Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/rh-nodejs10-nodejs@10.19.0-1?arch=el7
Typerpm
Namespaceredhat
Namerh-nodejs10-nodejs
Version10.19.0-1
Qualifiers
arch el7
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-4dhf-bpv6-a3e1
vulnerability_id VCID-4dhf-bpv6-a3e1
summary 
Multiple vulnerabilities have been found in Node.js, worst of which
    could allow remote attackers to write arbitrary files.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15604.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15604.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-15604
reference_id
reference_type
scores
0
value 0.03533
scoring_system epss
scoring_elements 0.87611
published_at 2026-04-01T12:55:00Z
1
value 0.03533
scoring_system epss
scoring_elements 0.87621
published_at 2026-04-02T12:55:00Z
2
value 0.03533
scoring_system epss
scoring_elements 0.87634
published_at 2026-04-04T12:55:00Z
3
value 0.03533
scoring_system epss
scoring_elements 0.87636
published_at 2026-04-07T12:55:00Z
4
value 0.03533
scoring_system epss
scoring_elements 0.87656
published_at 2026-04-08T12:55:00Z
5
value 0.03533
scoring_system epss
scoring_elements 0.87662
published_at 2026-04-09T12:55:00Z
6
value 0.03533
scoring_system epss
scoring_elements 0.87673
published_at 2026-04-11T12:55:00Z
7
value 0.03533
scoring_system epss
scoring_elements 0.87669
published_at 2026-04-12T12:55:00Z
8
value 0.03533
scoring_system epss
scoring_elements 0.87666
published_at 2026-04-13T12:55:00Z
9
value 0.03533
scoring_system epss
scoring_elements 0.87681
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-15604
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1800367
reference_id 1800367
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1800367
9
reference_url https://access.redhat.com/errata/RHSA-2020:0598
reference_id RHSA-2020:0598
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0598
10
reference_url https://usn.ubuntu.com/6380-1/
reference_id USN-6380-1
reference_type
scores
url https://usn.ubuntu.com/6380-1/
fixed_packages
aliases CVE-2019-15604
risk_score 2.6
exploitability 0.5
weighted_severity 5.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4dhf-bpv6-a3e1
1
url VCID-k3gg-stck-7ydy
vulnerability_id VCID-k3gg-stck-7ydy
summary 
Arbitrary File Write in npm
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to create files on a user's system when the package is installed. It is only possible to affect files that the user running `npm install` has access to and it is not possible to over write files that already exist on disk.

This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.


