Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/83403?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/83403?format=api", "purl": "pkg:ebuild/net-libs/nodejs@12.15.0", "type": "ebuild", "namespace": "net-libs", "name": "nodejs", "version": "12.15.0", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "12.20.1", "latest_non_vulnerable_version": "22.13.1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57383?format=api", "vulnerability_id": "VCID-1bhj-vafz-4ya8", "summary": "Multiple vulnerabilities have been found in Node.js, worst of which\n could allow remote attackers to write arbitrary files.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12122.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12122.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12122", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02342", "scoring_system": "epss", "scoring_elements": "0.84914", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.02342", "scoring_system": "epss", "scoring_elements": "0.8489", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02342", "scoring_system": "epss", "scoring_elements": "0.84887", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02716", "scoring_system": "epss", "scoring_elements": "0.85929", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02716", "scoring_system": "epss", "scoring_elements": "0.85924", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02716", "scoring_system": "epss", "scoring_elements": "0.85943", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.03643", "scoring_system": "epss", "scoring_elements": "0.87866", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0549", "scoring_system": "epss", "scoring_elements": "0.90175", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0549", "scoring_system": "epss", "scoring_elements": "0.90178", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0549", "scoring_system": "epss", "scoring_elements": "0.90195", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0549", "scoring_system": "epss", "scoring_elements": "0.90211", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0549", "scoring_system": "epss", "scoring_elements": "0.90217", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0549", "scoring_system": "epss", "scoring_elements": "0.9019", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12122" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12122", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12122" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1661005", "reference_id": "1661005", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1661005" }, { "reference_url": "https://usn.ubuntu.com/USN-4796-1/", "reference_id": "USN-USN-4796-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4796-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83403?format=api", "purl": "pkg:ebuild/net-libs/nodejs@12.15.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/nodejs@12.15.0" } ], "aliases": [ "CVE-2018-12122" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1bhj-vafz-4ya8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57385?format=api", "vulnerability_id": "VCID-3vdn-6af1-k3g6", "summary": "Multiple vulnerabilities have been found in Node.js, worst of which\n could allow remote attackers to write arbitrary files.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7161.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7161.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7161", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01092", "scoring_system": "epss", "scoring_elements": "0.779", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01092", "scoring_system": "epss", "scoring_elements": "0.78017", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01092", "scoring_system": "epss", "scoring_elements": "0.77992", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01092", "scoring_system": "epss", "scoring_elements": "0.77991", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01092", "scoring_system": "epss", "scoring_elements": "0.77984", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01092", "scoring_system": "epss", "scoring_elements": "0.77907", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01092", "scoring_system": "epss", "scoring_elements": "0.77934", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01092", "scoring_system": "epss", "scoring_elements": "0.77917", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01092", "scoring_system": "epss", "scoring_elements": "0.77944", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01092", "scoring_system": "epss", "scoring_elements": "0.77948", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01092", "scoring_system": "epss", "scoring_elements": "0.77975", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01092", "scoring_system": "epss", "scoring_elements": "0.77959", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01092", "scoring_system": "epss", "scoring_elements": "0.77957", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7161" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7161", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7161" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/" }, { "reference_url": "https://security.gentoo.org/glsa/202003-48", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-48" }, { "reference_url": "http://www.securityfocus.com/bid/106363", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/106363" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591013", "reference_id": "1591013", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591013" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7161", "reference_id": "CVE-2018-7161", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:C" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7161" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2949", "reference_id": "RHSA-2018:2949", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2949" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83403?format=api", "purl": "pkg:ebuild/net-libs/nodejs@12.15.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/nodejs@12.15.0" } ], "aliases": [ "CVE-2018-7161" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3vdn-6af1-k3g6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57389?format=api", "vulnerability_id": "VCID-4dhf-bpv6-a3e1", "summary": "Multiple vulnerabilities have been found in Node.js, worst of which\n could allow remote attackers to write arbitrary files.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15604.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15604.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15604", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03533", "scoring_system": "epss", "scoring_elements": "0.87611", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03533", "scoring_system": "epss", "scoring_elements": "0.87621", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03533", "scoring_system": "epss", "scoring_elements": "0.87634", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03533", "scoring_system": "epss", "scoring_elements": "0.87636", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03533", "scoring_system": "epss", "scoring_elements": "0.87656", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03533", "scoring_system": "epss", "scoring_elements": "0.87662", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03533", "scoring_system": "epss", "scoring_elements": "0.87673", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03533", "scoring_system": "epss", "scoring_elements": "0.87669", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03533", "scoring_system": "epss", "scoring_elements": "0.87666", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03533", "scoring_system": "epss", "scoring_elements": "0.87681", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.03533", "scoring_system": "epss", "scoring_elements": "0.87678", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.03533", "scoring_system": "epss", "scoring_elements": "0.87696", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15604" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800367", "reference_id": "1800367", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0598", "reference_id": "RHSA-2020:0598", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0598" }, { "reference_url": "https://usn.ubuntu.com/6380-1/", "reference_id": "USN-6380-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6380-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83403?format=api", "purl": "pkg:ebuild/net-libs/nodejs@12.15.