Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/npm@7.5.6
Typenpm
Namespace
Namenpm
Version7.5.6
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-qyqn-hwvx-k7gs
vulnerability_id VCID-qyqn-hwvx-k7gs
summary 
Duplicate Advisory: npm cli Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
### Duplicate Advisory
This advisory has been withdrawn because describes a dependency bump and therefore, per [CVE CNA rule 4.1.12](https://www.cve.org/ResourcesSupport/AllResources/CNARules/#section_4-1_Vulnerability_Determination), is a duplicate of GHSA-34x7-hfp2-rc4v/CVE-2026-24842. Additionally, per https://github.com/npm/cli/issues/8939#issuecomment-3862719883, npm cli should not be listed as an affected product. This link is maintained to preserve external references.

### Original Description
npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

The specific flaw exists within the handling of modules. The application loads modules from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of a target user.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0775.json
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0775.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-0775
reference_id
reference_type
scores
0
value 0.0001
scoring_system epss
scoring_elements 0.01109
published_at 2026-04-16T12:55:00Z
1
value 0.0001
scoring_system epss
scoring_elements 0.01118
published_at 2026-04-13T12:55:00Z
2
value 0.0001
scoring_system epss
scoring_elements 0.01116
published_at 2026-04-12T12:55:00Z
3
value 0.0001
scoring_system epss
scoring_elements 0.01121
published_at 2026-04-18T12:55:00Z
4
value 0.0001
scoring_system epss
scoring_elements 0.01137
published_at 2026-04-09T12:55:00Z
5
value 0.0001
scoring_system epss
scoring_elements 0.01131
published_at 2026-04-07T12:55:00Z
6
value 0.0001
scoring_system epss
scoring_elements 0.01125
published_at 2026-04-04T12:55:00Z
7
value 0.0001
scoring_system epss
scoring_elements 0.01122
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-0775
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0775
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0775
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/npm/cli
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/npm/cli
5
reference_url https://github.com/npm/cli/issues/8939
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/npm/cli/issues/8939
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-0775
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-0775
7
reference_url https://www.zerodayinitiative.com/advisories/ZDI-26-043
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.zerodayinitiative.com/advisories/ZDI-26-043
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126756
reference_id 1126756
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126756
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2432280
reference_id 2432280
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2432280
10
reference_url https://github.com/advisories/GHSA-3966-f6p6-2qr9
reference_id GHSA-3966-f6p6-2qr9
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3966-f6p6-2qr9
11
reference_url https://www.zerodayinitiative.com/advisories/ZDI-26-043/
reference_id ZDI-26-043
reference_type
scores
0
value 7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-24T04:55:29Z/
url https://www.zerodayinitiative.com/advisories/ZDI-26-043/
fixed_packages
aliases CVE-2026-0775, GHSA-3966-f6p6-2qr9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qyqn-hwvx-k7gs
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/npm@7.5.6