Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/npm@2.14.20
Typenpm
Namespace
Namenpm
Version2.14.20
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-e2wc-na6c-c3cr
vulnerability_id VCID-e2wc-na6c-c3cr
summary 
npm CLI exposing sensitive information through logs
Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like `<protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>`. The password value is not redacted and is printed to stdout and also to any generated log files.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00011.html
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00011.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00015.html
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00015.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00023.html
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00023.html
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15095.json
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15095.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-15095
reference_id
reference_type
scores
0
value 0.001
scoring_system epss
scoring_elements 0.27712
published_at 2026-04-16T12:55:00Z
1
value 0.001
scoring_system epss
scoring_elements 0.27803
published_at 2026-04-01T12:55:00Z
2
value 0.001
scoring_system epss
scoring_elements 0.27853
published_at 2026-04-02T12:55:00Z
3
value 0.001
scoring_system epss
scoring_elements 0.27894
published_at 2026-04-04T12:55:00Z
4
value 0.001
scoring_system epss
scoring_elements 0.27685
published_at 2026-04-07T12:55:00Z
5
value 0.001
scoring_system epss
scoring_elements 0.27753
published_at 2026-04-08T12:55:00Z
6
value 0.001
scoring_system epss
scoring_elements 0.27796
published_at 2026-04-09T12:55:00Z
7
value 0.001
scoring_system epss
scoring_elements 0.27802
published_at 2026-04-11T12:55:00Z
8
value 0.001
scoring_system epss
scoring_elements 0.2776
published_at 2026-04-12T12:55:00Z
9
value 0.001
scoring_system epss
scoring_elements 0.27702
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-15095
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15095
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15095
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://github.com/npm/cli/blob/66aab417f836a901f8afb265251f761bb0422463/CHANGELOG.md#6146-2020-07-07
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/npm/cli/blob/66aab417f836a901f8afb265251f761bb0422463/CHANGELOG.md#6146-2020-07-07
8
reference_url https://github.com/npm/cli/commit/a9857b8f6869451ff058789c4631fadfde5bbcbc
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/npm/cli/commit/a9857b8f6869451ff058789c4631fadfde5bbcbc
9
reference_url https://github.com/npm/cli/security/advisories/GHSA-93f3-23rq-pjfp
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/npm/cli/security/advisories/GHSA-93f3-23rq-pjfp
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-15095
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-15095
13
reference_url https://security.gentoo.org/glsa/202101-07
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202101-07
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1856875
reference_id 1856875
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1856875
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964746
reference_id 964746
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964746
16
reference_url https://github.com/advisories/GHSA-93f3-23rq-pjfp
reference_id GHSA-93f3-23rq-pjfp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-93f3-23rq-pjfp
17
reference_url https://access.redhat.com/errata/RHSA-2020:4272
reference_id RHSA-2020:4272
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4272
18
reference_url https://access.redhat.com/errata/RHSA-2020:4903
reference_id RHSA-2020:4903
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4903
19
reference_url https://access.redhat.com/errata/RHSA-2020:5086
reference_id RHSA-2020:5086
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5086
20
reference_url https://access.redhat.com/errata/RHSA-2021:0521
reference_id RHSA-2021:0521
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0521
21
reference_url https://access.redhat.com/errata/RHSA-2021:0548
reference_id RHSA-2021:0548
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0548
fixed_packages
0
url pkg:npm/npm@6.14.6
purl pkg:npm/npm@6.14.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qyqn-hwvx-k7gs
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/npm@6.14.6
aliases CVE-2020-15095, GHSA-93f3-23rq-pjfp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e2wc-na6c-c3cr
1
url VCID-k3gg-stck-7ydy
vulnerability_id VCID-k3gg-stck-7ydy
summary 
Arbitrary File Write in npm
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to create files on a user's system when the package is installed. It is only possible to affect files that the user running `npm install` has access to and it is not possible to over write files that already exist on disk.

This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.