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/nodejs@12.15.0" } ], "aliases": [ "CVE-2019-15604" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4dhf-bpv6-a3e1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57387?format=api", "vulnerability_id": "VCID-4khc-2nz3-ckhr", "summary": "Multiple vulnerabilities have been found in Node.js, worst of which\n could allow remote attackers to write arbitrary files.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7164.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7164.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7164", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01074", "scoring_system": "epss", "scoring_elements": "0.77708", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01074", "scoring_system": "epss", "scoring_elements": "0.7783", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01074", "scoring_system": "epss", "scoring_elements": "0.77804", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01074", "scoring_system": "epss", "scoring_elements": "0.77798", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01074", "scoring_system": "epss", "scoring_elements": "0.77715", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01074", "scoring_system": "epss", "scoring_elements": "0.77742", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01074", "scoring_system": "epss", "scoring_elements": "0.77725", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01074", "scoring_system": "epss", "scoring_elements": "0.77753", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01074", "scoring_system": "epss", "scoring_elements": "0.77758", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01074", "scoring_system": "epss", "scoring_elements": "0.77785", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01074", "scoring_system": "epss", "scoring_elements": "0.77769", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01074", "scoring_system": "epss", "scoring_elements": "0.77768", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01074", "scoring_system": "epss", "scoring_elements": "0.77805", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7164" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/" }, { "reference_url": "https://security.gentoo.org/glsa/202003-48", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-48" }, { "reference_url": "http://www.securityfocus.com/bid/104463", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/104463" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591023", "reference_id": "1591023", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591023" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7164", "reference_id": "CVE-2018-7164", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7164" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83403?format=api", "purl": "pkg:ebuild/net-libs/nodejs@12.15.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/nodejs@12.15.0" } ], "aliases": [ "CVE-2018-7164" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4khc-2nz3-ckhr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57393?format=api", "vulnerability_id": "VCID-9tvd-qsp8-byfx", "summary": "Multiple vulnerabilities have been found in Node.js, worst of which\n could allow remote attackers to write arbitrary files.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5739.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5739.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5739", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.54291", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.5436", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.54411", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.54416", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.54397", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.54311", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.54341", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.54316", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.54368", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.54363", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.54412", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.54394", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.54372", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5739" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5739", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5739" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/" }, { "reference_url": "https://security.gentoo.org/glsa/202003-48", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-48" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190502-0008/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20190502-0008/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1690798", "reference_id": "1690798", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1690798" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5739", "reference_id": "CVE-2019-5739", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5739" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83403?format=api", "purl": "pkg:ebuild/net-libs/nodejs@12.15.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/nodejs@12.15.0" } ], "aliases": [ "CVE-2019-5739" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9tvd-qsp8-byfx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57384?format=api", "vulnerability_id": "VCID-9v22-ened-4bg2", "summary": "Multiple vulnerabilities have been found in Node.js, worst of which\n could allow remote attackers to write arbitrary files.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12123.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12123.