Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/npm@6.14.5
Typenpm
Namespace
Namenpm
Version6.14.5
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-e2wc-na6c-c3cr
vulnerability_id VCID-e2wc-na6c-c3cr
summary 
npm CLI exposing sensitive information through logs
Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like `<protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>`. The password value is not redacted and is printed to stdout and also to any generated log files.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00011.html
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00011.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00015.html
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00015.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00023.html
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00023.html
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15095.json
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15095.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-15095
reference_id
reference_type
scores
0
value 0.001
scoring_system epss
scoring_elements 0.27686
published_at 2026-04-18T12:55:00Z
1
value 0.001
scoring_system epss
scoring_elements 0.27803
published_at 2026-04-01T12:55:00Z
2
value 0.001
scoring_system epss
scoring_elements 0.27853
published_at 2026-04-02T12:55:00Z
3
value 0.001
scoring_system epss
scoring_elements 0.27894
published_at 2026-04-04T12:55:00Z
4
value 0.001
scoring_system epss
scoring_elements 0.27685
published_at 2026-04-07T12:55:00Z
5
value 0.001
scoring_system epss
scoring_elements 0.27753
published_at 2026-04-08T12:55:00Z
6
value 0.001
scoring_system epss
scoring_elements 0.27796
published_at 2026-04-09T12:55:00Z
7
value 0.001
scoring_system epss
scoring_elements 0.27802
published_at 2026-04-11T12:55:00Z
8
value 0.001
scoring_system epss
scoring_elements 0.2776
published_at 2026-04-12T12:55:00Z
9
value 0.001
scoring_system epss
scoring_elements 0.27702
published_at 2026-04-13T12:55:00Z
10
value 0.001
scoring_system epss
scoring_elements 0.27712
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-15095
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15095
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15095
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://github.com/npm/cli/blob/66aab417f836a901f8afb265251f761bb0422463/CHANGELOG.md#6146-2020-07-07
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/npm/cli/blob/66aab417f836a901f8afb265251f761bb0422463/CHANGELOG.md#6146-2020-07-07
8
reference_url https://github.com/npm/cli/commit/a9857b8f6869451ff058789c4631fadfde5bbcbc
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/npm/cli/commit/a9857b8f6869451ff058789c4631fadfde5bbcbc
9
reference_url https://github.com/npm/cli/security/advisories/GHSA-93f3-23rq-pjfp
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/npm/cli/security/advisories/GHSA-93f3-23rq-pjfp
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-15095
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-15095
13
reference_url https://security.gentoo.org/glsa/202101-07
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202101-07
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1856875
reference_id 1856875
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1856875
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964746
reference_id 964746
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964746
16
reference_url https://github.com/advisories/GHSA-93f3-23rq-pjfp
reference_id GHSA-93f3-23rq-pjfp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-93f3-23rq-pjfp
17
reference_url https://access.redhat.com/errata/RHSA-2020:4272
reference_id RHSA-2020:4272
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4272
18
reference_url https://access.redhat.com/errata/RHSA-2020:4903
reference_id RHSA-2020:4903
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4903
19
reference_url https://access.redhat.com/errata/RHSA-2020:5086
reference_id RHSA-2020:5086
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5086
20
reference_url https://access.redhat.com/errata/RHSA-2021:0521
reference_id RHSA-2021:0521
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0521
21
reference_url https://access.redhat.com/errata/RHSA-2021:0548
reference_id RHSA-2021:0548
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0548
fixed_packages
0
url pkg:npm/npm@6.14.6
purl pkg:npm/npm@6.14.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qyqn-hwvx-k7gs
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/npm@6.14.6
aliases CVE-2020-15095, GHSA-93f3-23rq-pjfp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e2wc-na6c-c3cr
1
url VCID-qyqn-hwvx-k7gs
vulnerability_id VCID-qyqn-hwvx-k7gs
summary 
Duplicate Advisory: npm cli Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
### Duplicate Advisory
This advisory has been withdrawn because describes a dependency bump and therefore, per [CVE CNA rule 4.1.12](https://www.cve.org/ResourcesSupport/AllResources/CNARules/#section_4-1_Vulnerability_Determination), is a duplicate of GHSA-34x7-hfp2-rc4v/CVE-2026-24842. Additionally, per https://github.com/npm/cli/issues/8939#issuecomment-3862719883, npm cli should not be listed as an affected product. This link is maintained to preserve external references.

### Original Description
npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

The specific flaw exists within the handling of modules. The application loads modules from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of a target user.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0775.json
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0775.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-0775
reference_id
reference_type
scores
0
value 0.0001
scoring_system epss
scoring_elements 0.01109
published_at 2026-04-16T12:55:00Z
1
value 0.0001
scoring_system epss
scoring_elements 0.01118
published_at 2026-04-13T12:55:00Z
2
value 0.0001
scoring_system epss
scoring_elements 0.01116
published_at 2026-04-12T12:55:00Z
3
value 0.0001
scoring_system epss
scoring_elements 0.01121
published_at 2026-04-18T12:55:00Z
4
value 0.0001
scoring_system epss
scoring_elements 0.01137
published_at 2026-04-09T12:55:00Z
5
value 0.0001
scoring_system epss
scoring_elements 0.01131
published_at 2026-04-07T12:55:00Z
6
value 0.0001
scoring_system epss
scoring_elements 0.01125
published_at 2026-04-04T12:55:00Z
7
value 0.0001
scoring_system epss
scoring_elements 0.01122
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-0775
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0775
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0775
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/npm/cli
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/npm/cli
5
reference_url https://github.com/npm/cli/issues/8939
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/npm/cli/issues/8939
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-0775
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-0775
7
reference_url https://www.zerodayinitiative.com/advisories/ZDI-26-043
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.zerodayinitiative.com/advisories/ZDI-26-043
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126756
reference_id 1126756
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126756
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2432280
reference_id 2432280
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2432280
10
reference_url https://github.com/advisories/GHSA-3966-f6p6-2qr9
reference_id GHSA-3966-f6p6-2qr9
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3966-f6p6-2qr9
11
reference_url https://www.zerodayinitiative.com/advisories/ZDI-26-043/
reference_id ZDI-26-043
reference_type
scores
0
value 7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-24T04:55:29Z/
url https://www.zerodayinitiative.com/advisories/ZDI-26-043/
fixed_packages
aliases CVE-2026-0775, GHSA-3966-f6p6-2qr9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qyqn-hwvx-k7gs
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/npm@6.14.5