## Recommendation

Upgrade to version 6.13.3 or later.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html
1
reference_url https://access.redhat.com/errata/RHEA-2020:0330
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHEA-2020:0330
2
reference_url https://access.redhat.com/errata/RHSA-2020:0573
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0573
3
reference_url https://access.redhat.com/errata/RHSA-2020:0579
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0579
4
reference_url https://access.redhat.com/errata/RHSA-2020:0597
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0597
5
reference_url https://access.redhat.com/errata/RHSA-2020:0602
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0602
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16775.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16775.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-16775
reference_id
reference_type
scores
0
value 0.00684
scoring_system epss
scoring_elements 0.71694
published_at 2026-04-16T12:55:00Z
1
value 0.00684
scoring_system epss
scoring_elements 0.71614
published_at 2026-04-01T12:55:00Z
2
value 0.00684
scoring_system epss
scoring_elements 0.7162
published_at 2026-04-02T12:55:00Z
3
value 0.00684
scoring_system epss
scoring_elements 0.71638
published_at 2026-04-04T12:55:00Z
4
value 0.00684
scoring_system epss
scoring_elements 0.71611
published_at 2026-04-07T12:55:00Z
5
value 0.00684
scoring_system epss
scoring_elements 0.71651
published_at 2026-04-08T12:55:00Z
6
value 0.00684
scoring_system epss
scoring_elements 0.71662
published_at 2026-04-09T12:55:00Z
7
value 0.00684
scoring_system epss
scoring_elements 0.71685
published_at 2026-04-11T12:55:00Z
8
value 0.00684
scoring_system epss
scoring_elements 0.71668
published_at 2026-04-12T12:55:00Z
9
value 0.00684
scoring_system epss
scoring_elements 0.7165
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-16775
8
reference_url https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16775
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16775
10
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
11
reference_url https://github.com/advisories/GHSA-m6cx-g6qm-p2cx
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-m6cx-g6qm-p2cx
12
reference_url https://github.com/npm/cli
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/npm/cli
13
reference_url https://github.com/npm/cli/security/advisories/GHSA-m6cx-g6qm-p2cx
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/npm/cli/security/advisories/GHSA-m6cx-g6qm-p2cx
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP/
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-16775
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-16775
17
reference_url https://www.npmjs.com/advisories/1434
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/1434
18
reference_url https://www.oracle.com/security-alerts/cpujan2020.html
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2020.html
19
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
20
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1788305
reference_id 1788305
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1788305
21
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947127
reference_id 947127
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947127
22
reference_url https://security.archlinux.org/AVG-1082
reference_id AVG-1082
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1082
23
reference_url https://access.redhat.com/errata/RHSA-2020:2625
reference_id RHSA-2020:2625
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2625
fixed_packages
0
url pkg:npm/npm@6.13.3
purl pkg:npm/npm@6.13.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-e2wc-na6c-c3cr
1
vulnerability VCID-qyqn-hwvx-k7gs
2
vulnerability VCID-xja2-hbkk-cyc7
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/npm@6.13.3
aliases CVE-2019-16775, GHSA-m6cx-g6qm-p2cx
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k3gg-stck-7ydy
2
url VCID-qyqn-hwvx-k7gs
vulnerability_id VCID-qyqn-hwvx-k7gs
summary 
Duplicate Advisory: npm cli Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
### Duplicate Advisory
This advisory has been withdrawn because describes a dependency bump and therefore, per [CVE CNA rule 4.1.12](https://www.cve.org/ResourcesSupport/AllResources/CNARules/#section_4-1_Vulnerability_Determination), is a duplicate of GHSA-34x7-hfp2-rc4v/CVE-2026-24842. Additionally, per https://github.com/npm/cli/issues/8939#issuecomment-3862719883, npm cli should not be listed as an affected product. This link is maintained to preserve external references.