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12123", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03942", "scoring_system": "epss", "scoring_elements": "0.8837", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.03942", "scoring_system": "epss", "scoring_elements": "0.88354", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.03942", "scoring_system": "epss", "scoring_elements": "0.88353", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.04555", "scoring_system": "epss", "scoring_elements": "0.89151", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.04555", "scoring_system": "epss", "scoring_elements": "0.89169", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.04555", "scoring_system": "epss", "scoring_elements": "0.89187", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.04555", "scoring_system": "epss", "scoring_elements": "0.89192", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.04555", "scoring_system": "epss", "scoring_elements": "0.89202", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.04555", "scoring_system": "epss", "scoring_elements": "0.89198", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.04555", "scoring_system": "epss", "scoring_elements": "0.89195", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04555", "scoring_system": "epss", "scoring_elements": "0.89208", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.04555", "scoring_system": "epss", "scoring_elements": "0.89144", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.04555", "scoring_system": "epss", "scoring_elements": "0.89166", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12123" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12123", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12123" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1661010", "reference_id": "1661010", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1661010" }, { "reference_url": "https://usn.ubuntu.com/USN-4796-1/", "reference_id": "USN-USN-4796-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4796-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83403?format=api", "purl": "pkg:ebuild/net-libs/nodejs@12.15.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/nodejs@12.15.0" } ], "aliases": [ "CVE-2018-12123" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9v22-ened-4bg2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57381?format=api", "vulnerability_id": "VCID-f7ch-ze7a-d7gr", "summary": "Multiple vulnerabilities have been found in Node.js, worst of which\n could allow remote attackers to write arbitrary files.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12116.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12116.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12116", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00531", "scoring_system": "epss", "scoring_elements": "0.67314", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00531", "scoring_system": "epss", "scoring_elements": "0.67315", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00531", "scoring_system": "epss", "scoring_elements": "0.67294", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00619", "scoring_system": "epss", "scoring_elements": "0.69929", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00619", "scoring_system": "epss", "scoring_elements": "0.69922", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00619", "scoring_system": "epss", "scoring_elements": "0.6997", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00619", "scoring_system": "epss", "scoring_elements": "0.69987", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00619", "scoring_system": "epss", "scoring_elements": "0.7001", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00619", "scoring_system": "epss", "scoring_elements": "0.69995", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00619", "scoring_system": "epss", "scoring_elements": "0.69981", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00619", "scoring_system": "epss", "scoring_elements": "0.70024", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00619", "scoring_system": "epss", "scoring_elements": "0.69917", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00619", "scoring_system": "epss", "scoring_elements": "0.69944", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12116" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12116", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12116" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1660998", "reference_id": "1660998", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1660998" }, { "reference_url": "https://usn.ubuntu.com/USN-4796-1/", "reference_id": "USN-USN-4796-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4796-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83403?format=api", "purl": "pkg:ebuild/net-libs/nodejs@12.15.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/nodejs@12.15.0" } ], "aliases": [ "CVE-2018-12116" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f7ch-ze7a-d7gr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57390?format=api", "vulnerability_id": "VCID-ke6j-fgys-gyga", "summary": "Multiple vulnerabilities have been found in Node.js, worst of which\n could allow remote attackers to write arbitrary files.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15605.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15605.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15605", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.32252", "scoring_system": "epss", "scoring_elements": "0.96807", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.32252", "scoring_system": "epss", "scoring_elements": "0.96815", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.32252", "scoring_system": "epss", "scoring_elements": "0.96816", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.32252", "scoring_system": "epss", "scoring_elements": "0.9682", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.32252", "scoring_system": "epss", "scoring_elements": "0.96828", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.32252", "scoring_system": "epss", "scoring_elements": "0.9683", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.32252", "scoring_system": "epss", "scoring_elements": "0.96832", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.32252", "scoring_system": "epss", "scoring_elements": "0.96834", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.32252", "scoring_system": "epss", "scoring_elements": "0.9684", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.32252", "scoring_system": "epss", "scoring_elements": "0.96844", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.32252", "scoring_system": "epss", "scoring_elements": "0.96846", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15605" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800364", "reference_id": "1800364", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800364" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977467", "reference_id": "977467", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977467" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0598", "reference_id": "RHSA-2020:0598", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0598" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0703", "reference_id": "RHSA-2020:0703", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0703" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0707", "reference_id": "RHSA-2020:0707", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0707" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0708", "reference_id": "RHSA-2020:0708", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0708" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1510", "reference_id": "RHSA-2020:1510", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1510" }, { "reference_url": "https://usn.ubuntu.com/6380-1/", "reference_id": "USN-6380-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6380-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83403?format=api", "purl": "pkg:ebuild/net-libs/nodejs@12.15.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/nodejs@12.15.0" } ], "aliases": [ "CVE-2019-15605" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ke6j-fgys-gyga" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57386?format=api", "vulnerability_id": "VCID-r8jj-tkxd-5qg8", "summary": "Multiple vulnerabilities have been found in Node.js, worst of which\n could allow remote attackers to write arbitrary files.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7162.