46
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-x8qc-rrcw-4r46
12
reference_url https://github.com/npm/cli/security/advisories/GHSA-x8qc-rrcw-4r46
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/npm/cli/security/advisories/GHSA-x8qc-rrcw-4r46
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP/
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-16776
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-16776
16
reference_url https://www.npmjs.com/advisories/1436
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/1436
17
reference_url https://www.oracle.com/security-alerts/cpujan2020.html
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2020.html
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1788310
reference_id 1788310
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1788310
19
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947127
reference_id 947127
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947127
20
reference_url https://security.archlinux.org/AVG-1082
reference_id AVG-1082
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1082
21
reference_url https://access.redhat.com/errata/RHSA-2020:2625
reference_id RHSA-2020:2625
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2625
fixed_packages
0
url pkg:deb/debian/npm@6.13.4%2Bds-2?distro=trixie
purl pkg:deb/debian/npm@6.13.4%2Bds-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@6.13.4%252Bds-2%3Fdistro=trixie
1
url pkg:deb/debian/npm@7.5.2%2Bds-2?distro=trixie
purl pkg:deb/debian/npm@7.5.2%2Bds-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-368z-yjtu-m3hc
1
vulnerability VCID-9vk1-2ysq-3ygd
2
vulnerability VCID-myru-vzn7-u7cf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@7.5.2%252Bds-2%3Fdistro=trixie
2
url pkg:deb/debian/npm@9.2.0~ds1-1?distro=trixie
purl pkg:deb/debian/npm@9.2.0~ds1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@9.2.0~ds1-1%3Fdistro=trixie
3
url pkg:deb/debian/npm@9.2.0~ds1-3?distro=trixie
purl pkg:deb/debian/npm@9.2.0~ds1-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@9.2.0~ds1-3%3Fdistro=trixie
4
url pkg:deb/debian/npm@9.2.0~ds3-1?distro=trixie
purl pkg:deb/debian/npm@9.2.0~ds3-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@9.2.0~ds3-1%3Fdistro=trixie
5
url pkg:deb/debian/npm@11.12.1~ds1-2?distro=trixie
purl pkg:deb/debian/npm@11.12.1~ds1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@11.12.1~ds1-2%3Fdistro=trixie
6
url pkg:deb/debian/npm@11.12.1~ds1-3?distro=trixie
purl pkg:deb/debian/npm@11.12.1~ds1-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@11.12.1~ds1-3%3Fdistro=trixie
7
url pkg:deb/debian/npm@11.12.1~ds1-4?distro=trixie
purl pkg:deb/debian/npm@11.12.1~ds1-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@11.12.1~ds1-4%3Fdistro=trixie
aliases CVE-2019-16776, GHSA-x8qc-rrcw-4r46
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wb61-6cxb-5kfa
9
url VCID-xja2-hbkk-cyc7
vulnerability_id VCID-xja2-hbkk-cyc7
summary 
npm Vulnerable to Global node_modules Binary Overwrite
Versions of  the npm CLI prior to 6.13.4 are vulnerable to a Global node_modules Binary Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. 

For example, if a package was installed globally and created a `serve` binary, any subsequent installs of packages that also create a `serve` binary would overwrite the first binary. This will not overwrite system binaries but only binaries put into the global node_modules directory.

This behavior is still allowed in local installations and also through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.


