Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/nodejs@14.17.6-r0?arch=armv7&distroversion=v3.19&reponame=main
Typeapk
Namespacealpine
Namenodejs
Version14.17.6-r0
Qualifiers
arch armv7
distroversion v3.19
reponame main
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version14.18.1-r0
Latest_non_vulnerable_version20.15.1-r0
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-1tz4-bphw-rbd3
vulnerability_id VCID-1tz4-bphw-rbd3
summary 
Path Traversal
This npm package has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-37701.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-37701.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-37701
reference_id
reference_type
scores
0
value 0.0011
scoring_system epss
scoring_elements 0.29492
published_at 2026-04-09T12:55:00Z
1
value 0.0011
scoring_system epss
scoring_elements 0.29398
published_at 2026-04-13T12:55:00Z
2
value 0.0011
scoring_system epss
scoring_elements 0.2945
published_at 2026-04-12T12:55:00Z
3
value 0.0011
scoring_system epss
scoring_elements 0.29495
published_at 2026-04-11T12:55:00Z
4
value 0.0011
scoring_system epss
scoring_elements 0.29453
published_at 2026-04-01T12:55:00Z
5
value 0.0011
scoring_system epss
scoring_elements 0.29519
published_at 2026-04-02T12:55:00Z
6
value 0.0011
scoring_system epss
scoring_elements 0.29567
published_at 2026-04-04T12:55:00Z
7
value 0.0011
scoring_system epss
scoring_elements 0.29388
published_at 2026-04-07T12:55:00Z
8
value 0.0011
scoring_system epss
scoring_elements 0.29452
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-37701
2
reference_url https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37701
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37701
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37712
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37712
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/npm/node-tar
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/npm/node-tar
7
reference_url https://github.com/npm/node-tar/security/advisories/GHSA-9r2w-394v-53qc
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/npm/node-tar/security/advisories/GHSA-9r2w-394v-53qc
8
reference_url https://lists.debian.org/debian-lts-announce/2022/12/msg00023.html
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/12/msg00023.html
9
reference_url https://www.debian.org/security/2021/dsa-5008
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2021/dsa-5008
10
reference_url https://www.npmjs.com/package/tar
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/package/tar
11
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1999731
reference_id 1999731
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1999731
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-37701
reference_id CVE-2021-37701
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-37701
14
reference_url https://github.com/advisories/GHSA-9r2w-394v-53qc
reference_id GHSA-9r2w-394v-53qc
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9r2w-394v-53qc
15
reference_url https://security.gentoo.org/glsa/202405-29
reference_id GLSA-202405-29
reference_type
scores
url https://security.gentoo.org/glsa/202405-29
16
reference_url https://access.redhat.com/errata/RHSA-2021:5086
reference_id RHSA-2021:5086
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5086
17
reference_url https://access.redhat.com/errata/RHSA-2022:0041
reference_id RHSA-2022:0041
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0041
18
reference_url https://access.redhat.com/errata/RHSA-2022:0246
reference_id RHSA-2022:0246
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0246
19
reference_url https://access.redhat.com/errata/RHSA-2022:0350
reference_id RHSA-2022:0350
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0350
20
reference_url https://access.redhat.com/errata/RHSA-2022:4914
reference_id RHSA-2022:4914
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4914
fixed_packages
0
url pkg:apk/alpine/nodejs@14.17.6-r0?arch=armv7&distroversion=v3.19&reponame=main
purl pkg:apk/alpine/nodejs@14.17.6-r0?arch=armv7&distroversion=v3.19&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs@14.17.6-r0%3Farch=armv7&distroversion=v3.19&reponame=main
aliases CVE-2021-37701, GHSA-9r2w-394v-53qc
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1tz4-bphw-rbd3
1
url VCID-7mtb-yaq7-77ep
vulnerability_id VCID-7mtb-yaq7-77ep
summary 
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The npm package "tar" (aka node-tar) has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in order to prevent unnecessary stat calls to determine whether a given path is a directory, paths are cached when directories are created.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-37712.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-37712.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-37712
reference_id
reference_type
scores
0
value 0.00085
scoring_system epss
scoring_elements 0.24623
published_at 2026-04-01T12:55:00Z
1
value 0.00085
scoring_system epss
scoring_elements 0.2458
published_at 2026-04-08T12:55:00Z
2
value 0.00085
scoring_system epss
scoring_elements 0.24509
published_at 2026-04-07T12:55:00Z
3
value 0.00085
