Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:apk/alpine/nodejs@12.22.10-r0?arch=ppc64le&distroversion=v3.12&reponame=main

Type apk

Namespace alpine

Name nodejs

Version 12.22.10-r0

Qualifiers

arch	ppc64le
distroversion	v3.12
reponame	main

Subpath

Is_vulnerable false

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-5cf7-va9h-h3gy

vulnerability_id VCID-5cf7-va9h-h3gy

summary

Improper Certificate Validation
Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 was accepting URI SAN types, which PKIs are often not defined to use. Additionally, when a protocol allows URI SANs, Node.js does not match the URI correctly.Versions of Node.js with the fix for this disable the URI SAN type when checking a certificate against a hostname. This behavior can be reverted through the --security-revert command-line option.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44531.json

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44531.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-44531

reference_id

reference_type

scores

value	0.00076
scoring_system	epss
scoring_elements	0.22783
published_at	2026-04-01T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22952
published_at	2026-04-02T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22996
published_at	2026-04-04T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22789
published_at	2026-04-07T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22863
published_at	2026-04-08T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22916
published_at	2026-04-09T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22936
published_at	2026-04-11T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22899
published_at	2026-04-12T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22843
published_at	2026-04-13T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22856
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-44531

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://hackerone.com/reports/1429694
reference_id
reference_type
scores
url	https://hackerone.com/reports/1429694

reference_url	https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/
reference_id
reference_type
scores
url	https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/

reference_url	https://security.netapp.com/advisory/ntap-20220325-0007/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220325-0007/

reference_url	https://www.debian.org/security/2022/dsa-5170
reference_id
reference_type
scores
url	https://www.debian.org/security/2022/dsa-5170

reference_url	https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url	https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpujul2022.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004177
reference_id	1004177
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004177

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2040839
reference_id	2040839
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2040839

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2021-44531
reference_id	CVE-2021-44531
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2021-44531

reference_url	https://security.gentoo.org/glsa/202405-29
reference_id	GLSA-202405-29
reference_type
scores
url	https://security.gentoo.org/glsa/202405-29

reference_url	https://access.redhat.com/errata/RHSA-2022:4914
reference_id	RHSA-2022:4914
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:4914

reference_url	https://access.redhat.com/errata/RHSA-2022:7044
reference_id	RHSA-2022:7044
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7044

reference_url	https://access.redhat.com/errata/RHSA-2022:7830
reference_id	RHSA-2022:7830
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7830

reference_url	https://access.redhat.com/errata/RHSA-2022:9073
reference_id	RHSA-2022:9073
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:9073

reference_url	https://access.redhat.com/errata/RHSA-2023:1742
reference_id	RHSA-2023:1742
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1742

reference_url	https://access.redhat.com/errata/RHSA-2023:3742
reference_id	RHSA-2023:3742
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3742

fixed_packages

url	pkg:apk/alpine/nodejs@12.22.10-r0?arch=ppc64le&distroversion=v3.12&reponame=main
purl	pkg:apk/alpine/nodejs@12.22.10-r0?arch=ppc64le&distroversion=v3.12&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs@12.22.10-r0%3Farch=ppc64le&distroversion=v3.12&reponame=main

aliases CVE-2021-44531

risk_score 3.4

exploitability 0.5

weighted_severity 6.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5cf7-va9h-h3gy

url VCID-e18p-c3m9-2qgy

vulnerability_id VCID-e18p-c3m9-2qgy

summary Multiple vulnerabilities have been discovered in Node.js.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44532.json

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44532.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-44532

reference_id

reference_type

scores

value	0.00132
scoring_system	epss
scoring_elements	0.32731
published_at	2026-04-01T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.32862
published_at	2026-04-02T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.32897
published_at	2026-04-04T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.32718
published_at	2026-04-07T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.32765
published_at	2026-04-08T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.32792
published_at	2026-04-09T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.32794
published_at	2026-04-11T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.32756
published_at	2026-04-12T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.3273
published_at	2026-04-13T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.32771
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-44532

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004177
reference_id	1004177
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004177