## Recommendation

Upgrade to version 6.13.3 or later.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html
1
reference_url https://access.redhat.com/errata/RHEA-2020:0330
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHEA-2020:0330
2
reference_url https://access.redhat.com/errata/RHSA-2020:0573
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0573
3
reference_url https://access.redhat.com/errata/RHSA-2020:0579
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0579
4
reference_url https://access.redhat.com/errata/RHSA-2020:0597
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0597
5
reference_url https://access.redhat.com/errata/RHSA-2020:0602
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0602
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16775.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16775.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-16775
reference_id
reference_type
scores
0
value 0.00684
scoring_system epss
scoring_elements 0.71694
published_at 2026-04-16T12:55:00Z
1
value 0.00684
scoring_system epss
scoring_elements 0.71614
published_at 2026-04-01T12:55:00Z
2
value 0.00684
scoring_system epss
scoring_elements 0.7162
published_at 2026-04-02T12:55:00Z
3
value 0.00684
scoring_system epss
scoring_elements 0.71638
published_at 2026-04-04T12:55:00Z
4
value 0.00684
scoring_system epss
scoring_elements 0.71611
published_at 2026-04-07T12:55:00Z
5
value 0.00684
scoring_system epss
scoring_elements 0.71651
published_at 2026-04-08T12:55:00Z
6
value 0.00684
scoring_system epss
scoring_elements 0.71662
published_at 2026-04-09T12:55:00Z
7
value 0.00684
scoring_system epss
scoring_elements 0.71685
published_at 2026-04-11T12:55:00Z
8
value 0.00684
scoring_system epss
scoring_elements 0.71668
published_at 2026-04-12T12:55:00Z
9
value 0.00684
scoring_system epss
scoring_elements 0.7165
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-16775
8
reference_url https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16775
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16775
10
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
11
reference_url https://github.com/advisories/GHSA-m6cx-g6qm-p2cx
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-m6cx-g6qm-p2cx
12
reference_url https://github.com/npm/cli
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/npm/cli
13
reference_url https://github.com/npm/cli/security/advisories/GHSA-m6cx-g6qm-p2cx
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/npm/cli/security/advisories/GHSA-m6cx-g6qm-p2cx
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP/
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-16775
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-16775
17
reference_url https://www.npmjs.com/advisories/1434
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/1434
18
reference_url https://www.oracle.com/security-alerts/cpujan2020.html
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2020.html
19
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
20
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1788305
reference_id 1788305
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1788305
21
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947127
reference_id 947127
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947127
22
reference_url https://security.archlinux.org/AVG-1082
reference_id AVG-1082
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1082
23
reference_url https://access.redhat.com/errata/RHSA-2020:2625
reference_id RHSA-2020:2625
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2625
fixed_packages
aliases CVE-2019-16775, GHSA-m6cx-g6qm-p2cx
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k3gg-stck-7ydy
2
url VCID-ke6j-fgys-gyga
vulnerability_id VCID-ke6j-fgys-gyga
summary 
Multiple vulnerabilities have been found in Node.js, worst of which
    could allow remote attackers to write arbitrary files.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15605.json
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15605.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-15605
reference_id
reference_type
scores
0
value 0.32252
scoring_system epss
scoring_elements 0.96807
published_at 2026-04-01T12:55:00Z
1
value 0.32252
scoring_system epss
scoring_elements 0.96815
published_at 2026-04-02T12:55:00Z
2
value 0.32252
scoring_system epss
scoring_elements 0.96816
published_at 2026-04-04T12:55:00Z
3
value 0.32252
scoring_system epss
scoring_elements 0.9682
published_at 2026-04-07T12:55:00Z
4
value 0.32252
scoring_system epss
scoring_elements 0.96828
published_at 2026-04-08T12:55:00Z
5
value 0.32252
scoring_system epss
scoring_elements 0.9683
published_at 2026-04-09T12:55:00Z
6
value 0.32252
scoring_system epss
scoring_elements 0.96832
published_at 2026-04-12T12:55:00Z
7
value 0.32252
scoring_system epss
scoring_elements 0.96834
published_at 2026-04-13T12:55:00Z
8
value 0.32252
scoring_system epss
scoring_elements 0.9684
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-15605
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514
8
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1800364
reference_id 1800364
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1800364
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977467
reference_id 977467
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977467
11
reference_url https://access.redhat.com/errata/RHSA-2020:0598
reference_id RHSA-2020:0598
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0598
12
reference_url https://access.redhat.com/errata/RHSA-2020:0703
reference_id RHSA-2020:0703
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0703
13
reference_url https://access.redhat.com/errata/RHSA-2020:0707
reference_id RHSA-2020:0707
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0707
14
reference_url https://access.redhat.com/errata/RHSA-2020:0708
reference_id RHSA-2020:0708
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0708
15
reference_url https://access.redhat.com/errata/RHSA-2020:1510
reference_id RHSA-2020:1510
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1510
16
reference_url https://usn.ubuntu.com/6380-1/
reference_id USN-6380-1
reference_type
scores
url https://usn.ubuntu.com/6380-1/
fixed_packages
aliases CVE-2019-15605
risk_score 3.2
exploitability 0.5
weighted_severity 6.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ke6j-fgys-gyga
3
url VCID-wb61-6cxb-5kfa
vulnerability_id VCID-wb61-6cxb-5kfa
summary 
npm symlink reference outside of node_modules
Versions of the npm CLI prior to 6.13.3 are vulnerable to a symlink reference outside of node_modules. It is possible for packages to create symlinks to files outside of the`node_modules` folder through the `bin` field upon installation. A properly constructed entry in the package.json bin field would allow a package publisher to create a symlink pointing to arbitrary files on a user’s system when the package is installed. Only files accessible by the user running the `npm install` are affected.  

