Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/forms@0.9.1
Typenpm
Namespace
Nameforms
Version0.9.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.2.1
Latest_non_vulnerable_version1.3.2
Affected_by_vulnerabilities
0
url VCID-rd5u-wwsc-3udk
vulnerability_id VCID-rd5u-wwsc-3udk
summary The forms package is vulnerable to Regular Expression Denial of Service (ReDoS) via email validation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-23388
reference_id
reference_type
scores
0
value 0.00372
scoring_system epss
scoring_elements 0.59298
published_at 2026-06-06T12:55:00Z
1
value 0.00372
scoring_system epss
scoring_elements 0.59271
published_at 2026-06-08T12:55:00Z
2
value 0.00372
scoring_system epss
scoring_elements 0.59289
published_at 2026-06-07T12:55:00Z
3
value 0.00372
scoring_system epss
scoring_elements 0.59244
published_at 2026-06-04T12:55:00Z
4
value 0.00372
scoring_system epss
scoring_elements 0.59294
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-23388
1
reference_url https://github.com/caolan/forms/pull/214
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/caolan/forms/pull/214
2
reference_url https://github.com/caolan/forms/pull/214/commits/d4bd5b5febfe49c1f585f162e04ec810f8dc47a0
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/caolan/forms/pull/214/commits/d4bd5b5febfe49c1f585f162e04ec810f8dc47a0
3
reference_url https://snyk.io/vuln/SNYK-JS-FORMS-1296389
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JS-FORMS-1296389
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-23388
reference_id CVE-2021-23388
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-23388
5
reference_url https://github.com/advisories/GHSA-c56f-grv3-gpfr
reference_id GHSA-c56f-grv3-gpfr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c56f-grv3-gpfr
fixed_packages
0
url pkg:npm/forms@1.2.1
purl pkg:npm/forms@1.2.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/forms@1.2.1
1
url pkg:npm/forms@1.3.2
purl pkg:npm/forms@1.3.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/forms@1.3.2
aliases CVE-2021-23388, GHSA-c56f-grv3-gpfr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rd5u-wwsc-3udk
1
url VCID-swpf-a5wf-1ub1
vulnerability_id VCID-swpf-a5wf-1ub1
summary 
Cross-site Scripting
The forms package does not have proper html escaping. This means that if the application did not sanitize html on behalf of forms, use of forms may be vulnerable to XSS.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-16015
reference_id
reference_type
scores
0
value 0.0024
scoring_system epss
scoring_elements 0.47481
published_at 2026-06-07T12:55:00Z
1
value 0.0024
scoring_system epss
scoring_elements 0.47451
published_at 2026-06-08T12:55:00Z
2
value 0.0024
scoring_system epss
scoring_elements 0.47497
published_at 2026-06-05T12:55:00Z
3
value 0.0024
scoring_system epss
scoring_elements 0.47432
published_at 2026-06-04T12:55:00Z
4
value 0.0024
scoring_system epss
scoring_elements 0.47499
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-16015
1
reference_url https://github.com/advisories/GHSA-vwjj-2852-3765
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-vwjj-2852-3765
2
reference_url https://github.com/caolan/forms/commit/bc01e534a0ff863dedb2026a50bd03153bbc6a5d
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/caolan/forms/commit/bc01e534a0ff863dedb2026a50bd03153bbc6a5d
3
reference_url https://www.npmjs.com/advisories/158
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/158
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-16015
reference_id CVE-2017-16015
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-16015
fixed_packages
0
url pkg:npm/forms@1.3.0
purl pkg:npm/forms@1.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-rd5u-wwsc-3udk
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/forms@1.3.0
aliases CVE-2017-16015, GHSA-vwjj-2852-3765
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-swpf-a5wf-1ub1
2
url VCID-xc19-xkkh-9ucs
vulnerability_id VCID-xc19-xkkh-9ucs
summary 
XSS Vulnerability
Forms did not have proper html escaping. This means that if the application did not sanitize html on behalf of forms, use of forms may be vulnerable to cross site scripting
references
0
reference_url https://github.com/caolan/forms/commit/bc01e534a0ff863dedb2026a50bd03153bbc6a5d
reference_id
reference_type
scores
url https://github.com/caolan/forms/commit/bc01e534a0ff863dedb2026a50bd03153bbc6a5d
fixed_packages
0
url pkg:npm/forms@1.3.0
purl pkg:npm/forms@1.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-rd5u-wwsc-3udk
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/forms@1.3.0
aliases GMS-2017-125
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xc19-xkkh-9ucs
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/forms@0.9.1