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2040846
reference_id	2040846
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2040846

reference_url	https://security.gentoo.org/glsa/202405-29
reference_id	GLSA-202405-29
reference_type
scores
url	https://security.gentoo.org/glsa/202405-29

reference_url	https://access.redhat.com/errata/RHSA-2022:4914
reference_id	RHSA-2022:4914
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:4914

reference_url	https://access.redhat.com/errata/RHSA-2022:7044
reference_id	RHSA-2022:7044
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7044

reference_url	https://access.redhat.com/errata/RHSA-2022:7830
reference_id	RHSA-2022:7830
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7830

reference_url	https://access.redhat.com/errata/RHSA-2022:9073
reference_id	RHSA-2022:9073
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:9073

reference_url	https://access.redhat.com/errata/RHSA-2023:1742
reference_id	RHSA-2023:1742
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1742

reference_url	https://access.redhat.com/errata/RHSA-2023:3742
reference_id	RHSA-2023:3742
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3742

fixed_packages

url	pkg:apk/alpine/nodejs@12.22.10-r0?arch=ppc64le&distroversion=v3.12&reponame=main
purl	pkg:apk/alpine/nodejs@12.22.10-r0?arch=ppc64le&distroversion=v3.12&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs@12.22.10-r0%3Farch=ppc64le&distroversion=v3.12&reponame=main

aliases CVE-2021-44532

risk_score 3.4

exploitability 0.5

weighted_severity 6.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e18p-c3m9-2qgy

url VCID-gwyr-ac4e-dqfa

vulnerability_id VCID-gwyr-ac4e-dqfa

summary

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
The llhttp parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22959.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22959.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-22959

reference_id

reference_type

scores

value	0.00212
scoring_system	epss
scoring_elements	0.43692
published_at	2026-04-01T12:55:00Z

value	0.00212
scoring_system	epss
scoring_elements	0.43791
published_at	2026-04-16T12:55:00Z

value	0.00212
scoring_system	epss
scoring_elements	0.43746
published_at	2026-04-12T12:55:00Z

value	0.00212
scoring_system	epss
scoring_elements	0.4373
published_at	2026-04-13T12:55:00Z

value	0.00212
scoring_system	epss
scoring_elements	0.43747
published_at	2026-04-02T12:55:00Z

value	0.00212
scoring_system	epss
scoring_elements	0.43772
published_at	2026-04-04T12:55:00Z

value	0.00212
scoring_system	epss
scoring_elements	0.43706
published_at	2026-04-07T12:55:00Z

value	0.00212
scoring_system	epss
scoring_elements	0.43756
published_at	2026-04-08T12:55:00Z

value	0.00212
scoring_system	epss
scoring_elements	0.43759
published_at	2026-04-09T12:55:00Z

value	0.00212
scoring_system	epss
scoring_elements	0.43779
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-22959

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://hackerone.com/reports/1238709
reference_id
reference_type
scores
url	https://hackerone.com/reports/1238709

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2014057
reference_id	2014057
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2014057

reference_url	https://security.archlinux.org/ASA-202110-4
reference_id	ASA-202110-4
reference_type
scores
url	https://security.archlinux.org/ASA-202110-4

reference_url

https://security.archlinux.org/AVG-2460

reference_id

AVG-2460

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2460

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2021-22959
reference_id	CVE-2021-22959
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2021-22959

reference_url	https://security.gentoo.org/glsa/202405-29
reference_id	GLSA-202405-29
reference_type
scores
url	https://security.gentoo.org/glsa/202405-29

reference_url	https://access.redhat.com/errata/RHSA-2021:5171
reference_id	RHSA-2021:5171
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:5171

reference_url	https://access.redhat.com/errata/RHSA-2022:0041
reference_id	RHSA-2022:0041
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0041

reference_url	https://access.redhat.com/errata/RHSA-2022:0246
reference_id	RHSA-2022:0246
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0246

reference_url	https://access.redhat.com/errata/RHSA-2022:0350
reference_id	RHSA-2022:0350
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0350

reference_url	https://access.redhat.com/errata/RHSA-2022:4914
reference_id	RHSA-2022:4914
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:4914

fixed_packages

url	pkg:apk/alpine/nodejs@12.22.10-r0?arch=ppc64le&distroversion=v3.12&reponame=main
purl	pkg:apk/alpine/nodejs@12.22.10-r0?arch=ppc64le&distroversion=v3.12&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs@12.22.10-r0%3Farch=ppc64le&distroversion=v3.12&reponame=main

aliases CVE-2021-22959

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gwyr-ac4e-dqfa

url VCID-m5ae-uc68-d3g2

vulnerability_id VCID-m5ae-uc68-d3g2

summary

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
This advisory has been marked as a false positive.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21824.json

