Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/node-fetch@2.6.5
Typenpm
Namespace
Namenode-fetch
Version2.6.5
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.6.7
Latest_non_vulnerable_version3.2.10
Affected_by_vulnerabilities
0
url VCID-x4yh-ez8g-6ya1
vulnerability_id VCID-x4yh-ez8g-6ya1
summary 
URL Redirection to Untrusted Site ('Open Redirect')
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0235.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0235.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0235
reference_id
reference_type
scores
0
value 0.0029
scoring_system epss
scoring_elements 0.52383
published_at 2026-04-24T12:55:00Z
1
value 0.0029
scoring_system epss
scoring_elements 0.52435
published_at 2026-04-21T12:55:00Z
2
value 0.0029
scoring_system epss
scoring_elements 0.52451
published_at 2026-04-18T12:55:00Z
3
value 0.0029
scoring_system epss
scoring_elements 0.52445
published_at 2026-04-16T12:55:00Z
4
value 0.00534
scoring_system epss
scoring_elements 0.67416
published_at 2026-04-08T12:55:00Z
5
value 0.00534
scoring_system epss
scoring_elements 0.67364
published_at 2026-04-07T12:55:00Z
6
value 0.00534
scoring_system epss
scoring_elements 0.67386
published_at 2026-04-04T12:55:00Z
7
value 0.00534
scoring_system epss
scoring_elements 0.67363
published_at 2026-04-02T12:55:00Z
8
value 0.00534
scoring_system epss
scoring_elements 0.67327
published_at 2026-04-01T12:55:00Z
9
value 0.00534
scoring_system epss
scoring_elements 0.67404
published_at 2026-04-13T12:55:00Z
10
value 0.00534
scoring_system epss
scoring_elements 0.67438
published_at 2026-04-12T12:55:00Z
11
value 0.00534
scoring_system epss
scoring_elements 0.6745
published_at 2026-04-11T12:55:00Z
12
value 0.00534
scoring_system epss
scoring_elements 0.67429
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0235
2
reference_url https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0235
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0235
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/node-fetch/node-fetch
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/node-fetch/node-fetch
6
reference_url https://github.com/node-fetch/node-fetch/commit/1ef4b560a17e644a02a3bfdea7631ffeee578b35
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/node-fetch/node-fetch/commit/1ef4b560a17e644a02a3bfdea7631ffeee578b35
7
reference_url https://github.com/node-fetch/node-fetch/commit/36e47e8a6406185921e4985dcbeff140d73eaa10
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/node-fetch/node-fetch/commit/36e47e8a6406185921e4985dcbeff140d73eaa10
8
reference_url https://github.com/node-fetch/node-fetch/commit/5c32f002fdd65b1c6a8f1e3620210813d45c7e60
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/node-fetch/node-fetch/commit/5c32f002fdd65b1c6a8f1e3620210813d45c7e60
9
reference_url https://github.com/node-fetch/node-fetch/pull/1449/commits/5c32f002fdd65b1c6a8f1e3620210813d45c7e60
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/node-fetch/node-fetch/pull/1449/commits/5c32f002fdd65b1c6a8f1e3620210813d45c7e60
10
reference_url https://github.com/node-fetch/node-fetch/pull/1453
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/node-fetch/node-fetch/pull/1453
11
reference_url https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7
12
reference_url https://lists.debian.org/debian-lts-announce/2022/12/msg00007.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/12/msg00007.html
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2044591
reference_id 2044591
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2044591
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-0235
reference_id CVE-2022-0235
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-0235
15
reference_url https://github.com/advisories/GHSA-r683-j2x4-v87g
reference_id GHSA-r683-j2x4-v87g
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r683-j2x4-v87g
16
reference_url https://access.redhat.com/errata/RHSA-2022:1739
reference_id RHSA-2022:1739
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1739
17
reference_url https://access.redhat.com/errata/RHSA-2022:5069
reference_id RHSA-2022:5069
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5069
18
reference_url https://access.redhat.com/errata/RHSA-2022:5483
reference_id RHSA-2022:5483
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5483
19
reference_url https://access.redhat.com/errata/RHSA-2022:6156
reference_id RHSA-2022:6156
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6156
20
reference_url https://access.redhat.com/errata/RHSA-2022:6835
reference_id RHSA-2022:6835
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6835
21
reference_url https://access.redhat.com/errata/RHSA-2022:8524
reference_id RHSA-2022:8524
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8524
22
reference_url https://access.redhat.com/errata/RHSA-2023:0050
reference_id RHSA-2023:0050
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0050
23
reference_url https://access.redhat.com/errata/RHSA-2023:0612
reference_id RHSA-2023:0612
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0612
24
reference_url https://access.redhat.com/errata/RHSA-2023:1742
reference_id RHSA-2023:1742
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1742
25
reference_url https://usn.ubuntu.com/6158-1/
reference_id USN-6158-1
reference_type
scores
url https://usn.ubuntu.com/6158-1/
fixed_packages
0
url pkg:npm/node-fetch@2.6.7
purl pkg:npm/node-fetch@2.6.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/node-fetch@2.6.7
1
url pkg:npm/node-fetch@3.0.0-beta.1
purl pkg:npm/node-fetch@3.0.0-beta.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-y5g7-w6ur-8qaq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/node-fetch@3.0.0-beta.1
2
url pkg:npm/node-fetch@3.1.1
purl pkg:npm/node-fetch@3.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ebme-b1mh-qygu
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/node-fetch@3.1.1
aliases CVE-2022-0235, GHSA-r683-j2x4-v87g
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x4yh-ez8g-6ya1
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/node-fetch@2.6.5