Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/node-ua-parser-js@0.8.1%2Bds%2B~0.7.36-3?distro=trixie

Type deb

Namespace debian

Name node-ua-parser-js

Version 0.8.1+ds+~0.7.36-3

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-6c98-q4en-3uek

vulnerability_id VCID-6c98-q4en-3uek

summary

ua-parser-js Regular Expression Denial of Service vulnerability
The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service (ReDoS) in multiple regexes (see linked commit for more info).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7793.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7793.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-7793

reference_id

reference_type

scores

value	0.02644
scoring_system	epss
scoring_elements	0.85745
published_at	2026-04-21T12:55:00Z

value	0.02644
scoring_system	epss
scoring_elements	0.85752
published_at	2026-04-18T12:55:00Z

value	0.02644
scoring_system	epss
scoring_elements	0.85747
published_at	2026-04-16T12:55:00Z

value	0.02644
scoring_system	epss
scoring_elements	0.85729
published_at	2026-04-13T12:55:00Z

value	0.02644
scoring_system	epss
scoring_elements	0.85733
published_at	2026-04-12T12:55:00Z

value	0.02644
scoring_system	epss
scoring_elements	0.85654
published_at	2026-04-01T12:55:00Z

value	0.02644
scoring_system	epss
scoring_elements	0.85721
published_at	2026-04-09T12:55:00Z

value	0.02644
scoring_system	epss
scoring_elements	0.8571
published_at	2026-04-08T12:55:00Z

value	0.02644
scoring_system	epss
scoring_elements	0.85691
published_at	2026-04-07T12:55:00Z

value	0.02644
scoring_system	epss
scoring_elements	0.85684
published_at	2026-04-04T12:55:00Z

value	0.02644
scoring_system	epss
scoring_elements	0.85667
published_at	2026-04-02T12:55:00Z

value	0.02644
scoring_system	epss
scoring_elements	0.85737
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-7793

reference_url

https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7793
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7793

reference_url

https://github.com/faisalman/ua-parser-js/commit/6d1f26df051ba681463ef109d36c9cf0f7e32b18

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/faisalman/ua-parser-js/commit/6d1f26df051ba681463ef109d36c9cf0f7e32b18

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-7793

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-7793

reference_url

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBFAISALMAN-1050388

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBFAISALMAN-1050388

reference_url

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1050387

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1050387

reference_url

https://snyk.io/vuln/SNYK-JS-UAPARSERJS-1023599

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JS-UAPARSERJS-1023599

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1907451
reference_id	1907451
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1907451

reference_url

https://github.com/advisories/GHSA-394c-5j6w-4xmx

reference_id

GHSA-394c-5j6w-4xmx

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-394c-5j6w-4xmx

fixed_packages

url	pkg:deb/debian/node-ua-parser-js@0.7.23%2Bds-1?distro=trixie
purl	pkg:deb/debian/node-ua-parser-js@0.7.23%2Bds-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-ua-parser-js@0.7.23%252Bds-1%3Fdistro=trixie

url pkg:deb/debian/node-ua-parser-js@0.7.24%2Bds-1?distro=trixie

purl pkg:deb/debian/node-ua-parser-js@0.7.24%2Bds-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jzj3-ddrr-u7hd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-ua-parser-js@0.7.24%252Bds-1%3Fdistro=trixie

url	pkg:deb/debian/node-ua-parser-js@0.8.1%2Bds%2B~0.7.36-3?distro=trixie
purl	pkg:deb/debian/node-ua-parser-js@0.8.1%2Bds%2B~0.7.36-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-ua-parser-js@0.8.1%252Bds%252B~0.7.36-3%3Fdistro=trixie

aliases CVE-2020-7793, GHSA-394c-5j6w-4xmx

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6c98-q4en-3uek

url VCID-dmh1-fut8-2ygz

vulnerability_id VCID-dmh1-fut8-2ygz

summary

Embedded malware in ua-parser-js
The npm package `ua-parser-js` had three versions published with malicious code. Users of affected versions (0.7.29, 0.8.0, 1.0.0) should upgrade as soon as possible and check their systems for suspicious activity. See [this issue](https://github.com/faisalman/ua-parser-js/issues/536) for details as they unfold.

Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-4229

reference_id

reference_type

scores

value	0.00863
scoring_system	epss
scoring_elements	0.75039
published_at	2026-04-07T12:55:00Z

value	0.00863
scoring_system	epss
scoring_elements	0.7511
published_at	2026-04-21T12:55:00Z

value	0.00863
scoring_system	epss
scoring_elements	0.7512
published_at	2026-04-18T12:55:00Z

value	0.00863
scoring_system	epss
scoring_elements	0.75113
published_at	2026-04-16T12:55:00Z

value	0.00863
scoring_system	epss
scoring_elements	0.75075
published_at	2026-04-13T12:55:00Z

value	0.00863
scoring_system	epss
scoring_elements	0.75034
published_at	2026-04-02T12:55:00Z

value	0.00863
scoring_system	epss
scoring_elements	0.75085
published_at	2026-04-09T12:55:00Z

value	0.00863
scoring_system	epss
scoring_elements	0.75073
published_at	2026-04-08T12:55:00Z

value	0.00863
scoring_system	epss
scoring_elements	0.75063
published_at	2026-04-04T12:55:00Z

value	0.00863
scoring_system	epss
scoring_elements	0.75086
published_at	2026-04-12T12:55:00Z

value	0.00863
scoring_system	epss
scoring_elements	0.75107
published_at	2026-04-11T12:55:00Z

value	0.00863
scoring_system	epss
scoring_elements	0.75031
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-4229

reference_url

https://github.com/faisalman/ua-parser-js

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/faisalman/ua-parser-js

reference_url

https://github.com/faisalman/ua-parser-js/issues/536

reference_id

reference_type

scores

value	5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T17:14:48Z/

url

https://github.com/faisalman/ua-parser-js/issues/536

reference_url

https://github.com/faisalman/ua-parser-js/issues/536#issuecomment-949772496

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/faisalman/ua-parser-js/issues/536#issuecomment-949772496

reference_url	https://us-cert.cisa.gov/ncas/current-activity/2021/10/22/malware-discovered-popular-npm-package-ua-parser-js
reference_id
reference_type
scores
url	https://us-cert.cisa.gov/ncas/current-activity/2021/10/22/malware-discovered-popular-npm-package-ua-parser-js

reference_url

https://www.npmjs.com/package/ua-parser-js

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.npmjs.com/package/ua-parser-js

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2021-4229
reference_id	CVE-2021-4229
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2021-4229

reference_url

https://github.com/advisories/GHSA-pjwm-rvh2-c87w

reference_id

GHSA-pjwm-rvh2-c87w

reference_type

scores

value	5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T17:14:48Z/

url

https://github.com/advisories/GHSA-pjwm-rvh2-c87w

fixed_packages

url	pkg:deb/debian/node-ua-parser-js@0?distro=trixie
purl	pkg:deb/debian/node-ua-parser-js@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-ua-parser-js@0%3Fdistro=trixie

url pkg:deb/debian/node-ua-parser-js@0.7.24%2Bds-1?distro=trixie

purl pkg:deb/debian/node-ua-parser-js@0.7.24%2Bds-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jzj3-ddrr-u7hd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-ua-parser-js@0.7.24%252Bds-1%3Fdistro=trixie

url	pkg:deb/debian/node-ua-parser-js@0.8.1%2Bds%2B~0.7.36-3?distro=trixie
purl	pkg:deb/debian/node-ua-parser-js@0.8.1%2Bds%2B~0.7.36-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-ua-parser-js@0.8.1%252Bds%252B~0.7.36-3%3Fdistro=trixie