### Original Description
npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

The specific flaw exists within the handling of modules. The application loads modules from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of a target user.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0775.json
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0775.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-0775
reference_id
reference_type
scores
0
value 0.0001
scoring_system epss
scoring_elements 0.01109
published_at 2026-04-16T12:55:00Z
1
value 0.0001
scoring_system epss
scoring_elements 0.01118
published_at 2026-04-13T12:55:00Z
2
value 0.0001
scoring_system epss
scoring_elements 0.01116
published_at 2026-04-12T12:55:00Z
3
value 0.0001
scoring_system epss
scoring_elements 0.01121
published_at 2026-04-02T12:55:00Z
4
value 0.0001
scoring_system epss
scoring_elements 0.01137
published_at 2026-04-09T12:55:00Z
5
value 0.0001
scoring_system epss
scoring_elements 0.01131
published_at 2026-04-07T12:55:00Z
6
value 0.0001
scoring_system epss
scoring_elements 0.01125
published_at 2026-04-04T12:55:00Z
7
value 0.0001
scoring_system epss
scoring_elements 0.01122
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-0775
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0775
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0775
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/npm/cli
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/npm/cli
5
reference_url https://github.com/npm/cli/issues/8939
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/npm/cli/issues/8939
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-0775
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-0775
7
reference_url https://www.zerodayinitiative.com/advisories/ZDI-26-043
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.zerodayinitiative.com/advisories/ZDI-26-043
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126756
reference_id 1126756
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126756
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2432280
reference_id 2432280
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2432280
10
reference_url https://github.com/advisories/GHSA-3966-f6p6-2qr9
reference_id GHSA-3966-f6p6-2qr9
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3966-f6p6-2qr9
11
reference_url https://www.zerodayinitiative.com/advisories/ZDI-26-043/
reference_id ZDI-26-043
reference_type
scores
0
value 7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-24T04:55:29Z/
url https://www.zerodayinitiative.com/advisories/ZDI-26-043/
fixed_packages
aliases CVE-2026-0775, GHSA-3966-f6p6-2qr9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qyqn-hwvx-k7gs
3
url VCID-sz3c-y3nq-1qdc
vulnerability_id VCID-sz3c-y3nq-1qdc
summary 
Exposure of Sensitive Information to an Unauthorized Actor
The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers.
references
0
reference_url http://blog.npmjs.org/post/142036323955/fixing-a-bearer-token-vulnerability
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://blog.npmjs.org/post/142036323955/fixing-a-bearer-token-vulnerability
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3956.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3956.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-3956
reference_id
reference_type
scores
0
value 0.03208
scoring_system epss
scoring_elements 0.87035
published_at 2026-04-16T12:55:00Z
1
value 0.03208
scoring_system epss
scoring_elements 0.86967
published_at 2026-04-01T12:55:00Z
2
value 0.03208
scoring_system epss
scoring_elements 0.86977
published_at 2026-04-02T12:55:00Z
3
value 0.03208
scoring_system epss
scoring_elements 0.86996
published_at 2026-04-04T12:55:00Z
4
value 0.03208
scoring_system epss
scoring_elements 0.86989
published_at 2026-04-07T12:55:00Z
5
value 0.03208
scoring_system epss
scoring_elements 0.87009
published_at 2026-04-08T12:55:00Z
6
value 0.03208
scoring_system epss
scoring_elements 0.87017
published_at 2026-04-09T12:55:00Z
7
value 0.03208
scoring_system epss
scoring_elements 0.8703
published_at 2026-04-11T12:55:00Z
8
value 0.03208
scoring_system epss
scoring_elements 0.87025
published_at 2026-04-12T12:55:00Z
9
value 0.03208
scoring_system epss
scoring_elements 0.87019
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-3956
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3956
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3956
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:P/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/npm/npm/commit/f67ecad59e99a03e5aad8e93cd1a086ae087cb29
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/npm/npm/commit/f67ecad59e99a03e5aad8e93cd1a086ae087cb29
6
reference_url https://github.com/npm/npm/commit/fea8cc92cee02c720b58f95f14d315507ccad401
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/npm/npm/commit/fea8cc92cee02c720b58f95f14d315507ccad401
7
reference_url https://github.com/npm/npm/issues/8380
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/npm/npm/issues/8380
8
reference_url https://nodejs.org/en/blog/vulnerability/npm-tokens-leak-march-2016
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nodejs.org/en/blog/vulnerability/npm-tokens-leak-march-2016
9
reference_url https://nodejs.org/en/blog/vulnerability/npm-tokens-leak-march-2016/
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements
url https://nodejs.org/en/blog/vulnerability/npm-tokens-leak-march-2016/
10
reference_url https://www.npmjs.com/advisories/98
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/98
11
reference_url http://www-01.ibm.com/support/docview.wss?uid=swg21980827
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www-01.ibm.com/support/docview.wss?uid=swg21980827
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1328413
reference_id 1328413
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1328413
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850322
reference_id 850322
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850322
14
reference_url https://github.com/nodejs/security-wg/blob/main/vuln/npm/98.json
reference_id 98
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements
url https://github.com/nodejs/security-wg/blob/main/vuln/npm/98.json
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:sdk:*:*:*:*:*:nodejs:*:*
