Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/svelte@5.55.0
Typenpm
Namespace
Namesvelte
Version5.55.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.55.7
Latest_non_vulnerable_version5.55.7
Affected_by_vulnerabilities
0
url VCID-3338-judc-5ke1
vulnerability_id VCID-3338-judc-5ke1
summary Svelte is a performance oriented web framework. Prior to version 5.55.7, Svelte was vulnerable to DOM clobbering of its internal framework state on elements, potentially leading to XSS attacks. This issue has been patched in version 5.55.7.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-42573
reference_id
reference_type
scores
0
value 0.0003
scoring_system epss
scoring_elements 0.09141
published_at 2026-06-13T12:55:00Z
1
value 0.0003
scoring_system epss
scoring_elements 0.09128
published_at 2026-06-14T12:55:00Z
2
value 0.0003
scoring_system epss
scoring_elements 0.0914
published_at 2026-06-12T12:55:00Z
3
value 0.00047
scoring_system epss
scoring_elements 0.14874
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-42573
1
reference_url https://github.com/sveltejs/svelte
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sveltejs/svelte
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-42573
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-42573
3
reference_url https://github.com/advisories/GHSA-rcqx-6q8c-2c42
reference_id GHSA-rcqx-6q8c-2c42
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rcqx-6q8c-2c42
4
reference_url https://github.com/sveltejs/svelte/security/advisories/GHSA-rcqx-6q8c-2c42
reference_id GHSA-rcqx-6q8c-2c42
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-09T18:25:38Z/
url https://github.com/sveltejs/svelte/security/advisories/GHSA-rcqx-6q8c-2c42
5
reference_url https://github.com/sveltejs/svelte/releases/tag/svelte%405.55.7
reference_id svelte%405.55.7
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-09T18:25:38Z/
url https://github.com/sveltejs/svelte/releases/tag/svelte%405.55.7
fixed_packages
0
url pkg:npm/svelte@5.55.7
purl pkg:npm/svelte@5.55.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/svelte@5.55.7
aliases CVE-2026-42573, GHSA-rcqx-6q8c-2c42
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3338-judc-5ke1
1
url VCID-cxqy-4aua-v3bt
vulnerability_id VCID-cxqy-4aua-v3bt
summary 
Svelte: SSR XSS via Insecure Promise Serialization in hydratable
Contents of `hydratable` promises were not properly stringified, potentially leading to an XSS exploit. You are vulnerable if all of the following is true:
- you are using `hydratable` (an experimental feature at the time of this report)
- you are passing attacker-controlled input such that a synchronous value is hydrated, then a promise value, e.g. `hydratable('someKey', () => [synchronousValue, promiseValue])`
references
0
reference_url http://github.com/sveltejs/svelte/releases/tag/svelte%405.55.7
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://github.com/sveltejs/svelte/releases/tag/svelte%405.55.7
1
reference_url https://github.com/sveltejs/svelte
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sveltejs/svelte
2
reference_url https://github.com/sveltejs/svelte/commit/a16ebc67bbcf8f708360195687e1b2719463e1a4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sveltejs/svelte/commit/a16ebc67bbcf8f708360195687e1b2719463e1a4
3
reference_url https://github.com/sveltejs/svelte/security/advisories/GHSA-f3cj-j4f6-wq85
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sveltejs/svelte/security/advisories/GHSA-f3cj-j4f6-wq85
4
reference_url https://github.com/advisories/GHSA-f3cj-j4f6-wq85
reference_id GHSA-f3cj-j4f6-wq85
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f3cj-j4f6-wq85
fixed_packages
0
url pkg:npm/svelte@5.55.7
purl pkg:npm/svelte@5.55.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/svelte@5.55.7
aliases GHSA-f3cj-j4f6-wq85
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cxqy-4aua-v3bt
2
url VCID-vbz4-avaq-7kh6
vulnerability_id VCID-vbz4-avaq-7kh6
summary Svelte is a performance oriented web framework. Prior to version 5.55.7, when using spread syntax to render attributes from untrusted data, event handler properties are included in the rendered HTML output. If an application spreads user-controlled or external data as element attributes, an attacker can inject malicious event handlers that execute in victims' browsers. Note that this vulnerability only triggers if the user's browser has JavaScript enabled but Svelte's hydration mechanism does not reach the vulnerable element before the event fires. This issue has been patched in version 5.55.7.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42599.json
