Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/openpgp@2.3.5
Typenpm
Namespace
Nameopenpgp
Version2.3.5
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.10.11
Latest_non_vulnerable_version6.1.1
Affected_by_vulnerabilities
0
url VCID-6yrb-1xx1-zkfx
vulnerability_id VCID-6yrb-1xx1-zkfx
summary OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. In affected versions OpenPGP Cleartext Signed Messages are cryptographically signed messages where the signed text is readable without special tools. These messages typically contain a "Hash: ..." header declaring the hash algorithm used to compute the signature digest. OpenPGP.js up to v5.9.0 ignored any data preceding the "Hash: ..." texts when verifying the signature. As a result, malicious parties could add arbitrary text to a third-party Cleartext Signed Message, to lead the victim to believe that the arbitrary text was signed. A user or application is vulnerable to said attack vector if it verifies the CleartextMessage by only checking the returned `verified` property, discarding the associated `data` information, and instead _visually trusting_ the contents of the original message. Since `verificationResult.data` would always contain the actual signed data, users and apps that check this information are not vulnerable. Similarly, given a CleartextMessage object, retrieving the data using `getText()` or the `text` field returns only the contents that are considered when verifying the signature. Finally, re-armoring a CleartextMessage object (using `armor()` will also result in a "sanitised" version, with the extraneous text being removed. This issue has been addressed in version 5.10.1 (current stable version) which will reject messages when calling `openpgp.readCleartextMessage()` and in version 4.10.11 (legacy version) which will will reject messages when calling `openpgp.cleartext.readArmored()`. Users are advised to upgrade. Users unable to upgrade should check the contents of `verificationResult.data` to see what data was actually signed, rather than visually trusting the contents of the armored message.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-41037
reference_id
reference_type
scores
0
value 0.00095
scoring_system epss
scoring_elements 0.26313
published_at 2026-06-11T12:55:00Z
1
value 0.00095
scoring_system epss
scoring_elements 0.26514
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-41037
1
reference_url https://github.com/openpgpjs/openpgpjs
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openpgpjs/openpgpjs
2
reference_url https://github.com/openpgpjs/openpgpjs/releases/tag/v4.10.11
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openpgpjs/openpgpjs/releases/tag/v4.10.11
3
reference_url https://github.com/openpgpjs/openpgpjs/releases/tag/v5.10.1
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openpgpjs/openpgpjs/releases/tag/v5.10.1
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-41037
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-41037
5
reference_url https://github.com/openpgpjs/openpgpjs/commit/6b43e02a254853f5ff508ebd1b07541f78b7c566
reference_id 6b43e02a254853f5ff508ebd1b07541f78b7c566
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T17:34:19Z/
url https://github.com/openpgpjs/openpgpjs/commit/6b43e02a254853f5ff508ebd1b07541f78b7c566
6
reference_url https://github.com/advisories/GHSA-ch3c-v47x-4pgp
reference_id GHSA-ch3c-v47x-4pgp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-ch3c-v47x-4pgp
7
reference_url https://github.com/openpgpjs/openpgpjs/security/advisories/GHSA-ch3c-v47x-4pgp
reference_id GHSA-ch3c-v47x-4pgp
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T17:34:19Z/
url https://github.com/openpgpjs/openpgpjs/security/advisories/GHSA-ch3c-v47x-4pgp
fixed_packages
0
url pkg:npm/openpgp@4.10.11
purl pkg:npm/openpgp@4.10.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/openpgp@4.10.11
1
url pkg:npm/openpgp@5.0.0-0
purl pkg:npm/openpgp@5.0.0-0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/openpgp@5.0.0-0
2
url pkg:npm/openpgp@5.10.1
purl pkg:npm/openpgp@5.10.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qf6a-uxgq-h3bj
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/openpgp@5.10.1
aliases CVE-2023-41037, GHSA-ch3c-v47x-4pgp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6yrb-1xx1-zkfx
1
url VCID-ex13-d3nb-z3an
vulnerability_id VCID-ex13-d3nb-z3an
summary Message Signature Bypass in openpgp
references
0
reference_url http://packetstormsecurity.com/files/154191/OpenPGP.js-4.2.0-Signature-Bypass-Invalid-Curve-Attack.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/154191/OpenPGP.js-4.2.0-Signature-Bypass-Invalid-Curve-Attack.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-9153
reference_id
reference_type
scores
0
value 0.00362
scoring_system epss
scoring_elements 0.58741
published_at 2026-06-11T12:55:00Z
1
value 0.00362
scoring_system epss
scoring_elements 0.58853
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-9153
2
reference_url https://github.com/openpgpjs/openpgpjs/pull/797/commits/327d3e5392a6f59a4270569d200c7f7a2bfc4cbc
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openpgpjs/openpgpjs/pull/797/commits/327d3e5392a6f59a4270569d200c7f7a2bfc4cbc
3
reference_url https://github.com/openpgpjs/openpgpjs/pull/816
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openpgpjs/openpgpjs/pull/816
4
reference_url https://github.com/openpgpjs/openpgpjs/releases/tag/v4.2.0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openpgpjs/openpgpjs/releases/tag/v4.2.0
5
reference_url https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-openpgp-js
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-openpgp-js
6
reference_url https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-openpgp-js/
reference_id
reference_type
scores
url https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-openpgp-js/
7
reference_url https://snyk.io/vuln/SNYK-JS-OPENPGP-460248
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JS-OPENPGP-460248
8
reference_url https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/Mailvelope_Extensions/Mailvelope_Extensions_pdf.html#download=1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/Mailvelope_Extensions/Mailvelope_Extensions_pdf.html#download=1
9
reference_url https://www.npmjs.com/advisories/1160
