Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/npm@11.8.0
Typenpm
Namespace
Namenpm
Version11.8.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-bjt5-tewy-r7dq
vulnerability_id VCID-bjt5-tewy-r7dq
summary 
Duplicate Advisory: npm cli Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
### Duplicate Advisory
This advisory has been withdrawn because describes a dependency bump and therefore, per [CVE CNA rule 4.1.12](https://www.cve.org/ResourcesSupport/AllResources/CNARules/#section_4-1_Vulnerability_Determination), is a duplicate of GHSA-34x7-hfp2-rc4v/CVE-2026-24842. Additionally, per https://github.com/npm/cli/issues/8939#issuecomment-3862719883, npm cli should not be listed as an affected product. This link is maintained to preserve external references.

### Original Description
npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

The specific flaw exists within the handling of modules. The application loads modules from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of a target user.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0775.json
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0775.json
1
reference_url https://github.com/npm/cli
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/npm/cli
2
reference_url https://github.com/npm/cli/issues/8939
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/npm/cli/issues/8939
3
reference_url https://www.zerodayinitiative.com/advisories/ZDI-26-043
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.zerodayinitiative.com/advisories/ZDI-26-043
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126756
reference_id 1126756
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126756
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2432280
reference_id 2432280
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2432280
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-0775
reference_id CVE-2026-0775
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-0775
7
reference_url https://github.com/advisories/GHSA-3966-f6p6-2qr9
reference_id GHSA-3966-f6p6-2qr9
reference_type
scores
url https://github.com/advisories/GHSA-3966-f6p6-2qr9
fixed_packages
aliases CVE-2026-0775, GHSA-3966-f6p6-2qr9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bjt5-tewy-r7dq
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/npm@11.8.0