reference_id cpe:2.3:a:ibm:sdk:*:*:*:*:*:nodejs:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:sdk:*:*:*:*:*:nodejs:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.0:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.1:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.10:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.10:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.10:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.11:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.11:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.11:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.12:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.12:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.12:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.13:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.13:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.13:*:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.14:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.14:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.14:*:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.15:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.15:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.15:*:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.16:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.16:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.16:*:*:*:*:*:*:*
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.16-isaacs-manual:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.16-isaacs-manual:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.16-isaacs-manual:*:*:*:*:*:*:*
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.17:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.17:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.17:*:*:*:*:*:*:*
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.18:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.18:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.18:*:*:*:*:*:*:*
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.19:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.19:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.19:*:*:*:*:*:*:*
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.2:*:*:*:*:*:*:*
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.20:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.20:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.20:*:*:*:*:*:*:*
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.21:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.21:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.21:*:*:*:*:*:*:*
32
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.22:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.22:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.22:*:*:*:*:*:*:*
33
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.23:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.23:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.23:*:*:*:*:*:*:*
34
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.24:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.24:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.24:*:*:*:*:*:*:*
35
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.25:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.25:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.25:*:*:*:*:*:*:*
36
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.26:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.26:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.26:*:*:*:*:*:*:*
37
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.27:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.27:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.27:*:*:*:*:*:*:*
38
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.28:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.28:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.28:*:*:*:*:*:*:*
39
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.29:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.29:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.29:*:*:*:*:*:*:*
40
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.3:*:*:*:*:*:*:*
41
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.30:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.30:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.30:*:*:*:*:*:*:*
42
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.31:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.31:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.31:*:*:*:*:*:*:*
43
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.32:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.32:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.32:*:*:*:*:*:*:*
44
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.33:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.33:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.33:*:*:*:*:*:*:*
45
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.34:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.34:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.34:*:*:*:*:*:*:*
46
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.35:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.35:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.35:*:*:*:*:*:*:*
47
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.36:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.36:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.36:*:*:*:*:*:*:*
48
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.37:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.37:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.37:*:*:*:*:*:*:*
49
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.38:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.38:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.38:*:*:*:*:*:*:*
50
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.39:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.39:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.39:*:*:*:*:*:*:*
51
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.4:*:*:*:*:*:*:*
52
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.40:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.40:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.40:*:*:*:*:*:*:*
53
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.41:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.41:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.41:*:*:*:*:*:*:*
54
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.5:*:*:*:*:*:*:*
55
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.6:*:*:*:*:*:*:*
56
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.7:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.7:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.7:*:*:*:*:*:*:*
57
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.8:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.8:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.8:*:*:*:*:*:*:*
58
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.9:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.10.9:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.9:*:*:*:*:*:*:*
59
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.12.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.0:*:*:*:*:*:*:*
60
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.12.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.1:*:*:*:*:*:*:*
61