scoring_system epss
scoring_elements 0.24737
published_at 2026-04-04T12:55:00Z
4
value 0.00085
scoring_system epss
scoring_elements 0.24698
published_at 2026-04-02T12:55:00Z
5
value 0.00085
scoring_system epss
scoring_elements 0.24545
published_at 2026-04-13T12:55:00Z
6
value 0.00085
scoring_system epss
scoring_elements 0.246
published_at 2026-04-12T12:55:00Z
7
value 0.00085
scoring_system epss
scoring_elements 0.24643
published_at 2026-04-11T12:55:00Z
8
value 0.00085
scoring_system epss
scoring_elements 0.24626
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-37712
2
reference_url https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37701
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37701
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37712
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37712
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/isaacs/node-tar/commit/1739408d3122af897caefd09662bce2ea477533b
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/isaacs/node-tar/commit/1739408d3122af897caefd09662bce2ea477533b
7
reference_url https://github.com/isaacs/node-tar/commit/2f1bca027286c23e110b8dfc7efc10756fa3db5a
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/isaacs/node-tar/commit/2f1bca027286c23e110b8dfc7efc10756fa3db5a
8
reference_url https://github.com/isaacs/node-tar/commit/3aaf19b2501bbddb145d92b3322c80dcaed3c35f
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/isaacs/node-tar/commit/3aaf19b2501bbddb145d92b3322c80dcaed3c35f
9
reference_url https://github.com/isaacs/node-tar/commit/b6162c7fafe797f856564ef37f4b82747f051455
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/isaacs/node-tar/commit/b6162c7fafe797f856564ef37f4b82747f051455
10
reference_url https://github.com/isaacs/node-tar/commit/bb93ba243746f705092905da1955ac3b0509ba1e
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/isaacs/node-tar/commit/bb93ba243746f705092905da1955ac3b0509ba1e
11
reference_url https://github.com/isaacs/node-tar/commit/d56f790bda9fea807dd80c5083f24771dbdd6eb1
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/isaacs/node-tar/commit/d56f790bda9fea807dd80c5083f24771dbdd6eb1
12
reference_url https://github.com/npm/node-tar
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/npm/node-tar
13
reference_url https://lists.debian.org/debian-lts-announce/2022/12/msg00023.html
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/12/msg00023.html
14
reference_url https://www.debian.org/security/2021/dsa-5008
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2021/dsa-5008
15
reference_url https://www.npmjs.com/package/tar
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/package/tar
16
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1999739
reference_id 1999739
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1999739
18
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993981
reference_id 993981
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993981
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-37712
reference_id CVE-2021-37712
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-37712
20
reference_url https://github.com/advisories/GHSA-qq89-hq3f-393p
reference_id GHSA-qq89-hq3f-393p
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qq89-hq3f-393p
21
reference_url https://github.com/npm/node-tar/security/advisories/GHSA-qq89-hq3f-393p
reference_id GHSA-qq89-hq3f-393p
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/npm/node-tar/security/advisories/GHSA-qq89-hq3f-393p
22
reference_url https://security.gentoo.org/glsa/202405-29
reference_id GLSA-202405-29
reference_type
scores
url https://security.gentoo.org/glsa/202405-29
23
reference_url https://access.redhat.com/errata/RHSA-2021:5086
reference_id RHSA-2021:5086
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5086
24
reference_url https://access.redhat.com/errata/RHSA-2022:0041
reference_id RHSA-2022:0041
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0041
25
reference_url https://access.redhat.com/errata/RHSA-2022:0246
reference_id RHSA-2022:0246
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0246
26
reference_url https://access.redhat.com/errata/RHSA-2022:0350
reference_id RHSA-2022:0350
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0350
27
reference_url https://access.redhat.com/errata/RHSA-2022:4914
reference_id RHSA-2022:4914
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4914
fixed_packages
0
url pkg:apk/alpine/nodejs@14.17.6-r0?arch=armv7&distroversion=v3.19&reponame=main
purl pkg:apk/alpine/nodejs@14.17.6-r0?arch=armv7&distroversion=v3.19&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs@14.17.6-r0%3Farch=armv7&distroversion=v3.19&reponame=main
aliases CVE-2021-37712, GHSA-qq89-hq3f-393p
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7mtb-yaq7-77ep
2
url VCID-9vk1-2ysq-3ygd
vulnerability_id VCID-9vk1-2ysq-3ygd
summary 
UNIX Symbolic Link (Symlink) Following
