Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:rpm/redhat/nodejs@0.10.47-2?arch=el7

Type rpm

Namespace redhat

Name nodejs

Version 0.10.47-2

Qualifiers

arch	el7

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-atyy-fepb-6yge

vulnerability_id

VCID-atyy-fepb-6yge

summary

Multiple vulnerabilities have been found in Node.js, the worst of
    which can allow remote attackers to cause Denial of Service conditions.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5325.json

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5325.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-5325

reference_id

reference_type

scores

value	0.00985
scoring_system	epss
scoring_elements	0.76765
published_at	2026-04-01T12:55:00Z

value	0.00985
scoring_system	epss
scoring_elements	0.76769
published_at	2026-04-02T12:55:00Z

value	0.00985
scoring_system	epss
scoring_elements	0.76798
published_at	2026-04-04T12:55:00Z

value	0.00985
scoring_system	epss
scoring_elements	0.76779
published_at	2026-04-07T12:55:00Z

value	0.00985
scoring_system	epss
scoring_elements	0.7681
published_at	2026-04-08T12:55:00Z

value	0.00985
scoring_system	epss
scoring_elements	0.7682
published_at	2026-04-09T12:55:00Z

value	0.00985
scoring_system	epss
scoring_elements	0.76849
published_at	2026-04-11T12:55:00Z

value	0.00985
scoring_system	epss
scoring_elements	0.76829
published_at	2026-04-12T12:55:00Z

value	0.00985
scoring_system	epss
scoring_elements	0.76822
published_at	2026-04-13T12:55:00Z

value	0.00985
scoring_system	epss
scoring_elements	0.76865
published_at	2026-04-16T12:55:00Z

value	0.00985
scoring_system	epss
scoring_elements	0.76871
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-5325

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5325
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5325

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:P/I:P/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1346910
reference_id	1346910
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1346910

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839714
reference_id	839714
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839714

reference_url	https://security.gentoo.org/glsa/201612-43
reference_id	GLSA-201612-43
reference_type
scores
url	https://security.gentoo.org/glsa/201612-43

reference_url	https://access.redhat.com/errata/RHSA-2017:0002
reference_id	RHSA-2017:0002
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0002

fixed_packages

aliases

CVE-2016-5325

risk_score

2.1

exploitability

0.5

weighted_severity

4.3

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-atyy-fepb-6yge

url

VCID-gcrq-1at1-bygq

vulnerability_id

VCID-gcrq-1at1-bygq

summary

Improper Input Validation
NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsing vulnerability in HTTP request Cookie Header parsing that can result in Denial of Service. This attack appear to be exploitable via Custom HTTP header passed by client. This vulnerability appears to have been fixed in 2.3.0.

references

reference_url

https://access.redhat.com/errata/RHSA-2016:2101

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2016:2101

reference_url

https://access.redhat.com/errata/RHSA-2017:2912

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2017:2912

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000232.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000232.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-1000232

reference_id

reference_type

scores

value	0.00921
scoring_system	epss
scoring_elements	0.75909
published_at	2026-04-01T12:55:00Z

value	0.00921
scoring_system	epss
scoring_elements	0.76006
published_at	2026-04-18T12:55:00Z

value	0.00921
scoring_system	epss
scoring_elements	0.76003
published_at	2026-04-16T12:55:00Z

value	0.00921
scoring_system	epss
scoring_elements	0.75964
published_at	2026-04-13T12:55:00Z

value	0.00921
scoring_system	epss
scoring_elements	0.75971
published_at	2026-04-12T12:55:00Z

value	0.00921
scoring_system	epss
scoring_elements	0.75994
published_at	2026-04-11T12:55:00Z

value	0.00921
scoring_system	epss
scoring_elements	0.7597
published_at	2026-04-09T12:55:00Z

value	0.00921
scoring_system	epss
scoring_elements	0.75956
published_at	2026-04-08T12:55:00Z

value	0.00921
scoring_system	epss
scoring_elements	0.75923
published_at	2026-04-07T12:55:00Z

value	0.00921
scoring_system	epss
scoring_elements	0.75945
published_at	2026-04-04T12:55:00Z

value	0.00921
scoring_system	epss
scoring_elements	0.75913
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-1000232

reference_url

https://github.com/salesforce/tough-cookie

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/salesforce/tough-cookie

reference_url

https://github.com/salesforce/tough-cookie/commit/615627206357d997d5e6ff9da158997de05235ae

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/salesforce/tough-cookie/commit/615627206357d997d5e6ff9da158997de05235ae

reference_url

https://github.com/salesforce/tough-cookie/commit/e4fc2e0f9ee1b7a818d68f0ac7ea696f377b1534

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/salesforce/tough-cookie/commit/e4fc2e0f9ee1b7a818d68f0ac7ea696f377b1534

reference_url

https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-affected-by-node-js-tough-cookie-module-vulnerability-to-a-denial-of-service-cve-2016-1000232

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-affected-by-node-js-tough-cookie-module-vulnerability-to-a-denial-of-service-cve-2016-1000232

reference_url	https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-affected-by-node-js-tough-cookie-module-vulnerability-to-a-denial-of-service-cve-2016-1000232/
reference_id
reference_type
scores
url	https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-affected-by-node-js-tough-cookie-module-vulnerability-to-a-denial-of-service-cve-2016-1000232/

reference_url

https://www.npmjs.com/advisories/130

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.npmjs.com/advisories/130

reference_url

https://github.com/nodejs/security-wg/blob/main/vuln/npm/130.json

reference_id

130

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

url

https://github.com/nodejs/security-wg/blob/main/vuln/npm/130.json

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1359818
reference_id	1359818
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1359818

reference_url

https://access.redhat.com/security/cve/cve-2016-1000232

reference_id

CVE-2016-1000232

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/cve-2016-1000232

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-1000232

reference_id

CVE-2016-1000232

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-1000232

reference_url

https://github.com/advisories/GHSA-qhv9-728r-6jqg

reference_id

GHSA-qhv9-728r-6jqg

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-qhv9-728r-6jqg

fixed_packages

aliases

CVE-2016-1000232, GHSA-qhv9-728r-6jqg

risk_score

3.4

exploitability

0.5

weighted_severity

6.8

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-gcrq-1at1-bygq

Fixing_vulnerabilities

Risk_score 3.4

Resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/nodejs@0.10.47-2%3Farch=el7

Package Instance