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21824.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-21824

reference_id

reference_type

scores

value	0.00505
scoring_system	epss
scoring_elements	0.66171
published_at	2026-04-02T12:55:00Z

value	0.0066
scoring_system	epss
scoring_elements	0.71033
published_at	2026-04-07T12:55:00Z

value	0.0066
scoring_system	epss
scoring_elements	0.71076
published_at	2026-04-08T12:55:00Z

value	0.0066
scoring_system	epss
scoring_elements	0.71088
published_at	2026-04-09T12:55:00Z

value	0.0066
scoring_system	epss
scoring_elements	0.71111
published_at	2026-04-11T12:55:00Z

value	0.0066
scoring_system	epss
scoring_elements	0.71096
published_at	2026-04-12T12:55:00Z

value	0.0066
scoring_system	epss
scoring_elements	0.7108
published_at	2026-04-13T12:55:00Z

value	0.0066
scoring_system	epss
scoring_elements	0.71126
published_at	2026-04-16T12:55:00Z

value	0.0066
scoring_system	epss
scoring_elements	0.71058
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-21824

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://hackerone.com/reports/1431042
reference_id
reference_type
scores
url	https://hackerone.com/reports/1431042

reference_url	https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/
reference_id
reference_type
scores
url	https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/

reference_url	https://security.netapp.com/advisory/ntap-20220325-0007/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220325-0007/

reference_url	https://security.netapp.com/advisory/ntap-20220729-0004/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220729-0004/

reference_url	https://www.debian.org/security/2022/dsa-5170
reference_id
reference_type
scores
url	https://www.debian.org/security/2022/dsa-5170

reference_url	https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url	https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpujul2022.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004177
reference_id	1004177
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004177

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2040862
reference_id	2040862
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2040862

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-21824
reference_id	CVE-2022-21824
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-21824

reference_url	https://security.gentoo.org/glsa/202405-29
reference_id	GLSA-202405-29
reference_type
scores
url	https://security.gentoo.org/glsa/202405-29

reference_url	https://access.redhat.com/errata/RHSA-2022:4914
reference_id	RHSA-2022:4914
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:4914

reference_url	https://access.redhat.com/errata/RHSA-2022:7044
reference_id	RHSA-2022:7044
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7044

reference_url	https://access.redhat.com/errata/RHSA-2022:7830
reference_id	RHSA-2022:7830
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7830

reference_url	https://access.redhat.com/errata/RHSA-2022:9073
reference_id	RHSA-2022:9073
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:9073

reference_url	https://access.redhat.com/errata/RHSA-2023:1742
reference_id	RHSA-2023:1742
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1742

reference_url	https://access.redhat.com/errata/RHSA-2023:3742
reference_id	RHSA-2023:3742
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3742

fixed_packages

url	pkg:apk/alpine/nodejs@12.22.10-r0?arch=ppc64le&distroversion=v3.12&reponame=main
purl	pkg:apk/alpine/nodejs@12.22.10-r0?arch=ppc64le&distroversion=v3.12&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs@12.22.10-r0%3Farch=ppc64le&distroversion=v3.12&reponame=main

aliases CVE-2022-21824

risk_score 3.7

exploitability 0.5

weighted_severity 7.4

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m5ae-uc68-d3g2

url VCID-ms5y-gp7v-2qay

vulnerability_id VCID-ms5y-gp7v-2qay

summary Multiple vulnerabilities have been discovered in Node.js.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44533.json

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44533.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-44533

reference_id

reference_type

scores

value	0.00421
scoring_system	epss
scoring_elements	0.61846
published_at	2026-04-01T12:55:00Z

value	0.00421
scoring_system	epss
scoring_elements	0.6192
published_at	2026-04-07T12:55:00Z

value	0.00421
scoring_system	epss
scoring_elements	0.6195
published_at	2026-04-04T12:55:00Z

value	0.00421
scoring_system	epss
scoring_elements	0.61969
published_at	2026-04-08T12:55:00Z

value	0.00421
scoring_system	epss
scoring_elements	0.61987
published_at	2026-04-09T12:55:00Z

value	0.00421
scoring_system	epss
scoring_elements	0.62008
published_at	2026-04-11T12:55:00Z

value	0.00421
scoring_system	epss
scoring_elements	0.61997
published_at	2026-04-12T12:55:00Z

value	0.00421
scoring_system	epss
scoring_elements	0.61977
published_at	2026-04-13T12:55:00Z

value	0.00421
scoring_system	epss
scoring_elements	0.62019
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-44533

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004177
reference_id	1004177
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004177