`@npmcli/arborist`, the library that calculates dependency trees and manages the node_modules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder. This is accomplished by extracting package contents into a project's `node_modules` folder. If the `node_modules` folder of the root project or any of its dependencies is somehow replaced with a symbolic link, it could allow Arborist to write package dependencies to any arbitrary location on the file system. Note that symbolic links contained within package artifact contents are filtered out, so another means of creating a `node_modules` symbolic link would have to be employed. A `preinstall` script could replace `node_modules` with a symlink. (This is prevented by using `--ignore-scripts`.) An attacker could supply the target with a git repository, instructing them to run `npm install --ignore-scripts` in the root. This may be successful, because `npm install --ignore-scripts` is typically not capable of making changes outside of the project directory, so it may be deemed safe. This is patched in @npmcli/arborist which is included in npm v7.20.7. For more information including workarounds please see the referenced GHSA-gmw6-94gg-2rc2.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39135.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39135.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39135
reference_id
reference_type
scores
0
value 0.00211
scoring_system epss
scoring_elements 0.43571
published_at 2026-04-13T12:55:00Z
1
value 0.00211
scoring_system epss
scoring_elements 0.43507
published_at 2026-04-01T12:55:00Z
2
value 0.00211
scoring_system epss
scoring_elements 0.43569
published_at 2026-04-02T12:55:00Z
3
value 0.00211
scoring_system epss
scoring_elements 0.43596
published_at 2026-04-04T12:55:00Z
4
value 0.00211
scoring_system epss
scoring_elements 0.43533
published_at 2026-04-07T12:55:00Z
5
value 0.00211
scoring_system epss
scoring_elements 0.43584
published_at 2026-04-08T12:55:00Z
6
value 0.00211
scoring_system epss
scoring_elements 0.43599
published_at 2026-04-09T12:55:00Z
7
value 0.00211
scoring_system epss
scoring_elements 0.43617
published_at 2026-04-11T12:55:00Z
8
value 0.00211
scoring_system epss
scoring_elements 0.43586
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39135
2
reference_url https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39135
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39135
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/npm/arborist
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/npm/arborist
6
reference_url https://www.npmjs.com/package/@npmcli/arborist
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/package/@npmcli/arborist
7
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1999745
reference_id 1999745
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1999745
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993405
reference_id 993405
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993405
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-39135
reference_id CVE-2021-39135
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-39135
11
reference_url https://github.com/advisories/GHSA-gmw6-94gg-2rc2
reference_id GHSA-gmw6-94gg-2rc2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gmw6-94gg-2rc2
12
reference_url https://github.com/npm/arborist/security/advisories/GHSA-gmw6-94gg-2rc2
reference_id GHSA-gmw6-94gg-2rc2
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/npm/arborist/security/advisories/GHSA-gmw6-94gg-2rc2
13
reference_url https://security.gentoo.org/glsa/202405-29
reference_id GLSA-202405-29
reference_type
scores
url https://security.gentoo.org/glsa/202405-29
fixed_packages
0
url pkg:apk/alpine/nodejs@14.17.6-r0?arch=armv7&distroversion=v3.19&reponame=main
purl pkg:apk/alpine/nodejs@14.17.6-r0?arch=armv7&distroversion=v3.19&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs@14.17.6-r0%3Farch=armv7&distroversion=v3.19&reponame=main
aliases CVE-2021-39135, GHSA-gmw6-94gg-2rc2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9vk1-2ysq-3ygd
3
url VCID-m4hj-dq8q-67f6
vulnerability_id VCID-m4hj-dq8q-67f6
summary 
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The npm package "tar" (aka node-tar) has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be outside of the extraction target directory is not extracted.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-37713.json
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-37713.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-37713
reference_id
reference_type
scores
0
value 0.00316
scoring_system epss
scoring_elements 0.54563
published_at 2026-04-01T12:55:00Z
1
value 0.00316
scoring_system epss
scoring_elements 0.54671
published_at 2026-04-12T12:55:00Z
2
value 0.00316
scoring_system epss
scoring_elements 0.54687
published_at 2026-04-11T12:55:00Z
3
value 0.00316
scoring_system epss
scoring_elements 0.54674
published_at 2026-04-09T12:55:00Z
4
value 0.00316
scoring_system epss
scoring_elements 0.54678
published_at 2026-04-08T12:55:00Z
5
value 0.00316
scoring_system epss
scoring_elements 0.54626
published_at 2026-04-07T12:55:00Z
6
value 0.00316
scoring_system epss
scoring_elements 0.54656
published_at 2026-04-04T12:55:00Z
7
value 0.00316
scoring_system epss
scoring_elements 0.54633
published_at 2026-04-02T12:55:00Z
8
value 0.00316
scoring_system epss
scoring_elements 0.54649
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-37713
2
