Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/ajv@6.12.2
Typenpm
Namespace
Nameajv
Version6.12.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.14.0
Latest_non_vulnerable_version8.18.0
Affected_by_vulnerabilities
0
url VCID-1znw-5dwm-7ydy
vulnerability_id VCID-1znw-5dwm-7ydy
summary 
ajv has ReDoS when using `$data` option
ajv (Another JSON Schema Validator) through version 8.17.1 is vulnerable to Regular Expression Denial of Service (ReDoS) when the `$data` option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax (`$data` reference), which is passed directly to the JavaScript `RegExp()` constructor without validation. An attacker can inject a malicious regex pattern (e.g., `\"^(a|a)*$\"`) combined with crafted input to cause catastrophic backtracking. A 31-character payload causes approximately 44 seconds of CPU blocking, with each additional character doubling execution time. This enables complete denial of service with a single HTTP request against any API using ajv with `$data`: true for dynamic schema validation.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69873.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69873.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-69873
reference_id
reference_type
scores
0
value 0.00015
scoring_system epss
scoring_elements 0.03001
published_at 2026-04-21T12:55:00Z
1
value 0.00019
scoring_system epss
scoring_elements 0.05007
published_at 2026-04-02T12:55:00Z
2
value 0.00019
scoring_system epss
scoring_elements 0.05036
published_at 2026-04-04T12:55:00Z
3
value 0.00019
scoring_system epss
scoring_elements 0.05058
published_at 2026-04-07T12:55:00Z
4
value 0.00019
scoring_system epss
scoring_elements 0.0509
published_at 2026-04-08T12:55:00Z
5
value 0.00019
scoring_system epss
scoring_elements 0.04993
published_at 2026-04-18T12:55:00Z
6
value 0.00019
scoring_system epss
scoring_elements 0.04987
published_at 2026-04-16T12:55:00Z
7
value 0.00019
scoring_system epss
scoring_elements 0.05045
published_at 2026-04-13T12:55:00Z
8
value 0.00019
scoring_system epss
scoring_elements 0.05062
published_at 2026-04-12T12:55:00Z
9
value 0.00019
scoring_system epss
scoring_elements 0.05079
published_at 2026-04-11T12:55:00Z
10
value 0.00019
scoring_system epss
scoring_elements 0.05105
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-69873
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69873
3
reference_url https://github.com/advisories/GHSA-2g4f-4pwh-qvx6
reference_id
reference_type
scores
0
value 2.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value 5.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-12T15:13:03Z/
url https://github.com/advisories/GHSA-2g4f-4pwh-qvx6
4
reference_url https://github.com/ajv-validator/ajv
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ajv-validator/ajv
5
reference_url https://github.com/ajv-validator/ajv/commit/720a23fa453ffae8340e92c9b0fe886c54cfe0d5
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ajv-validator/ajv/commit/720a23fa453ffae8340e92c9b0fe886c54cfe0d5
6
reference_url https://github.com/ajv-validator/ajv/pull/2586
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ajv-validator/ajv/pull/2586
7
reference_url https://github.com/ajv-validator/ajv/pull/2588
reference_id
reference_type
scores
0
value 2.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 5.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-12T15:13:03Z/
url https://github.com/ajv-validator/ajv/pull/2588
8
reference_url https://github.com/ajv-validator/ajv/pull/2590
reference_id
reference_type
scores
0
value 2.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 5.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-12T15:13:03Z/
url https://github.com/ajv-validator/ajv/pull/2590
9
reference_url https://github.com/ajv-validator/ajv/releases/tag/v6.14.0
reference_id
reference_type
scores
0
value 2.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 5.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-12T15:13:03Z/
url https://github.com/ajv-validator/ajv/releases/tag/v6.14.0
10
reference_url https://github.com/ajv-validator/ajv/releases/tag/v8.18.0
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ajv-validator/ajv/releases/tag/v8.18.0
11
reference_url https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md
reference_id
reference_type
scores
0
value 2.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 5.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-12T15:13:03Z/
url https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md
12
reference_url https://github.com/github/advisory-database/pull/6991
reference_id
reference_type
scores
0
value 2.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 5.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-12T15:13:03Z/
url https://github.com/github/advisory-database/pull/6991
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-69873
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-69873
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128140
reference_id 1128140
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128140
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2439070
reference_id 2439070
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2439070
16
reference_url https://access.redhat.com/errata/RHSA-2026:5168
reference_id RHSA-2026:5168
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5168
17
reference_url https://access.redhat.com/errata/RHSA-2026:5807
reference_id RHSA-2026:5807
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5807
18
reference_url https://access.redhat.com/errata/RHSA-2026:5907
reference_id RHSA-2026:5907
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5907
19
reference_url https://access.redhat.com/errata/RHSA-2026:5910
reference_id RHSA-2026:5910
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5910
20
reference_url https://access.redhat.com/errata/RHSA-2026:6192
reference_id RHSA-2026:6192
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6192
21
reference_url https://access.redhat.com/errata/RHSA-2026:6277
reference_id RHSA-2026:6277
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6277
22
reference_url https://access.redhat.com/errata/RHSA-2026:6309
reference_id RHSA-2026:6309
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6309