aliases CVE-2021-4229, GHSA-pjwm-rvh2-c87w, GMS-2021-1

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dmh1-fut8-2ygz

url VCID-j1g9-gab7-cbch

vulnerability_id VCID-j1g9-gab7-cbch

summary

Regular Expression Denial of Service (ReDoS) in ua-parser-js
ua-parser-js >= 0.7.14, fixed in 0.7.24, uses a regular expression which is vulnerable to denial of service. If an attacker sends a malicious User-Agent header, ua-parser-js will get stuck processing it for an extended period of time.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27292.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27292.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-27292

reference_id

reference_type

scores

value	0.00266
scoring_system	epss
scoring_elements	0.50132
published_at	2026-04-21T12:55:00Z

value	0.00266
scoring_system	epss
scoring_elements	0.50158
published_at	2026-04-18T12:55:00Z

value	0.00266
scoring_system	epss
scoring_elements	0.50114
published_at	2026-04-13T12:55:00Z

value	0.00266
scoring_system	epss
scoring_elements	0.50117
published_at	2026-04-12T12:55:00Z

value	0.00266
scoring_system	epss
scoring_elements	0.50144
published_at	2026-04-11T12:55:00Z

value	0.00266
scoring_system	epss
scoring_elements	0.50133
published_at	2026-04-08T12:55:00Z

value	0.00266
scoring_system	epss
scoring_elements	0.50129
published_at	2026-04-04T12:55:00Z

value	0.00266
scoring_system	epss
scoring_elements	0.50079
published_at	2026-04-07T12:55:00Z

value	0.00266
scoring_system	epss
scoring_elements	0.50066
published_at	2026-04-01T12:55:00Z

value	0.00266
scoring_system	epss
scoring_elements	0.50126
published_at	2026-04-09T12:55:00Z

value	0.00266
scoring_system	epss
scoring_elements	0.50101
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-27292

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27292
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27292

reference_url

https://gist.github.com/b-c-ds/6941d80d6b4e694df4bc269493b7be76

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://gist.github.com/b-c-ds/6941d80d6b4e694df4bc269493b7be76

reference_url

https://github.com/faisalman/ua-parser-js/commit/809439e20e273ce0d25c1d04e111dcf6011eb566

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/faisalman/ua-parser-js/commit/809439e20e273ce0d25c1d04e111dcf6011eb566

reference_url

https://github.com/pygments/pygments/commit/2e7e8c4a7b318f4032493773732754e418279a14

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pygments/pygments/commit/2e7e8c4a7b318f4032493773732754e418279a14

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-27292

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-27292

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1940613
reference_id	1940613
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1940613

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985568
reference_id	985568
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985568

reference_url

https://github.com/advisories/GHSA-78cj-fxph-m83p

reference_id

GHSA-78cj-fxph-m83p

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-78cj-fxph-m83p

reference_url	https://access.redhat.com/errata/RHSA-2021:2438
reference_id	RHSA-2021:2438
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2438

reference_url	https://access.redhat.com/errata/RHSA-2021:3024
reference_id	RHSA-2021:3024
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3024

reference_url	https://access.redhat.com/errata/RHSA-2022:0226
reference_id	RHSA-2022:0226
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0226

reference_url	https://access.redhat.com/errata/RHSA-2022:0227
reference_id	RHSA-2022:0227
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0227

reference_url	https://access.redhat.com/errata/RHSA-2022:0230
reference_id	RHSA-2022:0230
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0230

fixed_packages

url pkg:deb/debian/node-ua-parser-js@0.7.24%2Bds-1?distro=trixie

purl pkg:deb/debian/node-ua-parser-js@0.7.24%2Bds-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jzj3-ddrr-u7hd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-ua-parser-js@0.7.24%252Bds-1%3Fdistro=trixie

url	pkg:deb/debian/node-ua-parser-js@0.8.1%2Bds%2B~0.7.36-3?distro=trixie
purl	pkg:deb/debian/node-ua-parser-js@0.8.1%2Bds%2B~0.7.36-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-ua-parser-js@0.8.1%252Bds%252B~0.7.36-3%3Fdistro=trixie

aliases CVE-2021-27292, GHSA-78cj-fxph-m83p

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j1g9-gab7-cbch

url VCID-jzj3-ddrr-u7hd

vulnerability_id VCID-jzj3-ddrr-u7hd

summary

ReDoS Vulnerability in ua-parser-js version
### Description:
A regular expression denial of service (ReDoS) vulnerability has been discovered in `ua-parser-js`.