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7162.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7162", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01017", "scoring_system": "epss", "scoring_elements": "0.77114", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01017", "scoring_system": "epss", "scoring_elements": "0.77243", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01017", "scoring_system": "epss", "scoring_elements": "0.77216", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01017", "scoring_system": "epss", "scoring_elements": "0.77208", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01017", "scoring_system": "epss", "scoring_elements": "0.7712", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01017", "scoring_system": "epss", "scoring_elements": "0.77149", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01017", "scoring_system": "epss", "scoring_elements": "0.77131", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01017", "scoring_system": "epss", "scoring_elements": "0.77164", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01017", "scoring_system": "epss", "scoring_elements": "0.77173", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01017", "scoring_system": "epss", "scoring_elements": "0.772", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01017", "scoring_system": "epss", "scoring_elements": "0.77179", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01017", "scoring_system": "epss", "scoring_elements": "0.77175", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01017", "scoring_system": "epss", "scoring_elements": "0.77215", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7162" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7162", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7162" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/" }, { "reference_url": "https://security.gentoo.org/glsa/202003-48", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-48" }, { "reference_url": "http://www.securityfocus.com/bid/104468", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/104468" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591018", "reference_id": "1591018", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591018" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7162", "reference_id": "CVE-2018-7162", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:C" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7162" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83403?format=api", "purl": "pkg:ebuild/net-libs/nodejs@12.15.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/nodejs@12.15.0" } ], "aliases": [ "CVE-2018-7162" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r8jj-tkxd-5qg8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57388?format=api", "vulnerability_id": "VCID-rhxy-h93e-y3d4", "summary": "Multiple vulnerabilities have been found in Node.js, worst of which\n could allow remote attackers to write arbitrary files.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7167.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7167.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7167", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00756", "scoring_system": "epss", "scoring_elements": "0.73333", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00756", "scoring_system": "epss", "scoring_elements": "0.73283", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00756", "scoring_system": "epss", "scoring_elements": "0.73262", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00756", "scoring_system": "epss", "scoring_elements": "0.73255", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00756", "scoring_system": "epss", "scoring_elements": "0.73298", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00756", "scoring_system": "epss", "scoring_elements": "0.73307", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00756", "scoring_system": "epss", "scoring_elements": "0.73299", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00815", "scoring_system": "epss", "scoring_elements": "0.74292", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00815", "scoring_system": "epss", "scoring_elements": "0.74239", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00815", "scoring_system": "epss", "scoring_elements": "0.74244", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00815", "scoring_system": "epss", "scoring_elements": "0.74271", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00815", "scoring_system": "epss", "scoring_elements": "0.74277", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7167" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7167", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7167" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/" }, { "reference_url": "https://security.gentoo.org/glsa/202003-48", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-48" }, { "reference_url": "http://www.securityfocus.com/bid/106363", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/106363" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591006", "reference_id": "1591006", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591006" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7167", "reference_id": "CVE-2018-7167", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7167" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2949", "reference_id": "RHSA-2018:2949", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2949" }, { "reference_url": "https://usn.ubuntu.com/USN-4796-1/", "reference_id": "USN-USN-4796-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4796-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83403?format=api", "purl": "pkg:ebuild/net-libs/nodejs@12.15.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/nodejs@12.15.0" } ], "aliases": [ "CVE-2018-7167" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rhxy-h93e-y3d4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57380?format=api", "vulnerability_id": "VCID-tqg7-dw5d-z3et", "summary": "Multiple vulnerabilities have been found in Node.js, worst of which\n could allow remote attackers to write arbitrary files.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12115.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12115.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12115", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00797", "scoring_system": "epss", "scoring_elements": "0.73956", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00797", "scoring_system": "epss", "scoring_elements": "0.73963", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00797", "scoring_system": "epss", "scoring_elements": "0.73988", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00797", "scoring_system": "epss", "scoring_elements": "0.73959", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00797", "scoring_system": "epss", "scoring_elements": "0.73993", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00797", "scoring_system": "epss", "scoring_elements": "0.74007", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00797", "scoring_system": "epss", "scoring_elements": "0.74029", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00797", "scoring_system": "epss", "scoring_elements": "0.74011", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00797", "scoring_system": "epss", "scoring_elements": "0.74004", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00797", "scoring_system": "epss", "scoring_elements": "0.74043", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00797", "scoring_system": "epss", "scoring_elements": "0.74052", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