Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:npm/dalek-browser-ie@0.0.5

Type npm

Namespace

Name dalek-browser-ie

Version 0.0.5

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url VCID-m1s8-t5r2-nucz

vulnerability_id VCID-m1s8-t5r2-nucz

summary

Cryptographic Issues
dalek-browser-ie is Internet Explorer bindings for DalekJS. dalek-browser-ie downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-10605

reference_id

reference_type

scores

value	0.00518
scoring_system	epss
scoring_elements	0.67054
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-10605

reference_url	https://www.npmjs.com/advisories/209
reference_id
reference_type
scores
url	https://www.npmjs.com/advisories/209

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2016-10605
reference_id	CVE-2016-10605
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2016-10605

reference_url

https://github.com/advisories/GHSA-65q2-x652-xx84

reference_id

GHSA-65q2-x652-xx84

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-65q2-x652-xx84

fixed_packages

aliases CVE-2016-10605, GHSA-65q2-x652-xx84

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m1s8-t5r2-nucz

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:npm/dalek-browser-ie@0.0.5

Package Instance