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.12.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.2:*:*:*:*:*:*:*
62
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.12.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.3:*:*:*:*:*:*:*
63
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.12.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.4:*:*:*:*:*:*:*
64
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.12.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.5:*:*:*:*:*:*:*
65
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.12.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.6:*:*:*:*:*:*:*
66
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.7:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.12.7:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.7:*:*:*:*:*:*:*
67
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.8:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.12.8:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.8:*:*:*:*:*:*:*
68
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.9:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:0.12.9:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.9:*:*:*:*:*:*:*
69
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:4.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.0.0:*:*:*:*:*:*:*
70
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.1.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:4.1.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.1.0:*:*:*:*:*:*:*
71
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.1.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:4.1.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.1.1:*:*:*:*:*:*:*
72
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.1.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:4.1.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.1.2:*:*:*:*:*:*:*
73
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:4.2.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.0:*:*:*:*:*:*:*
74
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:4.2.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.1:*:*:*:*:*:*:*
75
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:4.2.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.2:*:*:*:*:*:*:*
76
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:4.2.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.3:*:*:*:*:*:*:*
77
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:4.2.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.4:*:*:*:*:*:*:*
78
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:4.2.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.5:*:*:*:*:*:*:*
79
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:4.2.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.6:*:*:*:*:*:*:*
80
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.3.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:4.3.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.3.0:*:*:*:*:*:*:*
81
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.3.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:4.3.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.3.1:*:*:*:*:*:*:*
82
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.3.1:rc.1:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:4.3.1:rc.1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.3.1:rc.1:*:*:*:*:*:*
83
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.3.1:rc.2:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:4.3.1:rc.2:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.3.1:rc.2:*:*:*:*:*:*
84
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.3.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:4.3.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.3.2:*:*:*:*:*:*:*
85
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.4.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:4.4.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.4.0:*:*:*:*:*:*:*
86
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.4.0:rc.1:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:4.4.0:rc.1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.4.0:rc.1:*:*:*:*:*:*
87
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.4.0:rc.2:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:4.4.0:rc.2:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.4.0:rc.2:*:*:*:*:*:*
88
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.4.0:rc.3:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:4.4.0:rc.3:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.4.0:rc.3:*:*:*:*:*:*
89
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.4.0:rc.4:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:4.4.0:rc.4:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.4.0:rc.4:*:*:*:*:*:*
90
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.4.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:4.4.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.4.1:*:*:*:*:*:*:*
91
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:5.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.0.0:*:*:*:*:*:*:*
92
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.1.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:5.1.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.1.0:*:*:*:*:*:*:*
93
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.1.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:5.1.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.1.1:*:*:*:*:*:*:*
94
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.2.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:5.2.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.2.0:*:*:*:*:*:*:*
95
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.3.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:5.3.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.3.0:*:*:*:*:*:*:*
96
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.4.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:5.4.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.4.0:*:*:*:*:*:*:*
97
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.4.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:5.4.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.4.1:*:*:*:*:*:*:*
98
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.5.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:5.5.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.5.0:*:*:*:*:*:*:*
99
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.6.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:5.6.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.6.0:*:*:*:*:*:*:*
100
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.7.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:5.7.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.7.0:*:*:*:*:*:*:*
101
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.7.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:5.7.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.7.1:*:*:*:*:*:*:*