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/1160
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-9153
reference_id CVE-2019-9153
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-9153
11
reference_url https://github.com/advisories/GHSA-qwqc-28w3-fww6
reference_id GHSA-qwqc-28w3-fww6
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qwqc-28w3-fww6
fixed_packages
0
url pkg:npm/openpgp@4.2.0
purl pkg:npm/openpgp@4.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6yrb-1xx1-zkfx
1
vulnerability VCID-pqph-mbcy-6uce
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/openpgp@4.2.0
aliases CVE-2019-9153, GHSA-qwqc-28w3-fww6
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ex13-d3nb-z3an
2
url VCID-pqph-mbcy-6uce
vulnerability_id VCID-pqph-mbcy-6uce
summary Invalid Curve Attack in openpgp
references
0
reference_url http://packetstormsecurity.com/files/154191/OpenPGP.js-4.2.0-Signature-Bypass-Invalid-Curve-Attack.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/154191/OpenPGP.js-4.2.0-Signature-Bypass-Invalid-Curve-Attack.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-9155
reference_id
reference_type
scores
0
value 0.00309
scoring_system epss
scoring_elements 0.54492
published_at 2026-06-11T12:55:00Z
1
value 0.00309
scoring_system epss
scoring_elements 0.54618
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-9155
2
reference_url https://github.com/openpgpjs/openpgpjs/pull/853
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openpgpjs/openpgpjs/pull/853
3
reference_url https://github.com/openpgpjs/openpgpjs/pull/853/commits/7ba4f8c655e7fd7706e8d7334e44b40fdf56c43e
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openpgpjs/openpgpjs/pull/853/commits/7ba4f8c655e7fd7706e8d7334e44b40fdf56c43e
4
reference_url https://github.com/openpgpjs/openpgpjs/releases/tag/v4.3.0
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openpgpjs/openpgpjs/releases/tag/v4.3.0
5
reference_url https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-openpgp-js
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-openpgp-js
6
reference_url https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-openpgp-js/
reference_id
reference_type
scores
url https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-openpgp-js/
7
reference_url https://snyk.io/vuln/SNYK-JS-OPENPGP-460225
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JS-OPENPGP-460225
8
reference_url https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/Mailvelope_Extensions/Mailvelope_Extensions_pdf.html#download=1
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/Mailvelope_Extensions/Mailvelope_Extensions_pdf.html#download=1
9
reference_url https://www.npmjs.com/advisories/1159
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/1159
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-9155
reference_id CVE-2019-9155
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-9155
11
reference_url https://github.com/advisories/GHSA-77jf-fjjf-xcww
reference_id GHSA-77jf-fjjf-xcww
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-77jf-fjjf-xcww
fixed_packages
0
url pkg:npm/openpgp@4.2.1
purl pkg:npm/openpgp@4.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6yrb-1xx1-zkfx
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/openpgp@4.2.1
1
url pkg:npm/openpgp@4.3.0
purl pkg:npm/openpgp@4.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6yrb-1xx1-zkfx
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/openpgp@4.3.0
aliases CVE-2019-9155, GHSA-77jf-fjjf-xcww
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pqph-mbcy-6uce
3
url VCID-umd7-y588-3bh7
vulnerability_id VCID-umd7-y588-3bh7
summary Improper Key Verification in openpgp
references
0
reference_url http://packetstormsecurity.com/files/154191/OpenPGP.js-4.2.0-Signature-Bypass-Invalid-Curve-Attack.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/154191/OpenPGP.js-4.2.0-Signature-Bypass-Invalid-Curve-Attack.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-9154
reference_id
reference_type
scores
0
value 0.00389
scoring_system epss
scoring_elements 0.60419
published_at 2026-06-11T12:55:00Z
1
value 0.00389
scoring_system epss
scoring_elements 0.60525
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-9154
2
reference_url https://github.com/openpgpjs/openpgpjs/pull/797
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openpgpjs/openpgpjs/pull/797
3
reference_url https://github.com/openpgpjs/openpgpjs/pull/797/commits/47138eed61473e13ee8f05931119d3e10542c5e1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openpgpjs/openpgpjs/pull/797/commits/47138eed61473e13ee8f05931119d3e10542c5e1
4
reference_url https://github.com/openpgpjs/openpgpjs/releases/tag/v4.2.0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openpgpjs/openpgpjs/releases/tag/v4.2.0
5
reference_url https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-openpgp-js
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-openpgp-js
6
reference_url https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-openpgp-js/
reference_id
reference_type
scores
url https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-openpgp-js/
7
reference_url https://snyk.io/vuln/SNYK-JS-OPENPGP-460247
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JS-OPENPGP-460247
8
reference_url https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/Mailvelope_Extensions/Mailvelope_Extensions_pdf.html#download=1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/Mailvelope_Extensions/Mailvelope_Extensions_pdf.html#download=1
9
reference_url https://www.npmjs.com/advisories/1161
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/1161
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-9154
reference_id CVE-2019-9154
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-9154
11
reference_url https://github.com/advisories/GHSA-hfmf-q43v-2ffj
reference_id GHSA-hfmf-q43v-2ffj
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hfmf-q43v-2ffj
fixed_packages
0
url pkg:npm/openpgp@4.2.0
purl pkg:npm/openpgp@4.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6yrb-1xx1-zkfx
1
vulnerability VCID-pqph-mbcy-6uce
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/openpgp@4.2.0
aliases CVE-2019-9154, GHSA-hfmf-q43v-2ffj
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-umd7-y588-3bh7
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/openpgp@2.3.5