00797", "scoring_system": "epss", "scoring_elements": "0.74044", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00797", "scoring_system": "epss", "scoring_elements": "0.74076", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12115" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12115", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12115" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1620219", "reference_id": "1620219", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1620219" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2552", "reference_id": "RHSA-2018:2552", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2552" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2553", "reference_id": "RHSA-2018:2553", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2553" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2944", "reference_id": "RHSA-2018:2944", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2944" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2949", "reference_id": "RHSA-2018:2949", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2949" }, { "reference_url": "https://usn.ubuntu.com/USN-4796-1/", "reference_id": "USN-USN-4796-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4796-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83403?format=api", "purl": "pkg:ebuild/net-libs/nodejs@12.15.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/nodejs@12.15.0" } ], "aliases": [ "CVE-2018-12115" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tqg7-dw5d-z3et" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57392?format=api", "vulnerability_id": "VCID-us11-vy4j-pfd2", "summary": "Multiple vulnerabilities have been found in Node.js, worst of which\n could allow remote attackers to write arbitrary files.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00059.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00059.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1821", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1821" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5737.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5737.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5737", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.26351", "scoring_system": "epss", "scoring_elements": "0.96272", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.26351", "scoring_system": "epss", "scoring_elements": "0.96326", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.26351", "scoring_system": "epss", "scoring_elements": "0.96319", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.26351", "scoring_system": "epss", "scoring_elements": "0.96323", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.26351", "scoring_system": "epss", "scoring_elements": "0.96325", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.26351", "scoring_system": "epss", "scoring_elements": "0.96279", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.26351", "scoring_system": "epss", "scoring_elements": "0.96287", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.26351", "scoring_system": "epss", "scoring_elements": "0.96291", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.26351", "scoring_system": "epss", "scoring_elements": "0.963", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.26351", "scoring_system": "epss", "scoring_elements": "0.96303", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.26351", "scoring_system": "epss", "scoring_elements": "0.96307", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.26351", "scoring_system": "epss", "scoring_elements": "0.9631", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5737" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5737", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5737" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/" }, { "reference_url": "https://security.gentoo.org/glsa/202003-48", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-48" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190502-0008/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20190502-0008/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1690808", "reference_id": "1690808", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1690808" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5737", "reference_id": "CVE-2019-5737", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5737" }, { "reference_url": "https://usn.ubuntu.com/USN-4796-1/", "reference_id": "USN-USN-4796-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4796-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83403?format=api", "purl": "pkg:ebuild/net-libs/nodejs@12.15.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/nodejs@12.15.0" } ], "aliases": [ "CVE-2019-5737" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-us11-vy4j-pfd2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57391?format=api", "vulnerability_id": "VCID-wpfq-sq11-fqa9", "summary": "Multiple vulnerabilities have been found in Node.js, worst of which\n could allow remote attackers to write arbitrary files.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15606.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15606.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15606", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01338", "scoring_system": "epss", "scoring_elements": "0.79948", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01338", "scoring_system": "epss", "scoring_elements": "0.79955", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01338", "scoring_system": "epss", "scoring_elements": "0.79976", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01338", "scoring_system": "epss", "scoring_elements": "0.79965", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01338", "scoring_system": "epss", "scoring_elements": "0.79993", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01338", "scoring_system": "epss", "scoring_elements": "0.80002", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01338", "scoring_system": "epss", "scoring_elements": "0.80022", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01338", "scoring_system": "epss", "scoring_elements": "0.80006", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01338", "scoring_system": "epss", "scoring_elements": "0.79998", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01338", "scoring_system": "epss", "scoring_elements": "0.80027", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01338", "scoring_system": "epss", "scoring_elements": "0.80026", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01338", "scoring_system": "epss", "scoring_elements": "0.80028", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01338", "scoring_system": "epss", "scoring_elements": "0.80055", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15606" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800366", "reference_id": "1800366", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800366" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0598", "reference_id": "RHSA-2020:0598", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0598" }, { "reference_url": "https://usn.ubuntu.com/6380-1/", "reference_id": "USN-6380-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6380-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83403?format=api", "purl": "pkg:ebuild/net-libs/nodejs@12.15.