### Impact:
This vulnerability bypass the library's `MAX_LENGTH` input limit prevention. By crafting a very-very-long user-agent string with specific pattern, an attacker can turn the script to get stuck processing for a very long time which results in a denial of service (DoS) condition.

### Affected Versions:
From version `0.7.30` to before versions `0.7.33` / `1.0.33`.

### Patches:
A patch has been released to remove the vulnerable regular expression, update to version `0.7.33` / `1.0.33` or later.

### References:
[Regular expression Denial of Service - ReDoS](https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS)

### Credits:
Thanks to @Snyk who first reported the issue.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25927.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25927.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-25927

reference_id

reference_type

scores

value	0.01453
scoring_system	epss
scoring_elements	0.80801
published_at	2026-04-12T12:55:00Z

value	0.01453
scoring_system	epss
scoring_elements	0.80833
published_at	2026-04-18T12:55:00Z

value	0.01453
scoring_system	epss
scoring_elements	0.8083
published_at	2026-04-16T12:55:00Z

value	0.01453
scoring_system	epss
scoring_elements	0.80793
published_at	2026-04-13T12:55:00Z

value	0.01453
scoring_system	epss
scoring_elements	0.808
published_at	2026-04-09T12:55:00Z

value	0.01453
scoring_system	epss
scoring_elements	0.80816
published_at	2026-04-11T12:55:00Z

value	0.01453
scoring_system	epss
scoring_elements	0.80791
published_at	2026-04-08T12:55:00Z

value	0.01493
scoring_system	epss
scoring_elements	0.81034
published_at	2026-04-07T12:55:00Z

value	0.01493
scoring_system	epss
scoring_elements	0.81102
published_at	2026-04-21T12:55:00Z

value	0.01803
scoring_system	epss
scoring_elements	0.82772
published_at	2026-04-04T12:55:00Z

value	0.01803
scoring_system	epss
scoring_elements	0.82758
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-25927

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25927
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25927

reference_url

https://github.com/faisalman/ua-parser-js

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/faisalman/ua-parser-js

reference_url

https://github.com/faisalman/ua-parser-js/commit/a6140a17dd0300a35cfc9cff999545f267889411

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-01T18:27:15Z/

url

https://github.com/faisalman/ua-parser-js/commit/a6140a17dd0300a35cfc9cff999545f267889411

reference_url

https://security.snyk.io/vuln/SNYK-JS-UAPARSERJS-3244450

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-01T18:27:15Z/

url

https://security.snyk.io/vuln/SNYK-JS-UAPARSERJS-3244450

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2165020
reference_id	2165020
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2165020

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-25927

reference_id

CVE-2022-25927

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-25927

reference_url

https://github.com/advisories/GHSA-fhg7-m89q-25r3

reference_id

GHSA-fhg7-m89q-25r3

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-fhg7-m89q-25r3

reference_url

https://github.com/faisalman/ua-parser-js/security/advisories/GHSA-fhg7-m89q-25r3

reference_id

GHSA-fhg7-m89q-25r3

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/faisalman/ua-parser-js/security/advisories/GHSA-fhg7-m89q-25r3

reference_url	https://access.redhat.com/errata/RHSA-2023:1428
reference_id	RHSA-2023:1428
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1428

fixed_packages

url	pkg:deb/debian/node-ua-parser-js@0.8.1%2Bds%2B~0.7.36-3?distro=trixie
purl	pkg:deb/debian/node-ua-parser-js@0.8.1%2Bds%2B~0.7.36-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-ua-parser-js@0.8.1%252Bds%252B~0.7.36-3%3Fdistro=trixie