reference_url https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/isaacs/node-tar/commit/52b09e309bcae0c741a7eb79a17ef36e7828b946
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/isaacs/node-tar/commit/52b09e309bcae0c741a7eb79a17ef36e7828b946
5
reference_url https://github.com/isaacs/node-tar/commit/82eac952f7c10765969ed464e549375854b26edc
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/isaacs/node-tar/commit/82eac952f7c10765969ed464e549375854b26edc
6
reference_url https://github.com/isaacs/node-tar/commit/875a37e3ec031186fc6599f6807341f56c584598
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/isaacs/node-tar/commit/875a37e3ec031186fc6599f6807341f56c584598
7
reference_url https://github.com/npm/node-tar
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/npm/node-tar
8
reference_url https://www.npmjs.com/package/tar
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/package/tar
9
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2033394
reference_id 2033394
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2033394
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-37713
reference_id CVE-2021-37713
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-37713
12
reference_url https://github.com/advisories/GHSA-5955-9wpr-37jh
reference_id GHSA-5955-9wpr-37jh
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5955-9wpr-37jh
13
reference_url https://github.com/npm/node-tar/security/advisories/GHSA-5955-9wpr-37jh
reference_id GHSA-5955-9wpr-37jh
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/npm/node-tar/security/advisories/GHSA-5955-9wpr-37jh
fixed_packages
0
url pkg:apk/alpine/nodejs@14.17.6-r0?arch=armv7&distroversion=v3.19&reponame=main
purl pkg:apk/alpine/nodejs@14.17.6-r0?arch=armv7&distroversion=v3.19&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs@14.17.6-r0%3Farch=armv7&distroversion=v3.19&reponame=main
aliases CVE-2021-37713, GHSA-5955-9wpr-37jh
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m4hj-dq8q-67f6
4
url VCID-myru-vzn7-u7cf
vulnerability_id VCID-myru-vzn7-u7cf
summary 
UNIX Symbolic Link (Symlink) Following
`@npmcli/arborist`, the library that calculates dependency trees and manages the `node_modules` folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39134.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39134.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39134
reference_id
reference_type
scores
0
value 0.00718
scoring_system epss
scoring_elements 0.72433
published_at 2026-04-13T12:55:00Z
1
value 0.00718
scoring_system epss
scoring_elements 0.72386
published_at 2026-04-01T12:55:00Z
2
value 0.00718
scoring_system epss
scoring_elements 0.72391
published_at 2026-04-02T12:55:00Z
3
value 0.00718
scoring_system epss
scoring_elements 0.72409
published_at 2026-04-04T12:55:00Z
4
value 0.00718
scoring_system epss
scoring_elements 0.72387
published_at 2026-04-07T12:55:00Z
5
value 0.00718
scoring_system epss
scoring_elements 0.72425
published_at 2026-04-08T12:55:00Z
6
value 0.00718
scoring_system epss
scoring_elements 0.72437
published_at 2026-04-09T12:55:00Z
7
value 0.00718
scoring_system epss
scoring_elements 0.7246
published_at 2026-04-11T12:55:00Z
8
value 0.00718
scoring_system epss
scoring_elements 0.72443
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39134
2
reference_url https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39134
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39134
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/npm/arborist
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/npm/arborist
6
reference_url https://www.npmjs.com/package/@npmcli/arborist
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/package/@npmcli/arborist
7
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1999744
reference_id 1999744
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1999744
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993407
reference_id 993407
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993407
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-39134
reference_id CVE-2021-39134
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-39134
11
reference_url https://github.com/advisories/GHSA-2h3h-q99f-3fhc
reference_id GHSA-2h3h-q99f-3fhc
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2h3h-q99f-3fhc
12
reference_url https://github.com/npm/arborist/security/advisories/GHSA-2h3h-q99f-3fhc
reference_id GHSA-2h3h-q99f-3fhc
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/npm/arborist/security/advisories/GHSA-2h3h-q99f-3fhc
13
reference_url https://security.gentoo.org/glsa/202405-29
reference_id GLSA-202405-29
reference_type
scores
url https://security.gentoo.org/glsa/202405-29
fixed_packages
0
url pkg:apk/alpine/nodejs@14.17.6-r0?arch=armv7&distroversion=v3.19&reponame=main
purl pkg:apk/alpine/nodejs@14.17.6-r0?arch=armv7&distroversion=v3.19&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs@14.17.6-r0%3Farch=armv7&distroversion=v3.19&reponame=main
aliases CVE-2021-39134, GHSA-2h3h-q99f-3fhc
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-myru-vzn7-u7cf
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs@14.17.6-r0%3Farch=armv7&distroversion=v3.19&reponame=main