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42599.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-42599
reference_id
reference_type
scores
0
value 0.00034
scoring_system epss
scoring_elements 0.10437
published_at 2026-06-14T12:55:00Z
1
value 0.00034
scoring_system epss
scoring_elements 0.10463
published_at 2026-06-13T12:55:00Z
2
value 0.00034
scoring_system epss
scoring_elements 0.1046
published_at 2026-06-12T12:55:00Z
3
value 0.00043
scoring_system epss
scoring_elements 0.13638
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-42599
2
reference_url https://github.com/sveltejs/svelte
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sveltejs/svelte
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-42599
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-42599
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2487076
reference_id 2487076
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2487076
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-27121
reference_id CVE-2026-27121
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-27121
6
reference_url https://github.com/advisories/GHSA-pr6f-5x2q-rwfp
reference_id GHSA-pr6f-5x2q-rwfp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pr6f-5x2q-rwfp
7
reference_url https://github.com/sveltejs/svelte/security/advisories/GHSA-pr6f-5x2q-rwfp
reference_id GHSA-pr6f-5x2q-rwfp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-09T18:28:29Z/
url https://github.com/sveltejs/svelte/security/advisories/GHSA-pr6f-5x2q-rwfp
8
reference_url https://github.com/sveltejs/svelte/releases/tag/svelte%405.55.7
reference_id svelte%405.55.7
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-09T18:28:29Z/
url https://github.com/sveltejs/svelte/releases/tag/svelte%405.55.7
fixed_packages
0
url pkg:npm/svelte@5.55.7
purl pkg:npm/svelte@5.55.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/svelte@5.55.7
aliases CVE-2026-42599, GHSA-pr6f-5x2q-rwfp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vbz4-avaq-7kh6
3
url VCID-ycam-n781-gkf8
vulnerability_id VCID-ycam-n781-gkf8
summary Svelte is a performance oriented web framework. From version 5.51.5 to before version 5.55.7, an internal regex in the Svelte runtime can take exponential time to test in <svelte:element this={tag}></svelte:element>. This issue has been patched in version 5.55.7.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42567.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42567.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-42567
reference_id
reference_type
scores
0
value 0.00039
scoring_system epss
scoring_elements 0.11899
published_at 2026-06-11T12:55:00Z
1
value 0.00047
scoring_system epss
scoring_elements 0.15271
published_at 2026-06-13T12:55:00Z
2
value 0.00047
scoring_system epss
scoring_elements 0.15236
published_at 2026-06-14T12:55:00Z
3
value 0.00047
scoring_system epss
scoring_elements 0.15266
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-42567
2
reference_url https://github.com/sveltejs/svelte
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sveltejs/svelte
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-42567
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-42567
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2487114
reference_id 2487114
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2487114
5
reference_url https://github.com/advisories/GHSA-9rmh-mm8f-r9h6
reference_id GHSA-9rmh-mm8f-r9h6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9rmh-mm8f-r9h6
6
reference_url https://github.com/sveltejs/svelte/security/advisories/GHSA-9rmh-mm8f-r9h6
reference_id GHSA-9rmh-mm8f-r9h6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-09T18:09:08Z/
url https://github.com/sveltejs/svelte/security/advisories/GHSA-9rmh-mm8f-r9h6
7
reference_url https://github.com/sveltejs/svelte/releases/tag/svelte%405.55.7
reference_id svelte%405.55.7
reference_type
scores
0
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-09T18:09:08Z/
url https://github.com/sveltejs/svelte/releases/tag/svelte%405.55.7
fixed_packages
0
url pkg:npm/svelte@5.55.7
purl pkg:npm/svelte@5.55.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/svelte@5.55.7
aliases CVE-2026-42567, GHSA-9rmh-mm8f-r9h6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ycam-n781-gkf8
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/svelte@5.55.0