Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/docsify@1.5.1
Typenpm
Namespace
Namedocsify
Version1.5.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.12.0
Latest_non_vulnerable_version4.12.2
Affected_by_vulnerabilities
0
url VCID-1jjj-34qa-skaz
vulnerability_id VCID-1jjj-34qa-skaz
summary docsify is susceptible to Cross-site Scripting (XSS). `Docsify.js` uses fragment identifiers (parameters after `#` sign) to load resources from server-side `.md` files. Due to lack of validation here, it is possible to provide external URLs and render arbitrary `JavaScript/HTML` inside docsify page.
references
0
reference_url http://packetstormsecurity.com/files/158515/Docsify.js-4.11.4-Cross-Site-Scripting.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/158515/Docsify.js-4.11.4-Cross-Site-Scripting.html
1
reference_url http://packetstormsecurity.com/files/161495/docsify-4.11.6-Cross-Site-Scripting.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/161495/docsify-4.11.6-Cross-Site-Scripting.html
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-7680
reference_id
reference_type
scores
0
value 0.03162
scoring_system epss
scoring_elements 0.87182
published_at 2026-06-05T12:55:00Z
1
value 0.03162
scoring_system epss
scoring_elements 0.87159
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-7680
3
reference_url http://seclists.org/fulldisclosure/2021/Feb/71
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2021/Feb/71
4
reference_url https://github.com/docsifyjs/docsify/issues/1126
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/docsifyjs/docsify/issues/1126
5
reference_url https://github.com/docsifyjs/docsify/pull/1128
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/docsifyjs/docsify/pull/1128
6
reference_url https://snyk.io/vuln/SNYK-JS-DOCSIFY-567099
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JS-DOCSIFY-567099
7
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/48681.txt
reference_id CVE-2020-7680
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/48681.txt
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-7680
reference_id CVE-2020-7680
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-7680
fixed_packages
0
url pkg:npm/docsify@4.11.4
purl pkg:npm/docsify@4.11.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-xy6c-gr7v-5ygs
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/docsify@4.11.4
aliases CVE-2020-7680, GHSA-qpqh-46qj-vwcw
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1jjj-34qa-skaz
1
url VCID-xy6c-gr7v-5ygs
vulnerability_id VCID-xy6c-gr7v-5ygs
summary 
Cross-site Scripting
It is possible to bypass the remediation done by CVE-2020-7680 and execute malicious JavaScript through the following methods 1) When parsing HTML from remote URLs, the HTML code on the main page is sanitized, but this sanitization is not taking place in the sidebar. 2) The isURL external check can be bypassed by inserting more `////` characters
references
0
reference_url http://packetstormsecurity.com/files/161495/docsify-4.11.6-Cross-Site-Scripting.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/161495/docsify-4.11.6-Cross-Site-Scripting.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-23342
reference_id
reference_type
scores
0
value 0.00463
scoring_system epss
scoring_elements 0.64635
published_at 2026-06-04T12:55:00Z
1
value 0.00463
scoring_system epss
scoring_elements 0.64676
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-23342
2
reference_url http://seclists.org/fulldisclosure/2021/Feb/71
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2021/Feb/71
3
reference_url https://github.com/docsifyjs/docsify/commit/ff2a66f12752471277fe81a64ad6c4b2c08111fe
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/docsifyjs/docsify/commit/ff2a66f12752471277fe81a64ad6c4b2c08111fe
4
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1076593
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1076593
5
reference_url https://snyk.io/vuln/SNYK-JS-DOCSIFY-1066017
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JS-DOCSIFY-1066017
6
reference_url https://www.npmjs.com/package/docsify
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/package/docsify
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-23342
reference_id CVE-2021-23342
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-23342
fixed_packages
0
url pkg:npm/docsify@4.12.0
purl pkg:npm/docsify@4.12.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/docsify@4.12.0
aliases CVE-2021-23342, GHSA-2mm9-c2fx-c7m4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xy6c-gr7v-5ygs
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/docsify@1.5.1