Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/nanoid@3.1.2
Typenpm
Namespace
Namenanoid
Version3.1.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.3.8
Latest_non_vulnerable_version5.0.9
Affected_by_vulnerabilities
0
url VCID-7cky-3c29-zyar
vulnerability_id VCID-7cky-3c29-zyar
summary 
Exposure of Sensitive Information to an Unauthorized Actor in nanoid
The package nanoid from 3.0.0, before 3.1.31, are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23566.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23566.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-23566
reference_id
reference_type
scores
0
value 0.00027
scoring_system epss
scoring_elements 0.07618
published_at 2026-04-24T12:55:00Z
1
value 0.00027
scoring_system epss
scoring_elements 0.0767
published_at 2026-04-21T12:55:00Z
2
value 0.00027
scoring_system epss
scoring_elements 0.0753
published_at 2026-04-18T12:55:00Z
3
value 0.00027
scoring_system epss
scoring_elements 0.07541
published_at 2026-04-16T12:55:00Z
4
value 0.00027
scoring_system epss
scoring_elements 0.07616
published_at 2026-04-13T12:55:00Z
5
value 0.00027
scoring_system epss
scoring_elements 0.0763
published_at 2026-04-12T12:55:00Z
6
value 0.00027
scoring_system epss
scoring_elements 0.07644
published_at 2026-04-11T12:55:00Z
7
value 0.00027
scoring_system epss
scoring_elements 0.07627
published_at 2026-04-08T12:55:00Z
8
value 0.00027
scoring_system epss
scoring_elements 0.07568
published_at 2026-04-07T12:55:00Z
9
value 0.00027
scoring_system epss
scoring_elements 0.07593
published_at 2026-04-04T12:55:00Z
10
value 0.00027
scoring_system epss
scoring_elements 0.07551
published_at 2026-04-02T12:55:00Z
11
value 0.00027
scoring_system epss
scoring_elements 0.07436
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-23566
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23566
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23566
3
reference_url https://gist.github.com/artalar/bc6d1eb9a3477d15d2772e876169a444
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://gist.github.com/artalar/bc6d1eb9a3477d15d2772e876169a444
4
reference_url https://github.com/ai/nanoid
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ai/nanoid
5
reference_url https://github.com/ai/nanoid/commit/2b7bd9332bc49b6330c7ddb08e5c661833db2575
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ai/nanoid/commit/2b7bd9332bc49b6330c7ddb08e5c661833db2575
6
reference_url https://github.com/ai/nanoid/pull/328
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ai/nanoid/pull/328
7
reference_url https://lists.debian.org/debian-lts-announce/2024/12/msg00025.html
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/12/msg00025.html
8
reference_url https://lists.debian.org/debian-lts-announce/2025/01/msg00006.html
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/01/msg00006.html
9
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2332550
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2332550
10
reference_url https://snyk.io/vuln/SNYK-JS-NANOID-2332193
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JS-NANOID-2332193
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2050853
reference_id 2050853
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2050853
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-23566
reference_id CVE-2021-23566
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-23566
13
reference_url https://github.com/advisories/GHSA-qrpm-p2h7-hrv2
reference_id GHSA-qrpm-p2h7-hrv2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qrpm-p2h7-hrv2
14
reference_url https://access.redhat.com/errata/RHSA-2022:5069
reference_id RHSA-2022:5069
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5069
15
reference_url https://access.redhat.com/errata/RHSA-2022:6156
reference_id RHSA-2022:6156
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6156
fixed_packages
0
url pkg:npm/nanoid@3.1.31
purl pkg:npm/nanoid@3.1.31
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-s6f3-3mxh-ekfr
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/nanoid@3.1.31
aliases CVE-2021-23566, GHSA-qrpm-p2h7-hrv2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7cky-3c29-zyar
1
url VCID-s6f3-3mxh-ekfr
vulnerability_id VCID-s6f3-3mxh-ekfr
summary 
Predictable results in nanoid generation when given non-integer values
When nanoid is called with a fractional value, there were a number of undesirable effects:

1. in browser and non-secure, the code infinite loops on while (size--)
2. in node, the value of poolOffset becomes fractional, causing calls to nanoid to return zeroes until the pool is next filled
3. if the first call in node is a fractional argument, the initial buffer allocation fails with an error

Version 3.3.8 and 5.0.9 are fixed.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-55565.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-55565.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-55565
reference_id
reference_type
scores
0
value 0.00107
scoring_system epss
scoring_elements 0.28741
published_at 2026-04-24T12:55:00Z
1
value 0.00107
scoring_system epss
scoring_elements 0.28887
published_at 2026-04-07T12:55:00Z
2
value 0.00107
scoring_system epss
scoring_elements 0.28931
published_at 2026-04-16T12:55:00Z
3
value 0.00107
scoring_system epss
scoring_elements 0.28907
published_at 2026-04-13T12:55:00Z
4
value 0.00107
scoring_system epss
scoring_elements 0.28956
published_at 2026-04-12T12:55:00Z
5
value 0.00107
