Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/%40yaireo/tagify@4.9.8
Typenpm
Namespace@yaireo
Nametagify
Version4.9.8
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version4.9.8
Latest_non_vulnerable_version4.9.8
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-bkrg-f1a5-7bck
vulnerability_id VCID-bkrg-f1a5-7bck
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
This affects the package @yaireo/tagify before 4.9.8. The package is used for rendering UI components inside the input or text fields, and an attacker can pass a malicious placeholder value to it to fire the XSS payload.
references
0
reference_url https://github.com/yairEO/tagify/commit/198c0451fad188390390395ccfc84ab371def4c7
reference_id
reference_type
scores
url https://github.com/yairEO/tagify/commit/198c0451fad188390390395ccfc84ab371def4c7
1
reference_url https://github.com/yairEO/tagify/issues/988
reference_id
reference_type
scores
url https://github.com/yairEO/tagify/issues/988
2
reference_url https://github.com/yairEO/tagify/releases/tag/v4.9.8
reference_id
reference_type
scores
url https://github.com/yairEO/tagify/releases/tag/v4.9.8
3
reference_url https://snyk.io/vuln/SNYK-JS-YAIREOTAGIFY-2404358
reference_id
reference_type
scores
url https://snyk.io/vuln/SNYK-JS-YAIREOTAGIFY-2404358
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25854
reference_id CVE-2022-25854
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-25854
5
reference_url https://github.com/advisories/GHSA-pxpf-v376-7xx5
reference_id GHSA-pxpf-v376-7xx5
reference_type
scores
url https://github.com/advisories/GHSA-pxpf-v376-7xx5
fixed_packages
0
url pkg:npm/%40yaireo/tagify@4.9.8
purl pkg:npm/%40yaireo/tagify@4.9.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540yaireo/tagify@4.9.8
aliases CVE-2022-25854, GHSA-pxpf-v376-7xx5
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bkrg-f1a5-7bck
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/%2540yaireo/tagify@4.9.8