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/nodejs@12.15.0" } ], "aliases": [ "CVE-2019-15606" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wpfq-sq11-fqa9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50572?format=api", "vulnerability_id": "VCID-xja2-hbkk-cyc7", "summary": "npm Vulnerable to Global node_modules Binary Overwrite\nVersions of the npm CLI prior to 6.13.4 are vulnerable to a Global node_modules Binary Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. \n\nFor example, if a package was installed globally and created a `serve` binary, any subsequent installs of packages that also create a `serve` binary would overwrite the first binary. This will not overwrite system binaries but only binaries put into the global node_modules directory.\n\nThis behavior is still allowed in local installations and also through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.\n\n\n## Recommendation\n\nUpgrade to version 6.13.4 or later.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html" }, { "reference_url": "https://access.redhat.com/errata/RHEA-2020:0330", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHEA-2020:0330" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0573", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2020:0573" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0579", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2020:0579" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0597", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2020:0597" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0602", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2020:0602" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16777.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16777.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-16777", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00334", "scoring_system": "epss", "scoring_elements": "0.56181", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00334", "scoring_system": "epss", "scoring_elements": "0.56289", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00334", "scoring_system": "epss", "scoring_elements": "0.56256", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00334", "scoring_system": "epss", "scoring_elements": "0.56274", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00334", "scoring_system": "epss", "scoring_elements": "0.56299", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00334", "scoring_system": "epss", "scoring_elements": "0.56288", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00334", "scoring_system": "epss", "scoring_elements": "0.56283", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00334", "scoring_system": "epss", "scoring_elements": "0.56231", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00334", "scoring_system": "epss", "scoring_elements": "0.56251", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00334", "scoring_system": "epss", "scoring_elements": "0.56232", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00334", "scoring_system": "epss", "scoring_elements": "0.56121", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00334", "scoring_system": "epss", "scoring_elements": "0.56257", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-16777" }, { "reference_url": "https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16777" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-4328-8hgf-7wjr", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4328-8hgf-7wjr" }, { "reference_url": "https://github.com/npm/cli", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/npm/cli" }, { "reference_url": "https://github.com/npm/cli/security/advisories/GHSA-4328-8hgf-7wjr", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/npm/cli/security/advisories/GHSA-4328-8hgf-7wjr" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16777", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16777" }, { "reference_url": "https://security.gentoo.org/glsa/202003-48", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202003-48" }, { "reference_url": "https://www.npmjs.com/advisories/1437", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.npmjs.com/advisories/1437" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788301", "reference_id": "1788301", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788301" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947127", "reference_id": "947127", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947127" }, { "reference_url": "https://security.archlinux.org/AVG-1082", "reference_id": "AVG-1082", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1082" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2625", "reference_id": "RHSA-2020:2625", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2625" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83403?format=api", "purl": "pkg:ebuild/net-libs/nodejs@12.15.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/nodejs@12.15.0" } ], "aliases": [ "CVE-2019-16777", "GHSA-4328-8hgf-7wjr" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xja2-hbkk-cyc7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57382?format=api", "vulnerability_id": "VCID-zrbm-htvv-eke9", "summary": "Multiple vulnerabilities have been found in Node.js, worst of which\n could allow remote attackers to write arbitrary files.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12121.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12121.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12121", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05774", "scoring_system": "epss", "scoring_elements": "0.90509", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.05774", "scoring_system": "epss", "scoring_elements": "0.90497", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.05774", "scoring_system": "epss", "scoring_elements": "0.90496", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.06647", "scoring_system": "epss", "scoring_elements": "0.91228", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.08466", "scoring_system": "epss", "scoring_elements": "0.92338", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.08466", "scoring_system": "epss", "scoring_elements": "0.92349", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.08466", "scoring_system": "epss", "scoring_elements": "0.92354", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.08466", "scoring_system": "epss", "scoring_elements": "0.92359", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.08466", "scoring_system": "epss", "scoring_elements": "0.92361", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.08466", "scoring_system": "epss", "scoring_elements": "0.92321", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.08466", "scoring_system": "epss", "scoring_elements": "0.92328", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.08466", "scoring_system": "epss", "scoring_elements": "0.92334", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12121" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12121", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12121" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1661002", "reference_id": "1661002", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1661002" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2258", "reference_id": "RHSA-2019:2258", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2258" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3497", "reference_id": "RHSA-2019:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3497" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83403?format=api", "purl": "pkg:ebuild/net-libs/nodejs@12.15.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/nodejs@12.15.0" } ], "aliases": [ "CVE-2018-12121" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zrbm-htvv-eke9" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/nodejs@12.15.0" }