Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/microlight@0.0.2
Typenpm
Namespace
Namemicrolight
Version0.0.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-53n8-7fvn-57e9
vulnerability_id VCID-53n8-7fvn-57e9
summary A NULL pointer dereference vulnerability has been identified in the JavaScript library microlight version 0.0.7, a lightweight syntax highlighting library. When processing elements with non-standard CSS color values, the library fails to validate the result of a regular expression match before accessing its properties, leading to an uncaught TypeError and potential application crash. NOTE: this is disputed by multiple parties because there is no common scenario in which an adversary can insert those non-standard values.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-45525
reference_id
reference_type
scores
0
value 0.00084
scoring_system epss
scoring_elements 0.24506
published_at 2026-06-11T12:55:00Z
1
value 0.00084
scoring_system epss
scoring_elements 0.24698
published_at 2026-06-14T12:55:00Z
2
value 0.00084
scoring_system epss
scoring_elements 0.24712
published_at 2026-06-13T12:55:00Z
3
value 0.00084
scoring_system epss
scoring_elements 0.24701
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-45525
1
reference_url https://github.com/asvd/microlight
reference_id
reference_type
scores
0
value 1.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/asvd/microlight
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-45525
reference_id
reference_type
scores
0
value 1.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-45525
3
reference_url https://github.com/github/advisory-database/pull/5730
reference_id 5730
reference_type
scores
0
value 2.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 1.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-18T13:20:58Z/
url https://github.com/github/advisory-database/pull/5730
4
reference_url https://gist.github.com/Rootingg/843368931f70886bed3cf982f10a4424
reference_id 843368931f70886bed3cf982f10a4424
reference_type
scores
0
value 2.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 1.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-18T13:20:58Z/
url https://gist.github.com/Rootingg/843368931f70886bed3cf982f10a4424
5
reference_url https://github.com/advisories/GHSA-64x7-m7rh-9m83
reference_id GHSA-64x7-m7rh-9m83
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-64x7-m7rh-9m83
fixed_packages
aliases CVE-2025-45525, GHSA-64x7-m7rh-9m83
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-53n8-7fvn-57e9
1
url VCID-gqau-ar1z-bqb3
vulnerability_id VCID-gqau-ar1z-bqb3
summary A denial of service (DoS) vulnerability has been identified in the JavaScript library microlight version 0.0.7. This library, used for syntax highlighting, does not limit the size of textual content it processes in HTML elements with the microlight class. When excessively large content (e.g., 100 million characters) is processed, the reset function in microlight.js consumes excessive memory and CPU resources, causing browser crashes or unresponsiveness. An attacker can exploit this vulnerability by tricking a user into visiting a malicious web page containing a microlight element with large content, resulting in a denial of service. NOTE: this is disputed by multiple parties because a large amount of memory and CPU resources is expected to be needed for content of that size.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-45526
reference_id
reference_type
scores
0
value 0.00084
scoring_system epss
scoring_elements 0.24712
published_at 2026-06-13T12:55:00Z
1
value 0.00084
scoring_system epss
scoring_elements 0.24698
published_at 2026-06-14T12:55:00Z
2
value 0.00084
scoring_system epss
scoring_elements 0.24506
published_at 2026-06-11T12:55:00Z
3
value 0.00084
scoring_system epss
scoring_elements 0.24701
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-45526
1
reference_url https://github.com/asvd/microlight
reference_id
reference_type
scores
0
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/asvd/microlight
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-45526
reference_id
reference_type
scores
0
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-45526
3
reference_url https://gist.github.com/Rootingg/483b09b760d031b62b172f2153f3ed2a
reference_id 483b09b760d031b62b172f2153f3ed2a
reference_type
scores
0
value 2.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-26T16:10:14Z/
url https://gist.github.com/Rootingg/483b09b760d031b62b172f2153f3ed2a
4
reference_url https://github.com/github/advisory-database/pull/5730
reference_id 5730
reference_type
scores
0
value 2.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-26T16:10:14Z/
url https://github.com/github/advisory-database/pull/5730
5
reference_url https://github.com/advisories/GHSA-wgc6-9f6w-h8hx
reference_id GHSA-wgc6-9f6w-h8hx
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wgc6-9f6w-h8hx
fixed_packages
aliases CVE-2025-45526, GHSA-wgc6-9f6w-h8hx
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gqau-ar1z-bqb3
Fixing_vulnerabilities
Risk_score1.4
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/microlight@0.0.2