102
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:5.8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.8.0:*:*:*:*:*:*:*
103
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.8.1:rc.1:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:5.8.1:rc.1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.8.1:rc.1:*:*:*:*:*:*
104
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.9.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:5.9.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.9.0:*:*:*:*:*:*:*
105
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.9.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nodejs:node.js:5.9.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.9.1:*:*:*:*:*:*:*
106
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:npmjs:npm:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:npmjs:npm:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:npmjs:npm:*:*:*:*:*:*:*:*
107
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-3956
reference_id CVE-2016-3956
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-3956
108
reference_url https://github.com/advisories/GHSA-m5h6-hr3q-22h5
reference_id GHSA-m5h6-hr3q-22h5
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-m5h6-hr3q-22h5
109
reference_url https://usn.ubuntu.com/USN-4785-1/
reference_id USN-USN-4785-1
reference_type
scores
url https://usn.ubuntu.com/USN-4785-1/
fixed_packages
0
url pkg:npm/npm@2.15.1
purl pkg:npm/npm@2.15.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-e2wc-na6c-c3cr
1
vulnerability VCID-k3gg-stck-7ydy
2
vulnerability VCID-qyqn-hwvx-k7gs
3
vulnerability VCID-wb61-6cxb-5kfa
4
vulnerability VCID-xja2-hbkk-cyc7
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/npm@2.15.1
1
url pkg:npm/npm@3.8.3
purl pkg:npm/npm@3.8.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-e2wc-na6c-c3cr
1
vulnerability VCID-k3gg-stck-7ydy
2
vulnerability VCID-qyqn-hwvx-k7gs
3
vulnerability VCID-wb61-6cxb-5kfa
4
vulnerability VCID-xja2-hbkk-cyc7
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/npm@3.8.3
aliases CVE-2016-3956, GHSA-m5h6-hr3q-22h5
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sz3c-y3nq-1qdc
4
url VCID-wb61-6cxb-5kfa
vulnerability_id VCID-wb61-6cxb-5kfa
summary 
npm symlink reference outside of node_modules
Versions of the npm CLI prior to 6.13.3 are vulnerable to a symlink reference outside of node_modules. It is possible for packages to create symlinks to files outside of the`node_modules` folder through the `bin` field upon installation. A properly constructed entry in the package.json bin field would allow a package publisher to create a symlink pointing to arbitrary files on a user’s system when the package is installed. Only files accessible by the user running the `npm install` are affected.  

This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.


## Recommendation

Upgrade to version 6.13.3 or later.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html
1
reference_url https://access.redhat.com/errata/RHEA-2020:0330
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHEA-2020:0330
2
reference_url https://access.redhat.com/errata/RHSA-2020:0573
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0573
3
reference_url https://access.redhat.com/errata/RHSA-2020:0579
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0579
4
reference_url https://access.redhat.com/errata/RHSA-2020:0597
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0597
5
reference_url https://access.redhat.com/errata/RHSA-2020:0602
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0602
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16776.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16776.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-16776
reference_id
reference_type
scores
0
value 0.00783
scoring_system epss
scoring_elements 0.73779
published_at 2026-04-16T12:55:00Z
1
value 0.00783
scoring_system epss
scoring_elements 0.73689
published_at 2026-04-01T12:55:00Z
2
value 0.00783
scoring_system epss
scoring_elements 0.73698
published_at 2026-04-02T12:55:00Z
3
value 0.00783
scoring_system epss
scoring_elements 0.73722
published_at 2026-04-04T12:55:00Z
4
value 0.00783
scoring_system epss
scoring_elements 0.73694
published_at 2026-04-07T12:55:00Z
5
value 0.00783
scoring_system epss
scoring_elements 0.73729
published_at 2026-04-08T12:55:00Z
6
value 0.00783
scoring_system epss
scoring_elements 0.73742
published_at 2026-04-09T12:55:00Z
7
value 0.00783
scoring_system epss
scoring_elements 0.73764
published_at 2026-04-11T12:55:00Z
8
value 0.00783
scoring_system epss
scoring_elements 0.73746
published_at 2026-04-12T12:55:00Z
9
value 0.00783
scoring_system epss
scoring_elements 0.73737
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-16776
8
reference_url https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16776
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16776
10
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
11
reference_url https://github.com/advisories/GHSA-x8qc-rrcw-4r46
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-x8qc-rrcw-4r46
12
reference_url https://github.com/npm/cli/security/advisories/GHSA-x8qc-rrcw-4r46
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/npm/cli/security/advisories/GHSA-x8qc-rrcw-4r46
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP/
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-16776
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-16776
16
reference_url https://www.npmjs.com/advisories/1436
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/1436
17
reference_url https://www.oracle.com/security-alerts/cpujan2020.html
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2020.html
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1788310
reference_id 1788310
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1788310
19
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947127
reference_id 947127
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947127
20
reference_url https://security.archlinux.org/AVG-1082
reference_id AVG-1082
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1082
21
reference_url https://access.redhat.com/errata/RHSA-2020:2625
reference_id RHSA-2020:2625
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2625
fixed_packages
0
url pkg:npm/npm@6.13.3
purl pkg:npm/npm@6.13.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-e2wc-na6c-c3cr
1
vulnerability VCID-qyqn-hwvx-k7gs
2
vulnerability VCID-xja2-hbkk-cyc7
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/npm@6.13.3
aliases CVE-2019-16776, GHSA-x8qc-rrcw-4r46
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wb61-6cxb-5kfa
5
url VCID-xja2-hbkk-cyc7
vulnerability_id VCID-xja2-hbkk-cyc7
summary 
npm Vulnerable to Global node_modules Binary Overwrite
Versions of  the npm CLI prior to 6.13.4 are vulnerable to a Global node_modules Binary Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. 