23
reference_url https://access.redhat.com/errata/RHSA-2026:6404
reference_id RHSA-2026:6404
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6404
24
reference_url https://access.redhat.com/errata/RHSA-2026:6497
reference_id RHSA-2026:6497
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6497
25
reference_url https://access.redhat.com/errata/RHSA-2026:6567
reference_id RHSA-2026:6567
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6567
26
reference_url https://access.redhat.com/errata/RHSA-2026:6568
reference_id RHSA-2026:6568
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6568
27
reference_url https://access.redhat.com/errata/RHSA-2026:6802
reference_id RHSA-2026:6802
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6802
28
reference_url https://access.redhat.com/errata/RHSA-2026:7314
reference_id RHSA-2026:7314
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7314
fixed_packages
0
url pkg:npm/ajv@6.14.0
purl pkg:npm/ajv@6.14.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ajv@6.14.0
1
url pkg:npm/ajv@7.0.0-alpha.0
purl pkg:npm/ajv@7.0.0-alpha.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1znw-5dwm-7ydy
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ajv@7.0.0-alpha.0
2
url pkg:npm/ajv@8.18.0
purl pkg:npm/ajv@8.18.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ajv@8.18.0
aliases CVE-2025-69873, GHSA-2g4f-4pwh-qvx6
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1znw-5dwm-7ydy
1
url VCID-kh5k-ynnf-2bbx
vulnerability_id VCID-kh5k-ynnf-2bbx
summary 
Prototype Pollution in Ajv
An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. (While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code.)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15366.json
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15366.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-15366
reference_id
reference_type
scores
0
value 0.00352
scoring_system epss
scoring_elements 0.57641
published_at 2026-04-21T12:55:00Z
1
value 0.00352
scoring_system epss
scoring_elements 0.57667
published_at 2026-04-16T12:55:00Z
2
value 0.00352
scoring_system epss
scoring_elements 0.57637
published_at 2026-04-13T12:55:00Z
3
value 0.00352
scoring_system epss
scoring_elements 0.57657
published_at 2026-04-12T12:55:00Z
4
value 0.00352
scoring_system epss
scoring_elements 0.57678
published_at 2026-04-11T12:55:00Z
5
value 0.00352
scoring_system epss
scoring_elements 0.57663
published_at 2026-04-18T12:55:00Z
6
value 0.00352
scoring_system epss
scoring_elements 0.57606
published_at 2026-04-07T12:55:00Z
7
value 0.00352
scoring_system epss
scoring_elements 0.5763
published_at 2026-04-04T12:55:00Z
8
value 0.00352
scoring_system epss
scoring_elements 0.57609
published_at 2026-04-02T12:55:00Z
9
value 0.00352
scoring_system epss
scoring_elements 0.57659
published_at 2026-04-08T12:55:00Z
10
value 0.00362
scoring_system epss
scoring_elements 0.58193
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-15366
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15366
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15366
3
reference_url https://github.com/ajv-validator/ajv
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ajv-validator/ajv
4
reference_url https://github.com/ajv-validator/ajv/commit/65b2f7d76b190ac63a0d4e9154c712d7aa37049f
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ajv-validator/ajv/commit/65b2f7d76b190ac63a0d4e9154c712d7aa37049f
5
reference_url https://github.com/ajv-validator/ajv/releases/tag/v6.12.3
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ajv-validator/ajv/releases/tag/v6.12.3
6
reference_url https://github.com/ajv-validator/ajv/tags
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ajv-validator/ajv/tags
7
reference_url https://hackerone.com/bugs?subject=user&report_id=894259
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://hackerone.com/bugs?subject=user&report_id=894259
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-15366
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-15366
9
reference_url https://security.netapp.com/advisory/ntap-20240621-0007
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240621-0007
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1857977
reference_id 1857977
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1857977
11
reference_url https://github.com/advisories/GHSA-v88g-cgmw-v5xw
reference_id GHSA-v88g-cgmw-v5xw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v88g-cgmw-v5xw
12
reference_url https://access.redhat.com/errata/RHSA-2020:4298
reference_id RHSA-2020:4298
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4298
13
reference_url https://access.redhat.com/errata/RHSA-2020:5305
reference_id RHSA-2020:5305
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5305
14
reference_url https://access.redhat.com/errata/RHSA-2020:5499
reference_id RHSA-2020:5499
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5499
15
reference_url https://access.redhat.com/errata/RHSA-2021:0421
reference_id RHSA-2021:0421
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0421
16
reference_url https://access.redhat.com/errata/RHSA-2021:0521
reference_id RHSA-2021:0521
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0521
17
reference_url https://access.redhat.com/errata/RHSA-2021:0548
reference_id RHSA-2021:0548
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0548
18
reference_url https://access.redhat.com/errata/RHSA-2021:0551
reference_id RHSA-2021:0551
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0551
19
reference_url https://access.redhat.com/errata/RHSA-2021:0781
reference_id RHSA-2021:0781
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0781
20
reference_url https://access.redhat.com/errata/RHSA-2021:3917
reference_id RHSA-2021:3917
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3917
fixed_packages
0
url pkg:npm/ajv@6.12.3
purl pkg:npm/ajv@6.12.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1znw-5dwm-7ydy
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ajv@6.12.3
aliases CVE-2020-15366, GHSA-v88g-cgmw-v5xw
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kh5k-ynnf-2bbx
Fixing_vulnerabilities
Risk_score3.4
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/ajv@6.12.2