This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.


## Recommendation

Upgrade to version 6.13.3 or later.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html
1
reference_url https://access.redhat.com/errata/RHEA-2020:0330
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHEA-2020:0330
2
reference_url https://access.redhat.com/errata/RHSA-2020:0573
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0573
3
reference_url https://access.redhat.com/errata/RHSA-2020:0579
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0579
4
reference_url https://access.redhat.com/errata/RHSA-2020:0597
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0597
5
reference_url https://access.redhat.com/errata/RHSA-2020:0602
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0602
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16776.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16776.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-16776
reference_id
reference_type
scores
0
value 0.00783
scoring_system epss
scoring_elements 0.73779
published_at 2026-04-16T12:55:00Z
1
value 0.00783
scoring_system epss
scoring_elements 0.73689
published_at 2026-04-01T12:55:00Z
2
value 0.00783
scoring_system epss
scoring_elements 0.73698
published_at 2026-04-02T12:55:00Z
3
value 0.00783
scoring_system epss
scoring_elements 0.73722
published_at 2026-04-04T12:55:00Z
4
value 0.00783
scoring_system epss
scoring_elements 0.73694
published_at 2026-04-07T12:55:00Z
5
value 0.00783
scoring_system epss
scoring_elements 0.73729
published_at 2026-04-08T12:55:00Z
6
value 0.00783
scoring_system epss
scoring_elements 0.73742
published_at 2026-04-09T12:55:00Z
7
value 0.00783
scoring_system epss
scoring_elements 0.73764
published_at 2026-04-11T12:55:00Z
8
value 0.00783
scoring_system epss
scoring_elements 0.73746
published_at 2026-04-12T12:55:00Z
9
value 0.00783
scoring_system epss
scoring_elements 0.73737
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-16776
8
reference_url https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16776
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16776
10
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
11
reference_url https://github.com/advisories/GHSA-x8qc-rrcw-4r46
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-x8qc-rrcw-4r46
12
reference_url https://github.com/npm/cli/security/advisories/GHSA-x8qc-rrcw-4r46
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/npm/cli/security/advisories/GHSA-x8qc-rrcw-4r46
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP/
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-16776
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-16776
16
reference_url https://www.npmjs.com/advisories/1436
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/1436
17
reference_url https://www.oracle.com/security-alerts/cpujan2020.html
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2020.html
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1788310
reference_id 1788310
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1788310
19
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947127
reference_id 947127
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947127
20
reference_url https://security.archlinux.org/AVG-1082
reference_id AVG-1082
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1082
21
reference_url https://access.redhat.com/errata/RHSA-2020:2625
reference_id RHSA-2020:2625
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2625
fixed_packages
aliases CVE-2019-16776, GHSA-x8qc-rrcw-4r46
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wb61-6cxb-5kfa
4
url VCID-wpfq-sq11-fqa9
vulnerability_id VCID-wpfq-sq11-fqa9
summary 
Multiple vulnerabilities have been found in Node.js, worst of which
    could allow remote attackers to write arbitrary files.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15606.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15606.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-15606
reference_id
reference_type
scores
0
value 0.01338
scoring_system epss
scoring_elements 0.79948
published_at 2026-04-01T12:55:00Z
1
value 0.01338
scoring_system epss
scoring_elements 0.79955
published_at 2026-04-02T12:55:00Z
2
value 0.01338
scoring_system epss
scoring_elements 0.79976
published_at 2026-04-04T12:55:00Z
3
value 0.01338
scoring_system epss
scoring_elements 0.79965
published_at 2026-04-07T12:55:00Z
4
value 0.01338
scoring_system epss
scoring_elements 0.79993
published_at 2026-04-08T12:55:00Z
5
value 0.01338
scoring_system epss
scoring_elements 0.80002
published_at 2026-04-09T12:55:00Z
6
value 0.01338
scoring_system epss
scoring_elements 0.80022
published_at 2026-04-11T12:55:00Z
7
value 0.01338
scoring_system epss
scoring_elements 0.80006
published_at 2026-04-12T12:55:00Z
8
value 0.01338
scoring_system epss
scoring_elements 0.79998
published_at 2026-04-13T12:55:00Z
9
value 0.01338
scoring_system epss
scoring_elements 0.80027
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-15606
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514
8
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1800366
reference_id 1800366
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1800366
10
reference_url https://access.redhat.com/errata/RHSA-2020:0598
reference_id RHSA-2020:0598
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0598
11
reference_url https://usn.ubuntu.com/6380-1/
reference_id USN-6380-1
reference_type
scores
url https://usn.ubuntu.com/6380-1/
fixed_packages
aliases CVE-2019-15606
risk_score 2.1
exploitability 0.5
weighted_severity 4.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wpfq-sq11-fqa9
5
url VCID-xja2-hbkk-cyc7
vulnerability_id VCID-xja2-hbkk-cyc7
summary 
npm Vulnerable to Global node_modules Binary Overwrite
Versions of  the npm CLI prior to 6.13.4 are vulnerable to a Global node_modules Binary Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. 