## Recommendation

Upgrade to version 6.13.4 or later.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html
1
reference_url https://access.redhat.com/errata/RHEA-2020:0330
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHEA-2020:0330
2
reference_url https://access.redhat.com/errata/RHSA-2020:0573
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0573
3
reference_url https://access.redhat.com/errata/RHSA-2020:0579
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0579
4
reference_url https://access.redhat.com/errata/RHSA-2020:0597
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0597
5
reference_url https://access.redhat.com/errata/RHSA-2020:0602
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0602
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16777.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16777.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-16777
reference_id
reference_type
scores
0
value 0.00334
scoring_system epss
scoring_elements 0.56299
published_at 2026-04-11T12:55:00Z
1
value 0.00334
scoring_system epss
scoring_elements 0.56274
published_at 2026-04-12T12:55:00Z
2
value 0.00334
scoring_system epss
scoring_elements 0.56283
published_at 2026-04-08T12:55:00Z
3
value 0.00334
scoring_system epss
scoring_elements 0.56288
published_at 2026-04-16T12:55:00Z
4
value 0.00334
scoring_system epss
scoring_elements 0.56231
published_at 2026-04-07T12:55:00Z
5
value 0.00334
scoring_system epss
scoring_elements 0.56251
published_at 2026-04-04T12:55:00Z
6
value 0.00334
scoring_system epss
scoring_elements 0.56232
published_at 2026-04-02T12:55:00Z
7
value 0.00334
scoring_system epss
scoring_elements 0.56121
published_at 2026-04-01T12:55:00Z
8
value 0.00334
scoring_system epss
scoring_elements 0.56256
published_at 2026-04-13T12:55:00Z
9
value 0.00334
scoring_system epss
scoring_elements 0.56289
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-16777
8
reference_url https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16777
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16777
10
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
11
reference_url https://github.com/advisories/GHSA-4328-8hgf-7wjr
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-4328-8hgf-7wjr
12
reference_url https://github.com/npm/cli
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/npm/cli
13
reference_url https://github.com/npm/cli/security/advisories/GHSA-4328-8hgf-7wjr
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/npm/cli/security/advisories/GHSA-4328-8hgf-7wjr
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP/
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-16777
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-16777
17
reference_url https://security.gentoo.org/glsa/202003-48
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202003-48
18
reference_url https://www.npmjs.com/advisories/1437
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/1437
19
reference_url https://www.oracle.com/security-alerts/cpujan2020.html
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2020.html
20
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1788301
reference_id 1788301
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1788301
21
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947127
reference_id 947127
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947127
22
reference_url https://security.archlinux.org/AVG-1082
reference_id AVG-1082
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1082
23
reference_url https://access.redhat.com/errata/RHSA-2020:2625
reference_id RHSA-2020:2625
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2625
fixed_packages
0
url pkg:deb/debian/npm@6.13.4%2Bds-2?distro=trixie
purl pkg:deb/debian/npm@6.13.4%2Bds-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@6.13.4%252Bds-2%3Fdistro=trixie
1
url pkg:deb/debian/npm@7.5.2%2Bds-2?distro=trixie
purl pkg:deb/debian/npm@7.5.2%2Bds-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-368z-yjtu-m3hc
1
vulnerability VCID-9vk1-2ysq-3ygd
2
vulnerability VCID-myru-vzn7-u7cf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@7.5.2%252Bds-2%3Fdistro=trixie
2
url pkg:deb/debian/npm@9.2.0~ds1-1?distro=trixie
purl pkg:deb/debian/npm@9.2.0~ds1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@9.2.0~ds1-1%3Fdistro=trixie
3
url pkg:deb/debian/npm@9.2.0~ds1-3?distro=trixie
purl pkg:deb/debian/npm@9.2.0~ds1-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@9.2.0~ds1-3%3Fdistro=trixie
4
url pkg:deb/debian/npm@9.2.0~ds3-1?distro=trixie
purl pkg:deb/debian/npm@9.2.0~ds3-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@9.2.0~ds3-1%3Fdistro=trixie
5
url pkg:deb/debian/npm@11.12.1~ds1-2?distro=trixie
purl pkg:deb/debian/npm@11.12.1~ds1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@11.12.1~ds1-2%3Fdistro=trixie
6
url pkg:deb/debian/npm@11.12.1~ds1-3?distro=trixie
purl pkg:deb/debian/npm@11.12.1~ds1-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@11.12.1~ds1-3%3Fdistro=trixie
7
url pkg:deb/debian/npm@11.12.1~ds1-4?distro=trixie
purl pkg:deb/debian/npm@11.12.1~ds1-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@11.12.1~ds1-4%3Fdistro=trixie
aliases CVE-2019-16777, GHSA-4328-8hgf-7wjr
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xja2-hbkk-cyc7
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@11.12.1~ds1-2%3Fdistro=trixie