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2040856
reference_id	2040856
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2040856

reference_url	https://security.gentoo.org/glsa/202405-29
reference_id	GLSA-202405-29
reference_type
scores
url	https://security.gentoo.org/glsa/202405-29

reference_url	https://access.redhat.com/errata/RHSA-2022:4914
reference_id	RHSA-2022:4914
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:4914

reference_url	https://access.redhat.com/errata/RHSA-2022:7044
reference_id	RHSA-2022:7044
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7044

reference_url	https://access.redhat.com/errata/RHSA-2022:7830
reference_id	RHSA-2022:7830
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7830

reference_url	https://access.redhat.com/errata/RHSA-2022:9073
reference_id	RHSA-2022:9073
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:9073

reference_url	https://access.redhat.com/errata/RHSA-2023:1742
reference_id	RHSA-2023:1742
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1742

reference_url	https://access.redhat.com/errata/RHSA-2023:3742
reference_id	RHSA-2023:3742
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3742

fixed_packages

url	pkg:apk/alpine/nodejs@12.22.10-r0?arch=ppc64le&distroversion=v3.12&reponame=main
purl	pkg:apk/alpine/nodejs@12.22.10-r0?arch=ppc64le&distroversion=v3.12&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs@12.22.10-r0%3Farch=ppc64le&distroversion=v3.12&reponame=main

aliases CVE-2021-44533

risk_score 3.4

exploitability 0.5

weighted_severity 6.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ms5y-gp7v-2qay

url VCID-tnhd-rr89-9udh

vulnerability_id VCID-tnhd-rr89-9udh

summary

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
The parse function in llhttp ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22960.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22960.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-22960

reference_id

reference_type

scores

value	0.00229
scoring_system	epss
scoring_elements	0.45642
published_at	2026-04-01T12:55:00Z

value	0.00229
scoring_system	epss
scoring_elements	0.45779
published_at	2026-04-16T12:55:00Z

value	0.00229
scoring_system	epss
scoring_elements	0.45751
published_at	2026-04-11T12:55:00Z

value	0.00229
scoring_system	epss
scoring_elements	0.45721
published_at	2026-04-12T12:55:00Z

value	0.00229
scoring_system	epss
scoring_elements	0.45709
published_at	2026-04-02T12:55:00Z

value	0.00229
scoring_system	epss
scoring_elements	0.45729
published_at	2026-04-13T12:55:00Z

value	0.00229
scoring_system	epss
scoring_elements	0.45677
published_at	2026-04-07T12:55:00Z

value	0.00229
scoring_system	epss
scoring_elements	0.45733
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-22960

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://hackerone.com/reports/1238099
reference_id
reference_type
scores
url	https://hackerone.com/reports/1238099

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2014059
reference_id	2014059
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2014059

reference_url	https://security.archlinux.org/ASA-202110-4
reference_id	ASA-202110-4
reference_type
scores
url	https://security.archlinux.org/ASA-202110-4

reference_url

https://security.archlinux.org/AVG-2460

reference_id

AVG-2460

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2460

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2021-22960
reference_id	CVE-2021-22960
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2021-22960

reference_url	https://security.gentoo.org/glsa/202405-29
reference_id	GLSA-202405-29
reference_type
scores
url	https://security.gentoo.org/glsa/202405-29

reference_url	https://access.redhat.com/errata/RHSA-2021:5171
reference_id	RHSA-2021:5171
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:5171

reference_url	https://access.redhat.com/errata/RHSA-2022:0041
reference_id	RHSA-2022:0041
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0041

reference_url	https://access.redhat.com/errata/RHSA-2022:0246
reference_id	RHSA-2022:0246
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0246

reference_url	https://access.redhat.com/errata/RHSA-2022:0350
reference_id	RHSA-2022:0350
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0350

reference_url	https://access.redhat.com/errata/RHSA-2022:4914
reference_id	RHSA-2022:4914
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:4914

fixed_packages

url	pkg:apk/alpine/nodejs@12.22.10-r0?arch=ppc64le&distroversion=v3.12&reponame=main
purl	pkg:apk/alpine/nodejs@12.22.10-r0?arch=ppc64le&distroversion=v3.12&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs@12.22.10-r0%3Farch=ppc64le&distroversion=v3.12&reponame=main

aliases CVE-2021-22960

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tnhd-rr89-9udh

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs@12.22.10-r0%3Farch=ppc64le&distroversion=v3.12&reponame=main

Package Instance