For example, if a package was installed globally and created a `serve` binary, any subsequent installs of packages that also create a `serve` binary would overwrite the first binary. This will not overwrite system binaries but only binaries put into the global node_modules directory.

This behavior is still allowed in local installations and also through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.


## Recommendation

Upgrade to version 6.13.4 or later.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html
1
reference_url https://access.redhat.com/errata/RHEA-2020:0330
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHEA-2020:0330
2
reference_url https://access.redhat.com/errata/RHSA-2020:0573
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0573
3
reference_url https://access.redhat.com/errata/RHSA-2020:0579
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0579
4
reference_url https://access.redhat.com/errata/RHSA-2020:0597
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0597
5
reference_url https://access.redhat.com/errata/RHSA-2020:0602
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0602
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16777.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16777.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-16777
reference_id
reference_type
scores
0
value 0.00334
scoring_system epss
scoring_elements 0.56256
published_at 2026-04-13T12:55:00Z
1
value 0.00334
scoring_system epss
scoring_elements 0.56299
published_at 2026-04-11T12:55:00Z
2
value 0.00334
scoring_system epss
scoring_elements 0.56288
published_at 2026-04-16T12:55:00Z
3
value 0.00334
scoring_system epss
scoring_elements 0.56283
published_at 2026-04-08T12:55:00Z
4
value 0.00334
scoring_system epss
scoring_elements 0.56231
published_at 2026-04-07T12:55:00Z
5
value 0.00334
scoring_system epss
scoring_elements 0.56251
published_at 2026-04-04T12:55:00Z
6
value 0.00334
scoring_system epss
scoring_elements 0.56232
published_at 2026-04-02T12:55:00Z
7
value 0.00334
scoring_system epss
scoring_elements 0.56121
published_at 2026-04-01T12:55:00Z
8
value 0.00334
scoring_system epss
scoring_elements 0.56274
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-16777
8
reference_url https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16777
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16777
10
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
11
reference_url https://github.com/advisories/GHSA-4328-8hgf-7wjr
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-4328-8hgf-7wjr
12
reference_url https://github.com/npm/cli
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/npm/cli
13
reference_url https://github.com/npm/cli/security/advisories/GHSA-4328-8hgf-7wjr
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/npm/cli/security/advisories/GHSA-4328-8hgf-7wjr
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP/
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-16777
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-16777
17
reference_url https://security.gentoo.org/glsa/202003-48
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202003-48
18
reference_url https://www.npmjs.com/advisories/1437
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/1437
19
reference_url https://www.oracle.com/security-alerts/cpujan2020.html
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2020.html
20
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1788301
reference_id 1788301
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1788301
21
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947127
reference_id 947127
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947127
22
reference_url https://security.archlinux.org/AVG-1082
reference_id AVG-1082
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1082
23
reference_url https://access.redhat.com/errata/RHSA-2020:2625
reference_id RHSA-2020:2625
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2625
fixed_packages
aliases CVE-2019-16777, GHSA-4328-8hgf-7wjr
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xja2-hbkk-cyc7
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-nodejs10-nodejs@10.19.0-1%3Farch=el7