aliases CVE-2022-25927, GHSA-fhg7-m89q-25r3, GMS-2023-120

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jzj3-ddrr-u7hd

url VCID-q32y-yvrx-wkby

vulnerability_id VCID-q32y-yvrx-wkby

summary

Regular Expression Denial of Service in ua-parser-js
The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex for Redmi Phones and Mi Pad Tablets UA.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7733.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7733.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-7733

reference_id

reference_type

scores

value	0.01196
scoring_system	epss
scoring_elements	0.78908
published_at	2026-04-21T12:55:00Z

value	0.01196
scoring_system	epss
scoring_elements	0.78838
published_at	2026-04-01T12:55:00Z

value	0.01196
scoring_system	epss
scoring_elements	0.78845
published_at	2026-04-02T12:55:00Z

value	0.01196
scoring_system	epss
scoring_elements	0.78873
published_at	2026-04-04T12:55:00Z

value	0.01196
scoring_system	epss
scoring_elements	0.78856
published_at	2026-04-07T12:55:00Z

value	0.01196
scoring_system	epss
scoring_elements	0.78881
published_at	2026-04-08T12:55:00Z

value	0.01196
scoring_system	epss
scoring_elements	0.78887
published_at	2026-04-09T12:55:00Z

value	0.01196
scoring_system	epss
scoring_elements	0.78911
published_at	2026-04-18T12:55:00Z

value	0.01196
scoring_system	epss
scoring_elements	0.78895
published_at	2026-04-12T12:55:00Z

value	0.01196
scoring_system	epss
scoring_elements	0.78885
published_at	2026-04-13T12:55:00Z

value	0.01196
scoring_system	epss
scoring_elements	0.78913
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-7733

reference_url

https://github.com/faisalman/ua-parser-js/commit/233d3bae22a795153a7e6638887ce159c63e557d

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/faisalman/ua-parser-js/commit/233d3bae22a795153a7e6638887ce159c63e557d

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-7733

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-7733

reference_url

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBFAISALMAN-674666

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBFAISALMAN-674666

reference_url

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-674665

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-674665

reference_url

https://snyk.io/vuln/SNYK-JS-UAPARSERJS-610226

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JS-UAPARSERJS-610226

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1879733
reference_id	1879733
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1879733

reference_url

https://github.com/advisories/GHSA-662x-fhqg-9p8v

reference_id

GHSA-662x-fhqg-9p8v

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-662x-fhqg-9p8v

reference_url	https://access.redhat.com/errata/RHSA-2021:2865
reference_id	RHSA-2021:2865
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2865

reference_url	https://access.redhat.com/errata/RHSA-2021:4626
reference_id	RHSA-2021:4626
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4626

fixed_packages

url	pkg:deb/debian/node-ua-parser-js@0?distro=trixie
purl	pkg:deb/debian/node-ua-parser-js@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-ua-parser-js@0%3Fdistro=trixie

url pkg:deb/debian/node-ua-parser-js@0.7.24%2Bds-1?distro=trixie

purl pkg:deb/debian/node-ua-parser-js@0.7.24%2Bds-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jzj3-ddrr-u7hd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-ua-parser-js@0.7.24%252Bds-1%3Fdistro=trixie

url	pkg:deb/debian/node-ua-parser-js@0.8.1%2Bds%2B~0.7.36-3?distro=trixie
purl	pkg:deb/debian/node-ua-parser-js@0.8.1%2Bds%2B~0.7.36-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-ua-parser-js@0.8.1%252Bds%252B~0.7.36-3%3Fdistro=trixie

aliases CVE-2020-7733, GHSA-662x-fhqg-9p8v

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q32y-yvrx-wkby

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-ua-parser-js@0.8.1%252Bds%252B~0.7.36-3%3Fdistro=trixie

Package Instance