Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/nanoid@2.1.6
Typenpm
Namespace
Namenanoid
Version2.1.6
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.3.8
Latest_non_vulnerable_version5.0.9
Affected_by_vulnerabilities
0
url VCID-s6f3-3mxh-ekfr
vulnerability_id VCID-s6f3-3mxh-ekfr
summary 
Predictable results in nanoid generation when given non-integer values
When nanoid is called with a fractional value, there were a number of undesirable effects:

1. in browser and non-secure, the code infinite loops on while (size--)
2. in node, the value of poolOffset becomes fractional, causing calls to nanoid to return zeroes until the pool is next filled
3. if the first call in node is a fractional argument, the initial buffer allocation fails with an error

Version 3.3.8 and 5.0.9 are fixed.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-55565.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-55565.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-55565
reference_id
reference_type
scores
0
value 0.00107
scoring_system epss
scoring_elements 0.28741
published_at 2026-04-24T12:55:00Z
1
value 0.00107
scoring_system epss
scoring_elements 0.28887
published_at 2026-04-07T12:55:00Z
2
value 0.00107
scoring_system epss
scoring_elements 0.28931
published_at 2026-04-16T12:55:00Z
3
value 0.00107
scoring_system epss
scoring_elements 0.28907
published_at 2026-04-13T12:55:00Z
4
value 0.00107
scoring_system epss
scoring_elements 0.28956
published_at 2026-04-12T12:55:00Z
5
value 0.00107
scoring_system epss
scoring_elements 0.29001
published_at 2026-04-11T12:55:00Z
6
value 0.00107
scoring_system epss
scoring_elements 0.28997
published_at 2026-04-09T12:55:00Z
7
value 0.00107
scoring_system epss
scoring_elements 0.28955
published_at 2026-04-08T12:55:00Z
8
value 0.00107
scoring_system epss
scoring_elements 0.29028
published_at 2026-04-02T12:55:00Z
9
value 0.00107
scoring_system epss
scoring_elements 0.29078
published_at 2026-04-04T12:55:00Z
10
value 0.00107
scoring_system epss
scoring_elements 0.2886
published_at 2026-04-21T12:55:00Z
11
value 0.00107
scoring_system epss
scoring_elements 0.28906
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-55565
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-55565
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-55565
3
reference_url https://github.com/ai/nanoid
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ai/nanoid
4
reference_url https://github.com/ai/nanoid/compare/3.3.7...3.3.8
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-12T17:19:45Z/
url https://github.com/ai/nanoid/compare/3.3.7...3.3.8
5
reference_url https://github.com/ai/nanoid/pull/510
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-12T17:19:45Z/
url https://github.com/ai/nanoid/pull/510
6
reference_url https://github.com/ai/nanoid/releases/tag/5.0.9
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-12T17:19:45Z/
url https://github.com/ai/nanoid/releases/tag/5.0.9
7
reference_url https://lists.debian.org/debian-lts-announce/2024/12/msg00025.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/12/msg00025.html
8
reference_url https://lists.debian.org/debian-lts-announce/2025/01/msg00006.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/01/msg00006.html
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-55565
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-55565
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2331063
reference_id 2331063
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2331063
11
reference_url https://github.com/advisories/GHSA-mwcw-c2x4-8c55
reference_id GHSA-mwcw-c2x4-8c55
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mwcw-c2x4-8c55
12
reference_url https://access.redhat.com/errata/RHSA-2024:10990
reference_id RHSA-2024:10990
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10990
13
reference_url https://access.redhat.com/errata/RHSA-2025:0079
reference_id RHSA-2025:0079
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0079
14
reference_url https://access.redhat.com/errata/RHSA-2025:0082
reference_id RHSA-2025:0082
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0082
15
reference_url https://access.redhat.com/errata/RHSA-2025:0340
reference_id RHSA-2025:0340
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0340
16
reference_url https://access.redhat.com/errata/RHSA-2025:0654
reference_id RHSA-2025:0654
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0654
17
reference_url https://access.redhat.com/errata/RHSA-2025:0723
reference_id RHSA-2025:0723
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0723
18
reference_url https://access.redhat.com/errata/RHSA-2025:0778
reference_id RHSA-2025:0778
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0778
19
reference_url https://access.redhat.com/errata/RHSA-2025:0785
reference_id RHSA-2025:0785
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0785
20
reference_url https://access.redhat.com/errata/RHSA-2025:0851
reference_id RHSA-2025:0851
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0851
21
reference_url https://access.redhat.com/errata/RHSA-2025:0875
reference_id RHSA-2025:0875
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0875
22
reference_url https://access.redhat.com/errata/RHSA-2025:0892
reference_id RHSA-2025:0892
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0892
23
reference_url https://access.redhat.com/errata/RHSA-2025:1051
reference_id RHSA-2025:1051
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1051
24
reference_url https://access.redhat.com/errata/RHSA-2025:1448
reference_id RHSA-2025:1448
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1448
25
reference_url https://access.redhat.com/errata/RHSA-2025:2652
reference_id RHSA-2025:2652
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2652
26
reference_url https://access.redhat.com/errata/RHSA-2025:3368
reference_id RHSA-2025:3368
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3368
27
reference_url https://access.redhat.com/errata/RHSA-2025:3374
reference_id RHSA-2025:3374
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3374
28
reference_url https://access.redhat.com/errata/RHSA-2025:3397
reference_id RHSA-2025:3397
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3397
29
reference_url https://access.redhat.com/errata/RHSA-2026:2737
reference_id RHSA-2026:2737
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2737
30
reference_url https://access.redhat.com/errata/RHSA-2026:3406
reference_id RHSA-2026:3406
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3406
fixed_packages
0
url pkg:npm/nanoid@3.3.8
purl pkg:npm/nanoid@3.3.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/nanoid@3.3.8
1
url pkg:npm/nanoid@5.0.9
purl pkg:npm/nanoid@5.0.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/nanoid@5.0.9
aliases CVE-2024-55565, GHSA-mwcw-c2x4-8c55
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s6f3-3mxh-ekfr
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/nanoid@2.1.6