scoring_system epss
scoring_elements 0.29001
published_at 2026-04-11T12:55:00Z
6
value 0.00107
scoring_system epss
scoring_elements 0.28997
published_at 2026-04-09T12:55:00Z
7
value 0.00107
scoring_system epss
scoring_elements 0.28955
published_at 2026-04-08T12:55:00Z
8
value 0.00107
scoring_system epss
scoring_elements 0.29028
published_at 2026-04-02T12:55:00Z
9
value 0.00107
scoring_system epss
scoring_elements 0.29078
published_at 2026-04-04T12:55:00Z
10
value 0.00107
scoring_system epss
scoring_elements 0.2886
published_at 2026-04-21T12:55:00Z
11
value 0.00107
scoring_system epss
scoring_elements 0.28906
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-55565
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-55565
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-55565
3
reference_url https://github.com/ai/nanoid
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ai/nanoid
4
reference_url https://github.com/ai/nanoid/compare/3.3.7...3.3.8
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-12T17:19:45Z/
url https://github.com/ai/nanoid/compare/3.3.7...3.3.8
5
reference_url https://github.com/ai/nanoid/pull/510
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-12T17:19:45Z/
url https://github.com/ai/nanoid/pull/510
6
reference_url https://github.com/ai/nanoid/releases/tag/5.0.9
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-12T17:19:45Z/
url https://github.com/ai/nanoid/releases/tag/5.0.9
7
reference_url https://lists.debian.org/debian-lts-announce/2024/12/msg00025.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/12/msg00025.html
8
reference_url https://lists.debian.org/debian-lts-announce/2025/01/msg00006.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/01/msg00006.html
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-55565
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-55565
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2331063
reference_id 2331063
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2331063
11
reference_url https://github.com/advisories/GHSA-mwcw-c2x4-8c55
reference_id GHSA-mwcw-c2x4-8c55
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mwcw-c2x4-8c55
12
reference_url https://access.redhat.com/errata/RHSA-2024:10990
reference_id RHSA-2024:10990
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10990
13
reference_url https://access.redhat.com/errata/RHSA-2025:0079
reference_id RHSA-2025:0079
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0079
14
reference_url https://access.redhat.com/errata/RHSA-2025:0082
reference_id RHSA-2025:0082
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0082
15
reference_url https://access.redhat.com/errata/RHSA-2025:0340
reference_id RHSA-2025:0340
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0340
16
reference_url https://access.redhat.com/errata/RHSA-2025:0654
reference_id RHSA-2025:0654
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0654
17
reference_url https://access.redhat.com/errata/RHSA-2025:0723
reference_id RHSA-2025:0723
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0723
18
reference_url https://access.redhat.com/errata/RHSA-2025:0778
reference_id RHSA-2025:0778
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0778
19
reference_url https://access.redhat.com/errata/RHSA-2025:0785
reference_id RHSA-2025:0785
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0785
20
reference_url https://access.redhat.com/errata/RHSA-2025:0851
reference_id RHSA-2025:0851
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0851
21
reference_url https://access.redhat.com/errata/RHSA-2025:0875
reference_id RHSA-2025:0875
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0875
22
reference_url https://access.redhat.com/errata/RHSA-2025:0892
reference_id RHSA-2025:0892
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0892
23
reference_url https://access.redhat.com/errata/RHSA-2025:1051
reference_id RHSA-2025:1051
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1051
24
reference_url https://access.redhat.com/errata/RHSA-2025:1448
reference_id RHSA-2025:1448
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1448
25
reference_url https://access.redhat.com/errata/RHSA-2025:2652
reference_id RHSA-2025:2652
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2652
26
reference_url https://access.redhat.com/errata/RHSA-2025:3368
reference_id RHSA-2025:3368
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3368
27
reference_url https://access.redhat.com/errata/RHSA-2025:3374
reference_id RHSA-2025:3374
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3374
28
reference_url https://access.redhat.com/errata/RHSA-2025:3397
reference_id RHSA-2025:3397
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3397
29
reference_url https://access.redhat.com/errata/RHSA-2026:2737
reference_id RHSA-2026:2737
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2737
30
reference_url https://access.redhat.com/errata/RHSA-2026:3406
reference_id RHSA-2026:3406
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3406
fixed_packages
0
url pkg:npm/nanoid@3.3.8
purl pkg:npm/nanoid@3.3.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/nanoid@3.3.8
1
url pkg:npm/nanoid@5.0.9
purl pkg:npm/nanoid@5.0.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/nanoid@5.0.9
aliases CVE-2024-55565, GHSA-mwcw-c2x4-8c55
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s6f3-3mxh-ekfr
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/nanoid@3.1.2