For example, if a package was installed globally and created a `serve` binary, any subsequent installs of packages that also create a `serve` binary would overwrite the first binary. This will not overwrite system binaries but only binaries put into the global node_modules directory.

This behavior is still allowed in local installations and also through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.


## Recommendation

Upgrade to version 6.13.4 or later.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html
1
reference_url https://access.redhat.com/errata/RHEA-2020:0330
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHEA-2020:0330
2
reference_url https://access.redhat.com/errata/RHSA-2020:0573
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0573
3
reference_url https://access.redhat.com/errata/RHSA-2020:0579
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0579
4
reference_url https://access.redhat.com/errata/RHSA-2020:0597
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0597
5
reference_url https://access.redhat.com/errata/RHSA-2020:0602
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0602
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16777.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16777.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-16777
reference_id
reference_type
scores
0
value 0.00334
scoring_system epss
scoring_elements 0.56256
published_at 2026-04-13T12:55:00Z
1
value 0.00334
scoring_system epss
scoring_elements 0.56299
published_at 2026-04-11T12:55:00Z
2
value 0.00334
scoring_system epss
scoring_elements 0.56288
published_at 2026-04-16T12:55:00Z
3
value 0.00334
scoring_system epss
scoring_elements 0.56283
published_at 2026-04-08T12:55:00Z
4
value 0.00334
scoring_system epss
scoring_elements 0.56231
published_at 2026-04-07T12:55:00Z
5
value 0.00334
scoring_system epss
scoring_elements 0.56251
published_at 2026-04-04T12:55:00Z
6
value 0.00334
scoring_system epss
scoring_elements 0.56232
published_at 2026-04-02T12:55:00Z
7
value 0.00334
scoring_system epss
scoring_elements 0.56121
published_at 2026-04-01T12:55:00Z
8
value 0.00334
scoring_system epss
scoring_elements 0.56274
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-16777
8
reference_url https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16777
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16777
10
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
11
reference_url https://github.com/advisories/GHSA-4328-8hgf-7wjr
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-4328-8hgf-7wjr
12
reference_url https://github.com/npm/cli
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/npm/cli
13
reference_url https://github.com/npm/cli/security/advisories/GHSA-4328-8hgf-7wjr
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/npm/cli/security/advisories/GHSA-4328-8hgf-7wjr
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP/
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-16777
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-16777
17
reference_url https://security.gentoo.org/glsa/202003-48
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202003-48
18
reference_url https://www.npmjs.com/advisories/1437
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/1437
19
reference_url https://www.oracle.com/security-alerts/cpujan2020.html
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2020.html
20
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1788301
reference_id 1788301
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1788301
21
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947127
reference_id 947127
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947127
22
reference_url https://security.archlinux.org/AVG-1082
reference_id AVG-1082
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1082
23
reference_url https://access.redhat.com/errata/RHSA-2020:2625
reference_id RHSA-2020:2625
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2625
fixed_packages
0
url pkg:npm/npm@6.13.4
purl pkg:npm/npm@6.13.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-e2wc-na6c-c3cr
1
vulnerability VCID-qyqn-hwvx-k7gs
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/npm@6.13.4
aliases CVE-2019-16777, GHSA-4328-8hgf-7wjr
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xja2-hbkk-cyc7
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/npm@2.14.20